Diff
Modified: trunk/LayoutTests/ChangeLog (232309 => 232310)
--- trunk/LayoutTests/ChangeLog 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/LayoutTests/ChangeLog 2018-05-30 21:30:21 UTC (rev 232310)
@@ -1,3 +1,25 @@
+2018-05-30 Chris Dumez <[email protected]>
+
+ Referrer-Policy response header is ignored
+ https://bugs.webkit.org/show_bug.cgi?id=186037
+ <rdar://problem/40600335>
+
+ Reviewed by Youenn Fablet.
+
+ Add layout test coverage.
+
+ * http/tests/security/referrer-policy-header-and-meta-tag-emptyString-expected.txt: Added.
+ * http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html: Added.
+ * http/tests/security/referrer-policy-header-and-meta-tag-expected.txt: Added.
+ * http/tests/security/referrer-policy-header-and-meta-tag.html: Added.
+ * http/tests/security/referrer-policy-header-expected.txt: Added.
+ * http/tests/security/referrer-policy-header.html: Added.
+ * http/tests/security/referrer-policy-invalid-expected.txt:
+ * http/tests/security/referrer-policy-invalid.html:
+ * http/tests/security/resources/postReferrer.php: Added.
+ * http/tests/security/resources/serve-referrer-policy-and-meta-tag.php: Added.
+ * http/tests/security/resources/serve-referrer-policy-and-test.php: Added.
+
2018-05-30 Youenn Fablet <[email protected]>
Rename CrossOriginResourcePolicy same to same-origin
Added: trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString-expected.txt (0 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString-expected.txt 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,10 @@
+Tests that referrer policy from meta tag does not override the HTTP header one if it is the empty string.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS actualReferrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html (0 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+description("Tests that referrer policy from meta tag does not override the HTTP header one if it is the empty string.");
+jsTestIsAsync = true;
+
+_onmessage_ = (msg) => {
+ actualReferrer = msg.data;
+ shouldBeEqualToString("actualReferrer", "");
+
+ frame.remove();
+ finishJSTest();
+}
+
+_onload_ = () => {
+ frame = document.createElement("iframe");
+ frame.src = ""
+ document.body.appendChild(frame);
+}
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-expected.txt (0 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-expected.txt 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,10 @@
+Tests that referrer policy from meta tag overrides the HTTP header one.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS actualReferrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html (0 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+description("Tests that referrer policy from meta tag overrides the HTTP header one.");
+jsTestIsAsync = true;
+
+_onmessage_ = (msg) => {
+ actualReferrer = msg.data;
+ shouldBeEqualToString("actualReferrer", "");
+
+ frame.remove();
+ finishJSTest();
+}
+
+_onload_ = () => {
+ frame = document.createElement("iframe");
+ frame.src = ""
+ document.body.appendChild(frame);
+}
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/referrer-policy-header-expected.txt (0 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-expected.txt 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,201 @@
+CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+Tests support for Referrer-Policy HTTP header.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Testing 'Referrer-Policy: no-referrer' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: no-referrer' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: no-referrer' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: strict-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: strict-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: strict-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0"
+
+Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? false
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: no-referrer' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: no-referrer' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: no-referrer' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: unsafe-url' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=unsafe-url&destinationOrigin=http://127.0.0.1:8000/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=no-referrer-when-downgrade&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: no-referrer-when-downgrade' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=same-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: same-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: strict-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: strict-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: strict-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=strict-origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: strict-origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=origin-when-cross-origin&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: origin-when-cross-origin' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/"
+
+Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
+PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.php?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1"
+
+Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: http://127.0.0.1:8000/ - isMultipartResponse? true
+PASS actualReferrer is ""
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/security/referrer-policy-header.html (0 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header.html 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+description("Tests support for Referrer-Policy HTTP header.");
+jsTestIsAsync = true;
+
+const sourceOrigin = "https://127.0.0.1:8443/";
+const crossOrigin = "https://localhost:8443/";
+const downgradedOrigin = "http://127.0.0.1:8000/";
+const fullSourceURL = "fullSourceURL";
+
+// [Referrer-Policy header, expected referrer, destination origin].
+let tests = [
+ ["no-referrer", "", crossOrigin],
+ ["no-referrer", "", sourceOrigin],
+ ["no-referrer", "", downgradedOrigin],
+ ["origin", sourceOrigin, crossOrigin],
+ ["origin", sourceOrigin, sourceOrigin],
+ ["origin", sourceOrigin, downgradedOrigin],
+ ["unsafe-url", fullSourceURL, crossOrigin],
+ ["unsafe-url", fullSourceURL, sourceOrigin],
+ ["unsafe-url", fullSourceURL, downgradedOrigin],
+ ["no-referrer-when-downgrade", fullSourceURL, crossOrigin],
+ ["no-referrer-when-downgrade", fullSourceURL, sourceOrigin],
+ ["no-referrer-when-downgrade", "", downgradedOrigin],
+ ["same-origin", "", crossOrigin],
+ ["same-origin", fullSourceURL, sourceOrigin],
+ ["same-origin", "", downgradedOrigin],
+ ["strict-origin", sourceOrigin, crossOrigin],
+ ["strict-origin", sourceOrigin, sourceOrigin],
+ ["strict-origin", "", downgradedOrigin],
+ ["strict-origin-when-cross-origin", sourceOrigin, crossOrigin],
+ ["strict-origin-when-cross-origin", fullSourceURL, sourceOrigin],
+ ["strict-origin-when-cross-origin", "", downgradedOrigin],
+ ["origin-when-cross-origin", sourceOrigin, crossOrigin],
+ ["origin-when-cross-origin", fullSourceURL, sourceOrigin],
+ ["origin-when-cross-origin", sourceOrigin, downgradedOrigin],
+ ["invalid", fullSourceURL, crossOrigin],
+ ["invalid", fullSourceURL, sourceOrigin],
+ ["invalid", "", downgradedOrigin],
+ ["", fullSourceURL, crossOrigin],
+ ["", fullSourceURL, sourceOrigin],
+ ["", "", downgradedOrigin],
+];
+
+let currentTestIndex = 0;
+let isTestingMultipart = false;
+
+_onmessage_ = (msg) => {
+ actualReferrer = msg.data;
+ if (currentTest[1] === fullSourceURL)
+ shouldBeEqualToString("actualReferrer", sourceOrigin + "security/resources/serve-referrer-policy-and-test.php?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0"));
+ else
+ shouldBeEqualToString("actualReferrer", "" + currentTest[1]);
+ debug("");
+
+ frame.remove();
+ currentTestIndex++;
+ runNextTest();
+}
+
+function runNextTest()
+{
+ if (currentTestIndex >= tests.length) {
+ if (!isTestingMultipart) {
+ isTestingMultipart = true;
+ currentTestIndex = 0;
+ } else {
+ finishJSTest();
+ return;
+ }
+ }
+
+ currentTest = tests[currentTestIndex];
+ debug("Testing 'Referrer-Policy: " + currentTest[0] + "' - referrer origin: " + sourceOrigin + " - destination origin: " + currentTest[2] + " - isMultipartResponse? " + isTestingMultipart);
+ frame = document.createElement("iframe");
+ frame.src = "" + "security/resources/serve-referrer-policy-and-test.php?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0");
+ document.body.appendChild(frame);
+}
+
+runNextTest();
+</script>
+</body>
+</html>
Modified: trunk/LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt (232309 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt 2018-05-30 21:30:21 UTC (rev 232310)
@@ -1,5 +1,5 @@
-CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'. Defaulting to 'no-referrer'.
-This test checks an invalid referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is empty.
+CONSOLE MESSAGE: line 8: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.
+This test checks an invalid referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is not empty.
@@ -6,6 +6,6 @@
--------
Frame: '<!--frame1-->'
--------
-HTTP Referer header is empty
-Referrer is empty
+HTTP Referer header is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?invalid
+Referrer is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?invalid
Modified: trunk/LayoutTests/http/tests/security/referrer-policy-invalid.html (232309 => 232310)
--- trunk/LayoutTests/http/tests/security/referrer-policy-invalid.html 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-invalid.html 2018-05-30 21:30:21 UTC (rev 232310)
@@ -11,7 +11,7 @@
<body>
<p>
This test checks an invalid referrer policy when navigating from an insecure
-URL to another insecure URL. The test passes if the printed referrer is empty.
+URL to another insecure URL. The test passes if the printed referrer is not empty.
</p>
<iframe src=""
</body>
Added: trunk/LayoutTests/http/tests/security/resources/postReferrer.php (0 => 232310)
--- trunk/LayoutTests/http/tests/security/resources/postReferrer.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/postReferrer.php 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+top.postMessage('<?php echo $_SERVER["HTTP_REFERER"]; ?>', '*');
+</script>
+</body>
Added: trunk/LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.php (0 => 232310)
--- trunk/LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.php 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,15 @@
+<?php
+$meta_value = $_GET["meta_value"];
+
+header('HTTP/1.0 200 OK');
+header('Referrer-Policy: ' . $_GET["http_value"]);
+header("Content-Type: text/html");
+echo("\r\n");
+echo("<!DOCTYPE html>\r\n");
+echo("<html>\r\n");
+echo("<head><meta name='referrer' content='" . $meta_value . "'></head>\r\n");
+echo("<body>\r\n");
+echo("<iframe src=''></iframe>\r\n");
+echo("</body>\r\n");
+echo("</html>\r\n");
+?>
Added: trunk/LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.php (0 => 232310)
--- trunk/LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.php 2018-05-30 21:30:21 UTC (rev 232310)
@@ -0,0 +1,20 @@
+<?php
+$isTestingMultipart = $_GET["isTestingMultipart"];
+$destinationOrigin = $_GET["destinationOrigin"];
+
+header('HTTP/1.0 200 OK');
+header('Referrer-Policy: ' . $_GET["value"]);
+if ($isTestingMultipart) {
+ header("Content-Type: multipart/x-mixed-replace;boundary=boundary");
+ echo("--boundary\r\n");
+ echo("Referrer-Policy: " . $_GET["value"] . "\r\n");
+ echo("Content-type: text/html\r\n");
+ echo("\r\n");
+ echo("<iframe src=''></iframe>\r\n");
+ echo("--boundary\r\n");
+} else {
+ header("Content-Type: text/html");
+ echo("\r\n");
+ echo("<iframe src=''></iframe>\r\n");
+}
+?>
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (232309 => 232310)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2018-05-30 21:30:21 UTC (rev 232310)
@@ -1,3 +1,15 @@
+2018-05-30 Chris Dumez <[email protected]>
+
+ Referrer-Policy response header is ignored
+ https://bugs.webkit.org/show_bug.cgi?id=186037
+ <rdar://problem/40600335>
+
+ Reviewed by Youenn Fablet.
+
+ Rebaseline existing WPT now that one more check is passing.
+
+ * web-platform-tests/fetch/api/policies/referrer-origin-expected.txt:
+
2018-05-29 Frederic Wang <[email protected]>
Import WPT tests for CSS animations
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/policies/referrer-origin-expected.txt (232309 => 232310)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/policies/referrer-origin-expected.txt 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/policies/referrer-origin-expected.txt 2018-05-30 21:30:21 UTC (rev 232310)
@@ -1,4 +1,4 @@
-FAIL Request's referrer is origin assert_equals: request's referrer is http://localhost:8800/ expected "http://localhost:8800/" but got "http://localhost:8800/fetch/api/policies/referrer-origin.html"
+PASS Request's referrer is origin
FAIL Cross-origin referrer is overridden by client origin promise_test: Unhandled rejection with value: object "TypeError: Referrer is not same-origin."
Modified: trunk/Source/WebCore/ChangeLog (232309 => 232310)
--- trunk/Source/WebCore/ChangeLog 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/ChangeLog 2018-05-30 21:30:21 UTC (rev 232310)
@@ -1,3 +1,34 @@
+2018-05-30 Chris Dumez <[email protected]>
+
+ Referrer-Policy response header is ignored
+ https://bugs.webkit.org/show_bug.cgi?id=186037
+ <rdar://problem/40600335>
+
+ Reviewed by Youenn Fablet.
+
+ Add support for Referrer-Policy HTTP response header:
+ - https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-header
+
+ Tests: http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
+ http/tests/security/referrer-policy-header-and-meta-tag.html
+ http/tests/security/referrer-policy-header.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::setReferrerPolicy):
+ (WebCore::Document::processReferrerPolicy):
+ * dom/Document.h:
+ (WebCore::Document::referrerPolicy const):
+ * html/HTMLMetaElement.cpp:
+ (WebCore::HTMLMetaElement::process):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::didBeginDocument):
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::updateReferrerPolicy):
+ * platform/ReferrerPolicy.cpp:
+ (WebCore::parseReferrerPolicyToken):
+ (WebCore::parseReferrerPolicy):
+ * platform/ReferrerPolicy.h:
+
2018-05-30 Youenn Fablet <[email protected]>
Rename CrossOriginResourcePolicy same to same-origin
Modified: trunk/Source/WebCore/dom/Document.cpp (232309 => 232310)
--- trunk/Source/WebCore/dom/Document.cpp 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/dom/Document.cpp 2018-05-30 21:30:21 UTC (rev 232310)
@@ -758,6 +758,16 @@
m_selectorQueryCache = nullptr;
}
+void Document::setReferrerPolicy(ReferrerPolicy referrerPolicy)
+{
+ // Do not override existing referrer policy with the "empty string" one as the "empty string" means we should use
+ // the policy defined elsewhere.
+ if (m_referrerPolicy && referrerPolicy == ReferrerPolicy::EmptyString)
+ return;
+
+ m_referrerPolicy = referrerPolicy;
+}
+
MediaQueryMatcher& Document::mediaQueryMatcher()
{
if (!m_mediaQueryMatcher)
@@ -3465,7 +3475,7 @@
#endif
-void Document::processReferrerPolicy(const String& policy)
+void Document::processReferrerPolicy(const String& policy, ReferrerPolicySource source)
{
ASSERT(!policy.isNull());
@@ -3479,10 +3489,10 @@
return;
#endif
- auto referrerPolicy = parseReferrerPolicy(policy, ShouldParseLegacyKeywords::Yes);
+ auto referrerPolicy = parseReferrerPolicy(policy, source);
if (!referrerPolicy) {
- addConsoleMessage(MessageSource::Rendering, MessageLevel::Error, "Failed to set referrer policy: The value '" + policy + "' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'. Defaulting to 'no-referrer'.");
- setReferrerPolicy(ReferrerPolicy::NoReferrer);
+ // Unknown policy values are ignored (https://w3c.github.io/webappsec-referrer-policy/#unknown-policy-values).
+ addConsoleMessage(MessageSource::Rendering, MessageLevel::Error, "Failed to set referrer policy: The value '" + policy + "' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin' or 'unsafe-url'.");
return;
}
setReferrerPolicy(referrerPolicy.value());
Modified: trunk/Source/WebCore/dom/Document.h (232309 => 232310)
--- trunk/Source/WebCore/dom/Document.h 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/dom/Document.h 2018-05-30 21:30:21 UTC (rev 232310)
@@ -395,8 +395,8 @@
bool didDispatchViewportPropertiesChanged() const { return m_didDispatchViewportPropertiesChanged; }
#endif
- void setReferrerPolicy(ReferrerPolicy referrerPolicy) { m_referrerPolicy = referrerPolicy; }
- ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; }
+ void setReferrerPolicy(ReferrerPolicy);
+ ReferrerPolicy referrerPolicy() const { return m_referrerPolicy.value_or(ReferrerPolicy::NoReferrerWhenDowngrade); }
WEBCORE_EXPORT DocumentType* doctype() const;
@@ -862,7 +862,7 @@
void processViewport(const String& features, ViewportArguments::Type origin);
void processDisabledAdaptations(const String& adaptations);
void updateViewportArguments();
- void processReferrerPolicy(const String& policy);
+ void processReferrerPolicy(const String& policy, ReferrerPolicySource);
// Returns the owning element in the parent document.
// Returns 0 if this is the top level document.
@@ -1826,7 +1826,7 @@
MediaProducer::MediaStateFlags m_mediaState { MediaProducer::IsNotPlaying };
bool m_userHasInteractedWithMediaElement { false };
PageCacheState m_pageCacheState { NotInPageCache };
- ReferrerPolicy m_referrerPolicy { ReferrerPolicy::NoReferrerWhenDowngrade };
+ std::optional<ReferrerPolicy> m_referrerPolicy;
ReadyState m_readyState { Complete };
MutationObserverOptions m_mutationObserverTypes { 0 };
Modified: trunk/Source/WebCore/html/HTMLMetaElement.cpp (232309 => 232310)
--- trunk/Source/WebCore/html/HTMLMetaElement.cpp 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/html/HTMLMetaElement.cpp 2018-05-30 21:30:21 UTC (rev 232310)
@@ -98,7 +98,7 @@
document().processWebAppOrientations();
#endif
else if (equalLettersIgnoringASCIICase(name(), "referrer"))
- document().processReferrerPolicy(contentValue);
+ document().processReferrerPolicy(contentValue, ReferrerPolicySource::MetaTag);
const AtomicString& httpEquivValue = attributeWithoutSynchronization(http_equivAttr);
if (!httpEquivValue.isNull())
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (232309 => 232310)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2018-05-30 21:30:21 UTC (rev 232310)
@@ -734,6 +734,10 @@
m_frame.document()->contentSecurityPolicy()->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(m_documentLoader->response()), referrer(), ContentSecurityPolicy::ReportParsingErrors::No);
+ String referrerPolicy = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ReferrerPolicy);
+ if (!referrerPolicy.isNull())
+ m_frame.document()->processReferrerPolicy(referrerPolicy, ReferrerPolicySource::HTTPHeader);
+
String headerContentLanguage = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ContentLanguage);
if (!headerContentLanguage.isEmpty()) {
size_t commaIndex = headerContentLanguage.find(',');
Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (232309 => 232310)
--- trunk/Source/WebCore/loader/SubresourceLoader.cpp 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp 2018-05-30 21:30:21 UTC (rev 232310)
@@ -588,18 +588,10 @@
void SubresourceLoader::updateReferrerPolicy(const String& referrerPolicyValue)
{
- if (referrerPolicyValue.isEmpty())
- return;
-
- // Implementing https://www.w3.org/TR/2017/CR-referrer-policy-20170126/#parse-referrer-policy-from-header.
- ReferrerPolicy referrerPolicy = ReferrerPolicy::EmptyString;
- for (auto tokenView : StringView { referrerPolicyValue }.split(',')) {
- auto token = parseReferrerPolicy(stripLeadingAndTrailingHTTPSpaces(tokenView), ShouldParseLegacyKeywords::No);
- if (token && token.value() != ReferrerPolicy::EmptyString)
- referrerPolicy = token.value();
+ if (auto referrerPolicy = parseReferrerPolicy(referrerPolicyValue, ReferrerPolicySource::HTTPHeader)) {
+ ASSERT(*referrerPolicy != ReferrerPolicy::EmptyString);
+ setReferrerPolicy(*referrerPolicy);
}
- if (referrerPolicy != ReferrerPolicy::EmptyString)
- setReferrerPolicy(referrerPolicy);
}
void SubresourceLoader::didFinishLoading(const NetworkLoadMetrics& networkLoadMetrics)
Modified: trunk/Source/WebCore/platform/ReferrerPolicy.cpp (232309 => 232310)
--- trunk/Source/WebCore/platform/ReferrerPolicy.cpp 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/platform/ReferrerPolicy.cpp 2018-05-30 21:30:21 UTC (rev 232310)
@@ -25,12 +25,16 @@
#include "config.h"
#include "ReferrerPolicy.h"
+#include "HTTPParsers.h"
+
namespace WebCore {
-
-std::optional<ReferrerPolicy> parseReferrerPolicy(StringView policy, ShouldParseLegacyKeywords shouldParseLegacyKeywords)
+
+enum class ShouldParseLegacyKeywords { No, Yes };
+
+static std::optional<ReferrerPolicy> parseReferrerPolicyToken(StringView policy, ShouldParseLegacyKeywords shouldParseLegacyKeywords)
{
- // "never" / "default" / "always" are legacy keywords that we support. They were defined in:
- // https://www.w3.org/TR/2014/WD-referrer-policy-20140807/#referrer-policy-delivery-meta
+ // "never" / "default" / "always" are legacy keywords that we support and still defined in the HTML specification:
+ // https://html.spec.whatwg.org/#meta-referrer
if (shouldParseLegacyKeywords == ShouldParseLegacyKeywords::Yes) {
if (equalLettersIgnoringASCIICase(policy, "never"))
return ReferrerPolicy::NoReferrer;
@@ -39,7 +43,7 @@
if (equalLettersIgnoringASCIICase(policy, "default"))
return ReferrerPolicy::NoReferrerWhenDowngrade;
}
-
+
if (equalLettersIgnoringASCIICase(policy, "no-referrer"))
return ReferrerPolicy::NoReferrer;
if (equalLettersIgnoringASCIICase(policy, "unsafe-url"))
@@ -58,7 +62,31 @@
return ReferrerPolicy::NoReferrerWhenDowngrade;
if (!policy.isNull() && policy.isEmpty())
return ReferrerPolicy::EmptyString;
+
+ return std::nullopt;
+}
+std::optional<ReferrerPolicy> parseReferrerPolicy(StringView policyString, ReferrerPolicySource source)
+{
+ switch (source) {
+ case ReferrerPolicySource::HTTPHeader: {
+ policyString = stripLeadingAndTrailingHTTPSpaces(policyString);
+ if (policyString.isEmpty())
+ return std::nullopt;
+
+ // Implementing https://www.w3.org/TR/2017/CR-referrer-policy-20170126/#parse-referrer-policy-from-header.
+ std::optional<ReferrerPolicy> result;
+ for (auto tokenView : policyString.split(',')) {
+ auto token = parseReferrerPolicyToken(stripLeadingAndTrailingHTTPSpaces(tokenView), ShouldParseLegacyKeywords::No);
+ if (token && token.value() != ReferrerPolicy::EmptyString)
+ result = token.value();
+ }
+ return result;
+ }
+ case ReferrerPolicySource::MetaTag:
+ return parseReferrerPolicyToken(policyString, ShouldParseLegacyKeywords::Yes);
+ }
+ ASSERT_NOT_REACHED();
return std::nullopt;
}
Modified: trunk/Source/WebCore/platform/ReferrerPolicy.h (232309 => 232310)
--- trunk/Source/WebCore/platform/ReferrerPolicy.h 2018-05-30 20:44:08 UTC (rev 232309)
+++ trunk/Source/WebCore/platform/ReferrerPolicy.h 2018-05-30 21:30:21 UTC (rev 232310)
@@ -50,9 +50,8 @@
UnsafeUrl
};
-enum class ShouldParseLegacyKeywords { No, Yes };
-
-std::optional<ReferrerPolicy> parseReferrerPolicy(StringView, ShouldParseLegacyKeywords);
+enum class ReferrerPolicySource { MetaTag, HTTPHeader };
+std::optional<ReferrerPolicy> parseReferrerPolicy(StringView, ReferrerPolicySource);
}
