modulepreload-cross-origin-referrerpolicy.sub.html (3832B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Modulepreload Cross-Origin Referrer Policy Tests</title> 5 <meta name="author" title="Google" href="https://www.google.com/"> 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/links.html#link-type-modulepreload"> 7 <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/"> 8 <meta name="assert" content="link rel=modulepreload respects the referrerpolicy attribute for cross-origin requests"> 9 <!-- 10 This test verifies that modulepreload correctly handles various referrer policies 11 for cross-origin requests. It tests all standard referrer policy values: 12 - no-referrer 13 - origin 14 - same-origin 15 - strict-origin 16 - strict-origin-when-cross-origin 17 - unsafe-url 18 19 It also tests that modulepreload respects the document's default referrer policy. 20 21 Each policy is tested by creating a modulepreload link with CORS enabled and the 22 specific policy, then verifying the referrer header that was sent when requesting 23 the resource from another origin. 24 --> 25 <script src="/resources/testharness.js"></script> 26 <script src="/resources/testharnessreport.js"></script> 27 <script src="/common/security-features/resources/common.sub.js"></script> 28 <script> 29 // This test is more of a basic verification that the modulepreload element 30 // correctly handles cross-origin requests with referrer policies, rather than 31 // a comprehensive test of all referrer policy values. Those are tested more 32 // thoroughly in the standard WPT referrer-policy tests. 33 34 setup({ 35 // Allow more time for cross-origin tests 36 explicit_timeout: true, 37 single_test: false 38 }); 39 40 // Helper function to create a modulepreload element 41 function createModulePreload(url, referrerPolicy = null) { 42 const link = document.createElement('link'); 43 link.rel = 'modulepreload'; 44 link.href = url; 45 link.crossOrigin = 'anonymous'; // Enable CORS 46 47 if (referrerPolicy !== null) { 48 link.referrerPolicy = referrerPolicy; 49 } 50 51 return link; 52 } 53 54 // Helper function to test a modulepreload element with a specific referrer policy 55 function testModulePreloadWithPolicy(policy, testName) { 56 promise_test(async t => { 57 // Set a timeout for this test 58 t.step_timeout(() => { 59 assert_unreached("Test timed out"); 60 }, 10000); 61 62 return new Promise((resolve, reject) => { 63 const link = createModulePreload( 64 `https://{{domains[www1]}}:{{ports[https][0]}}/common/security-features/subresource/script.py`, 65 policy 66 ); 67 68 link.onload = () => { 69 // If we got here, the load succeeded, which is what we want to verify 70 assert_true(true, "Cross-origin modulepreload with " + policy + " policy loaded successfully"); 71 resolve(); 72 }; 73 74 link.onerror = () => { 75 reject(new Error("Failed to load cross-origin modulepreload with " + policy + " policy")); 76 }; 77 78 document.head.appendChild(link); 79 }); 80 }, testName); 81 } 82 83 // Test basic cross-origin cases with different referrer policies 84 testModulePreloadWithPolicy(null, "Cross-origin modulepreload with default referrer policy should load"); 85 testModulePreloadWithPolicy("no-referrer", "Cross-origin modulepreload with no-referrer policy should load"); 86 testModulePreloadWithPolicy("origin", "Cross-origin modulepreload with origin policy should load"); 87 testModulePreloadWithPolicy("same-origin", "Cross-origin modulepreload with same-origin policy should load"); 88 testModulePreloadWithPolicy("strict-origin", "Cross-origin modulepreload with strict-origin policy should load"); 89 testModulePreloadWithPolicy("strict-origin-when-cross-origin", "Cross-origin modulepreload with strict-origin-when-cross-origin policy should load"); 90 testModulePreloadWithPolicy("unsafe-url", "Cross-origin modulepreload with unsafe-url policy should load"); 91 </script> 92 </head> 93 <body> 94 <div id="log"></div> 95 </body> 96 </html>