modulepreload-referrerpolicy.html (6853B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Modulepreload Referrer Policy Tests</title> 5 <meta name="author" title="Google" href="https://www.google.com/"> 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/links.html#link-type-modulepreload"> 7 <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/"> 8 <meta name="assert" content="link rel=modulepreload respects the referrerpolicy attribute"> 9 <!-- 10 This test verifies that modulepreload correctly handles various referrer policies 11 for same-origin requests. It tests all standard referrer policy values: 12 - no-referrer 13 - origin 14 - same-origin 15 - strict-origin 16 - strict-origin-when-cross-origin 17 - unsafe-url 18 Each policy is tested by creating a modulepreload link dynamically with the 19 specific policy and verifying the referrer header that was sent. 20 --> 21 <script src="/resources/testharness.js"></script> 22 <script src="/resources/testharnessreport.js"></script> 23 <script> 24 // Initialize the window.referrers object that will be used by echo-referrer.py 25 window.referrers = {}; 26 </script> 27 </head> 28 <body> 29 <script> 30 // Helper function to create a unique ID for each test 31 function generateUniqueId() { 32 return Date.now() + Math.floor(Math.random() * 1000); 33 } 34 35 // Helper function to create a modulepreload element with a given referrer policy 36 function createModulePreload(url, referrerPolicy = null) { 37 const link = document.createElement('link'); 38 link.rel = 'modulepreload'; 39 link.href = url; 40 41 if (referrerPolicy !== null) { 42 link.referrerPolicy = referrerPolicy; 43 } 44 45 return link; 46 } 47 48 // Helper function to wait for preload completion 49 function waitForPreload(link) { 50 return new Promise((resolve, reject) => { 51 link.onload = resolve; 52 link.onerror = () => reject(new Error("Modulepreload failed to load")); 53 }); 54 } 55 56 // Test default referrer policy behavior 57 promise_test(async t => { 58 const uid = generateUniqueId(); 59 const url = `/preload/resources/echo-referrer.py?uid=${uid}`; 60 61 // First import to establish baseline 62 await import(url); 63 64 // Create modulepreload 65 const link = createModulePreload(url); 66 const preloadComplete = waitForPreload(link); 67 68 document.head.appendChild(link); 69 await preloadComplete; 70 71 // Import again to ensure the module is loaded 72 await import(url); 73 74 // Check if referrer was sent 75 assert_equals(window.referrers[uid], location.href, "Modulepreload should use default referrer policy"); 76 77 }, "Modulepreload should use default referrer policy"); 78 79 // Test explicit no-referrer policy 80 promise_test(async t => { 81 const uid = generateUniqueId(); 82 const url = `/preload/resources/echo-referrer.py?uid=${uid}`; 83 84 // Create modulepreload with no-referrer policy 85 const link = createModulePreload(url, 'no-referrer'); 86 const preloadComplete = waitForPreload(link); 87 88 document.head.appendChild(link); 89 await preloadComplete; 90 91 // Import again to ensure the module is loaded 92 await import(url); 93 94 // Check if referrer was NOT sent 95 assert_equals(window.referrers[uid], "", "Modulepreload with no-referrer policy should not send referrer"); 96 97 }, "Modulepreload with no-referrer policy should not send referrer"); 98 99 // Test origin referrer policy 100 promise_test(async t => { 101 const uid = generateUniqueId(); 102 const url = `/preload/resources/echo-referrer.py?uid=${uid}`; 103 104 // Create modulepreload with origin policy 105 const link = createModulePreload(url, 'origin'); 106 const preloadComplete = waitForPreload(link); 107 108 document.head.appendChild(link); 109 await preloadComplete; 110 111 // Import again to ensure the module is loaded 112 await import(url); 113 114 // Check if origin-only referrer was sent 115 assert_equals(window.referrers[uid], location.origin + "/", "Modulepreload with origin policy should send origin-only referrer"); 116 117 }, "Modulepreload with origin policy should send origin-only referrer"); 118 119 // Test same-origin referrer policy 120 promise_test(async t => { 121 const uid = generateUniqueId(); 122 const url = `/preload/resources/echo-referrer.py?uid=${uid}`; 123 124 // Create modulepreload with same-origin policy 125 const link = createModulePreload(url, 'same-origin'); 126 const preloadComplete = waitForPreload(link); 127 128 document.head.appendChild(link); 129 await preloadComplete; 130 131 // Import again to ensure the module is loaded 132 await import(url); 133 134 // Check if full referrer was sent (for same-origin requests) 135 assert_equals(window.referrers[uid], location.href, "Modulepreload with same-origin policy should send full referrer for same-origin requests"); 136 137 }, "Modulepreload with same-origin policy should send full referrer for same-origin requests"); 138 139 // Test strict-origin referrer policy 140 promise_test(async t => { 141 const uid = generateUniqueId(); 142 const url = `/preload/resources/echo-referrer.py?uid=${uid}`; 143 144 // Create modulepreload with strict-origin policy 145 const link = createModulePreload(url, 'strict-origin'); 146 const preloadComplete = waitForPreload(link); 147 148 document.head.appendChild(link); 149 await preloadComplete; 150 151 // Import again to ensure the module is loaded 152 await import(url); 153 154 // Check if origin-only referrer was sent 155 assert_equals(window.referrers[uid], location.origin + "/", "Modulepreload with strict-origin policy should send origin-only referrer"); 156 157 }, "Modulepreload with strict-origin policy should send origin-only referrer"); 158 159 // Test strict-origin-when-cross-origin referrer policy 160 promise_test(async t => { 161 const uid = generateUniqueId(); 162 const url = `/preload/resources/echo-referrer.py?uid=${uid}`; 163 164 // Create modulepreload with strict-origin-when-cross-origin policy 165 const link = createModulePreload(url, 'strict-origin-when-cross-origin'); 166 const preloadComplete = waitForPreload(link); 167 168 document.head.appendChild(link); 169 await preloadComplete; 170 171 // Import again to ensure the module is loaded 172 await import(url); 173 174 // For same-origin requests, full URL should be sent 175 assert_equals(window.referrers[uid], location.href, "Modulepreload with strict-origin-when-cross-origin policy should send full referrer for same-origin requests"); 176 177 }, "Modulepreload with strict-origin-when-cross-origin policy should send full referrer for same-origin requests"); 178 179 // Test unsafe-url referrer policy 180 promise_test(async t => { 181 const uid = generateUniqueId(); 182 const url = `/preload/resources/echo-referrer.py?uid=${uid}`; 183 184 // Create modulepreload with unsafe-url policy 185 const link = createModulePreload(url, 'unsafe-url'); 186 const preloadComplete = waitForPreload(link); 187 188 document.head.appendChild(link); 189 await preloadComplete; 190 191 // Import again to ensure the module is loaded 192 await import(url); 193 194 // Check if full referrer was sent 195 assert_equals(window.referrers[uid], location.href, "Modulepreload with unsafe-url policy should send full referrer"); 196 197 }, "Modulepreload with unsafe-url policy should send full referrer"); 198 </script> 199 </body> 200 </html>