diff options
Diffstat (limited to 'testing/web-platform/tests/referrer-policy/unsafe-url')
204 files changed, 6000 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..1d4be3c77 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..715150770 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the attr-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..814b6d9ba --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..3bb871203 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..8a8a459f9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the attr-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..04ae66bd2 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..4947e50aa --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..39deeac30 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the attr-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..334ebae52 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..ca1f0a68f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..f813f24a6 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the attr-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..d3272c435 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..22800cf4b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..ceaa0164e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the attr-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..5117c0f4d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..d891987d3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..246089208 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the attr-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..10fc2a00f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..9d504a970 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..5fc928a3c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the attr-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..01d2abbb8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..2b520ff43 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the attr-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..7a2fb09fc --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the attr-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..7612d5ef6 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the attr-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "attr-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..53ab93a35 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..ae0a512ba --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..1360c04c3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..e608f52cb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..e8b105995 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..0755eaf96 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..6c873e8f0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..e9d9d2469 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..78b871570 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..a38b20f17 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..a7fd03c43 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..06b2b252f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..49c3ec58e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..163b8c8a0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..c28550135 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..608035538 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..046b25859 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..59bf756b8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..eee0a3f8b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..57f1a9d04 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..fdb7033c4 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..7168479ac --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..5689889eb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..678d95524 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..73cabcfd9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..fccf29967 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..174c0feac --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..832ceb02e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..4ce779935 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..664cb7e3d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..2ce45af4c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..038a0b2dd --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..78b340afe --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..12446ba14 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..70a115d87 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..7a083ea6c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..12871fac6 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..abd803c44 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..02e9b92a2 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..435281a74 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..dbdf2d6fb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..e1643fd37 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..89acf024f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..9f4319130 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..5e492ca91 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..54a2fc322 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..e6775088a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..c2bccdf77 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..79cd63640 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..4fc687f97 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..3a24da90c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..95154a991 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..501e8ed24 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..a49c2a05c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..77d22e913 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..6ab0525a9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..22057804a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..980c4a9aa --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..42c0c4b6f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..efb989ee3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..15120a2dc --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..dea4a85cf --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..c46cbb6a1 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..e89ee7f89 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..875901b25 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..82858ef62 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..775bf93fa --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..41560ae8c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..03073d50e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..5a1e1ccc6 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..5dab67170 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..50447b968 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..e4d2e2c77 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..374f5c0ea --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..f02d54bd7 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..71778ee0c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..6f34ef157 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..ebd930f69 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..18e6eb2b4 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..fc44e3e25 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..5c8822601 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..ebf71f175 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..bf6262f26 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..f591cbef0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..ba2d54d62 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..e8b0aa9e8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..a34ce0378 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..6482686b5 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..2610bb065 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..740895b80 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..681dab44c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..d72aeb785 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..77c3c68a7 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..e5592cd08 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..a87451fbd --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..631e1477c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..0cbf66fed --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..43dc43d04 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..7fe2baacf --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..e1db3d1e5 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..404392c8e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..18cd15910 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..34c729544 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..6386f26a9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..e9ffeeba0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..d3cc95adf --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..dbd4183bd --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..6e07cfb09 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..8c54512a9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..07e669ccf --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..ec2e9c647 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..da52ddcc8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..38e401993 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..3ae164bf1 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..759728b00 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..7b73c8ded --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..379763fc3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..90417e90e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..a4e1bee0d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..4780d0d49 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> |