referrer-strict-policies.sub.html (1552B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Referrer with the strict-origin referrer policy</title> 5 <meta name="referrer" content="strict-origin"> 6 <script src="/resources/testharness.js"></script> 7 <script src="/resources/testharnessreport.js"></script> 8 </head> 9 <body> 10 <script type="module"> 11 12 // "name" parameter is necessary for bypassing the module map in descendant import. 13 14 import { referrer as insecureImport } from "./resources/import-referrer-checker-insecure.sub.js?name=insecure_import"; 15 import { referrer as secureImport } from "https://{{domains[www]}}:{{ports[https][0]}}/html/semantics/scripting-1/the-script-element/module/resources/import-referrer-checker-insecure.sub.js?name=secure_import"; 16 17 const origin = (new URL(location.href)).origin + "/"; 18 19 test(t => { 20 assert_equals( 21 insecureImport, origin, 22 "A document with the strict-origin referrer policy served over HTTP, " + 23 "imports an module script over HTTP, that imports a descendant script " + 24 "over HTTP. The request for the descendant script is sent with a " + 25 "`Referer` header with the page's origin"); 26 27 assert_equals( 28 secureImport, "", 29 "A document with the strict-origin referrer policy served over HTTP, " + 30 "imports an module script over HTTPS, that imports a descendant script " + 31 "over HTTP. The request for the descendant script is sent with no " + 32 "`Referer` header"); 33 }, "The strict-* referrer policies compare the trustworthiness of a " + 34 "request's referrer string against its URL"); 35 36 </script> 37 </body> 38 </html>