commit f6fdd9f33ac360aeaed64addc2737a0cf4d7f1a6 parent 51dbb31c2a60a1a864ea226e90a95f59a01667ba Author: Divyansh Mangal <dmangal@microsoft.com> Date: Mon, 27 Oct 2025 10:02:11 +0000 Bug 1995795 [wpt PR 55597] - [SVG] Support `ping`, `hreflang`, `type` and `referrerPolicy` for SVGAElement, a=testonly Automatic update from web-platform-tests [SVG] Support `ping`, `hreflang`, `type` and `referrerPolicy` for SVGAElement SVG 2.0[1] includes support for attributes like `ping`, `hreflang`, `type` and `referrerPolicy` for SVGAElement, similar to HTMLAnchorElement. Currently, Chromium does not support these attributes for SVGAElement. This CL adds support for these attributes and add new WPTs to test them. Note: With this CL all attributes of SVGAElement will align with the spec [1]. I2S: https://chromestatus.com/feature/5140707648077824 [1] https://svgwg.org/svg2-draft/linking.html#InterfaceSVGAElement Bug: 40589293 Change-Id: I1114b1e7ec4a4fa72cfbdc55b2e68dd5f308795a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7008071 Reviewed-by: Fredrik Söderquist <fs@opera.com> Commit-Queue: Divyansh Mangal <dmangal@microsoft.com> Cr-Commit-Position: refs/heads/main@{#1533687} -- wpt-commits: 462307af0d6663f56b0e042fba65c9a10ea412bb wpt-pr: 55597 Diffstat:
107 files changed, 7507 insertions(+), 3 deletions(-)
diff --git a/testing/web-platform/tests/common/security-features/resources/common.sub.js b/testing/web-platform/tests/common/security-features/resources/common.sub.js @@ -166,7 +166,7 @@ function setAttributes(el, attrs) { attrs = attrs || {} for (var attr in attrs) { if (attr !== 'src') - el.setAttribute(attr, attrs[attr]); + el.setAttribute(attr.toLowerCase(), attrs[attr]); } // Workaround for Chromium: set <img>'s src attribute after all other // attributes to ensure the policy is applied. @@ -827,6 +827,54 @@ function requestViaWebSocket(url) { } /** + * Creates a svg anchor element and the corresponding svg setup, appends the + * setup to {@code document.body} and performs the navigation. + * @param {string} url The URL to navigate to. + * @return {Promise} The promise for success/error events. + */ +function requestViaSVGAnchor(url, additionalAttributes) { + const name = guid(); + + const iframe = + createElement("iframe", { "name": name, "id": name }, document.body, false); + + // Create SVG container + const svg = document.createElementNS("http://www.w3.org/2000/svg", "svg"); + + // Create SVG anchor element + const svgAnchor = document.createElementNS("http://www.w3.org/2000/svg", "a"); + const link_attributes = Object.assign({ "href": url, "target": name }, additionalAttributes); + setAttributes(svgAnchor, link_attributes); + + // Add some text content for the anchor + const text = document.createElementNS("http://www.w3.org/2000/svg", "text"); + text.setAttribute("y", "50"); + text.textContent = "SVG Link to resource"; + + svgAnchor.appendChild(text); + svg.appendChild(svgAnchor); + document.body.appendChild(svg); + + const promise = + bindEvents2(window, "message", iframe, "error", window, "error") + .then(event => { + if (event.source !== iframe.contentWindow) + return Promise.reject(new Error('Unexpected event.source')); + return event.data; + }); + + // Simulate a click event on the SVG anchor + const event = new MouseEvent('click', { + view: window, + bubbles: true, + cancelable: true + }); + svgAnchor.dispatchEvent(event); + + return promise; +} + +/** @typedef SubresourceType @type {string} @@ -892,6 +940,10 @@ const subresourceMap = { path: "/common/security-features/subresource/script.py", invoker: requestViaDynamicImport, }, + "svg-a-tag": { + path: "/common/security-features/subresource/document.py", + invoker: requestViaSVGAnchor, + }, "video-tag": { path: "/common/security-features/subresource/video.py", invoker: requestViaVideo, diff --git a/testing/web-platform/tests/common/security-features/tools/spec.src.json b/testing/web-platform/tests/common/security-features/tools/spec.src.json @@ -111,6 +111,7 @@ "sharedworker-import", "sharedworker-import-data", "sharedworker-module", + "svg-a-tag", "video-tag", "worker-classic", "worker-import", @@ -513,6 +514,7 @@ "sharedworker-import", "sharedworker-import-data", "sharedworker-module", + "svg-a-tag", "video-tag", "websocket", "worker-classic", diff --git a/testing/web-platform/tests/common/security-features/tools/spec_validator.py b/testing/web-platform/tests/common/security-features/tools/spec_validator.py @@ -113,7 +113,7 @@ def validate(spec_json, details): valid_subresource_names = [ "a-tag", "area-tag", "audio-tag", "form-tag", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", - "script-tag", "script-tag-dynamic-import", "video-tag" + "script-tag", "script-tag-dynamic-import", "svg-a-tag", "video-tag" ] + ["beacon", "fetch", "xhr", "websocket"] + [ "worker-classic", "worker-module", "worker-import", "worker-import-data", "sharedworker-classic", "sharedworker-module", diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/no-referrer/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/same-origin/svg-a-tag.http.html @@ -0,0 +1,86 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/strict-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "http-rp", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/unset/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.http-rp/unset/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/always/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/always/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/default/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/default/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/never/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/never/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/no-referrer/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/origin-when-crossorigin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/origin-when-crossorigin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/same-origin/svg-a-tag.http.html @@ -0,0 +1,86 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/strict-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/iframe.meta/unset/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/iframe.meta/unset/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "iframe" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/no-referrer/svg-a-tag.http.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/origin/svg-a-tag.http.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/same-origin/svg-a-tag.http.html @@ -0,0 +1,71 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/strict-origin/svg-a-tag.http.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/req.attr/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/req.attr/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [ + { + "deliveryType": "attr", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: no-referrer-when-downgrade diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/no-referrer/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: no-referrer diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin-when-cross-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin-when-cross-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: origin-when-cross-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: origin diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/same-origin/svg-a-tag.http.html @@ -0,0 +1,67 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/same-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/same-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: same-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: strict-origin-when-cross-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/strict-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: strict-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/unsafe-url/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/unsafe-url/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: unsafe-url diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/unset/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.http-rp/unset/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/always/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/always/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="always"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/default/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/default/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="default"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/never/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/never/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="never"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer-when-downgrade"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/no-referrer/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="origin-when-cross-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/origin-when-crossorigin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/origin-when-crossorigin/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="origin-when-crossorigin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/origin/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/same-origin/svg-a-tag.http.html @@ -0,0 +1,68 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="same-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="strict-origin-when-cross-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/strict-origin/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="strict-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,83 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/unset/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc-inherit.meta/unset/svg-a-tag.http.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/always/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/always/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "always" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/default/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/default/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "default" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/never/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/never/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "never" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer-when-downgrade" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/no-referrer/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "no-referrer" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/origin-when-crossorigin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/origin-when-crossorigin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin-when-crossorigin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/same-origin/svg-a-tag.http.html @@ -0,0 +1,86 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "same-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin-when-cross-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/strict-origin/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "strict-origin" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/srcdoc.meta/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,107 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [ + { + "policyDeliveries": [ + { + "deliveryType": "meta", + "key": "referrerPolicy", + "value": "unsafe-url" + } + ], + "sourceContextType": "srcdoc" + } + ], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer-when-downgrade/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: no-referrer-when-downgrade diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/no-referrer/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: no-referrer diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin-when-cross-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin-when-cross-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: origin-when-cross-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: origin diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/same-origin/svg-a-tag.http.html @@ -0,0 +1,52 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/same-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/same-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: same-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin-when-cross-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: strict-origin-when-cross-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/strict-origin/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: strict-origin diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/unsafe-url/svg-a-tag.http.html.headers b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/unsafe-url/svg-a-tag.http.html.headers @@ -0,0 +1,2 @@ +Access-Control-Allow-Origin: * +Referrer-Policy: unsafe-url diff --git a/testing/web-platform/tests/referrer-policy/gen/top.http-rp/unset/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.http-rp/unset/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/always/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/always/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="always"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/default/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/default/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="default"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/never/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/never/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="never"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/no-referrer-when-downgrade/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/no-referrer-when-downgrade/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer-when-downgrade"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/no-referrer/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/no-referrer/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="no-referrer"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="origin-when-cross-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/origin-when-crossorigin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/origin-when-crossorigin/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="origin-when-crossorigin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/origin/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/same-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/same-origin/svg-a-tag.http.html @@ -0,0 +1,53 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="same-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "omitted", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "omitted", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects omitted for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/strict-origin-when-cross-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/strict-origin-when-cross-origin/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="strict-origin-when-cross-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/strict-origin/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/strict-origin/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="strict-origin"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/unsafe-url/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/unsafe-url/svg-a-tag.http.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta name="referrer" content="unsafe-url"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "stripped-referrer", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-https origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/gen/top.meta/unset/svg-a-tag.http.html b/testing/web-platform/tests/referrer-policy/gen/top.meta/unset/svg-a-tag.http.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec referrer-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "origin", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to cross-https origin and no-redirect redirection from http context." + }, + { + "expectation": "origin", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects origin for svg-a-tag to same-https origin and no-redirect redirection from http context." + }, + { + "expectation": "stripped-referrer", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "svg-a-tag", + "subresource_policy_deliveries": [], + "test_description": "Referrer Policy: Expects stripped-referrer for svg-a-tag to same-http origin and no-redirect redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/spec.src.json b/testing/web-platform/tests/referrer-policy/spec.src.json @@ -860,7 +860,8 @@ "origin": "*", "subresource": [ "a-tag", - "area-tag" + "area-tag", + "svg-a-tag" ], "expectation": "*" }, @@ -1086,6 +1087,9 @@ "sharedworker-import": [], "sharedworker-import-data": [], "sharedworker-module": [], + "svg-a-tag": [ + "attr" + ], "video-tag": [], "websocket": [], "worker-classic": [], diff --git a/testing/web-platform/tests/svg/linking/scripted/a.ping-functionality.html b/testing/web-platform/tests/svg/linking/scripted/a.ping-functionality.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SVG anchor ping attribute functionality</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resource-timing/resources/observe-entry.js"></script> +<svg> + <a id="pingAnchor" href="#" ping="/xhr/resources/delay.py?ms=100">Test Link</a> +</svg> +<script> + promise_test(async t => { + const anchor = document.getElementById('pingAnchor'); + const pingUrl = '/xhr/resources/delay.py?ms=100'; + + // Simulate click event + const clickEvent = new MouseEvent('click', { + view: window, + bubbles: true, + cancelable: true + }); + + anchor.dispatchEvent(clickEvent); + + // Wait for the ping request to be sent + const entry = await observe_entry(pingUrl); + assert_equals(entry.initiatorType, 'ping'); + assert_greater_than(entry.duration, 99); + }, "SVG anchor with ping attribute should send ping on click"); + + promise_test(async t => { + const svg = document.querySelector('svg'); + const anchor = document.createElementNS('http://www.w3.org/2000/svg', 'a'); + const pingUrl = '/xhr/resources/delay.py?ms=200&id=multiple'; + + anchor.setAttribute('href', '#'); + anchor.setAttribute('ping', pingUrl + ' ' + pingUrl + '2'); + anchor.textContent = 'Multiple Ping Link'; + svg.appendChild(anchor); + + const clickEvent = new MouseEvent('click', { + view: window, + bubbles: true, + cancelable: true + }); + + anchor.dispatchEvent(clickEvent); + + // Wait for both ping requests + const entry1 = await observe_entry(pingUrl); + const entry2 = await observe_entry(pingUrl + '2'); + + assert_equals(entry1.initiatorType, 'ping'); + assert_equals(entry2.initiatorType, 'ping'); + }, "SVG anchor with multiple ping URLs should send multiple pings"); + + test(function() { + const anchor = document.createElementNS('http://www.w3.org/2000/svg', 'a'); + anchor.setAttribute('ping', 'https://example.com/ping1 https://example.com/ping2'); + + assert_equals(anchor.ping, 'https://example.com/ping1 https://example.com/ping2'); + + anchor.ping = 'https://example.com/ping3'; + assert_equals(anchor.getAttribute('ping'), 'https://example.com/ping3'); + assert_equals(anchor.ping, 'https://example.com/ping3'); + }, "SVG anchor ping attribute should be settable via ping IDL attribute"); +</script>