Diff
Modified: trunk/LayoutTests/ChangeLog (280080 => 280081)
--- trunk/LayoutTests/ChangeLog 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/ChangeLog 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,3 +1,62 @@
+2021-07-20 Sam Sneddon <gsnedd...@apple.com>
+
+ Change referrer-policy default to strict-origin-when-cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=218909
+
+ Reviewed by Chris Dumez.
+
+ This matches the behavior of other browsers.
+ Covered by existing tests and web platform tests we haven't imported yet.
+
+ * http/tests/media/media-stream/enumerate-devices-source-id.html:
+ * http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html:
+ * http/tests/resourceLoadStatistics/downgraded-referrer-for-navigation-with-link-query-from-prevalent-resource.html:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py:
+ * http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py:
+ * http/tests/security/referrer-policy-header-expected.txt:
+ * http/tests/security/referrer-policy-header-multipart-expected.txt:
+ * http/tests/security/referrer-policy-header-test.js:
+ * http/wpt/beacon/cors/cors-preflight-blob-failure.html:
+ * http/wpt/beacon/cors/cors-preflight-blob-success.html:
+ * http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html:
+ * http/wpt/html/browsers/windows/browsing-context.html:
+ * platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any-expected.txt: Added.
+ * platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any.worker-expected.txt: Added.
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt:
+ * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt:
+
2021-07-20 Ziran Sun <z...@igalia.com>
Images as grid items should use the overridingLogicalWidth when defined to compute the logical Height
Modified: trunk/LayoutTests/http/tests/media/media-stream/enumerate-devices-source-id.html (280080 => 280081)
--- trunk/LayoutTests/http/tests/media/media-stream/enumerate-devices-source-id.html 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/media/media-stream/enumerate-devices-source-id.html 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,6 +1,7 @@
<!DOCTYPE html>
<html>
<head>
+ <meta name="referrer" content="unsafe-url">
<style>
iframe { border: 1px solid black; }
</style>
Modified: trunk/LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html (280080 => 280081)
--- trunk/LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html 2021-07-20 16:42:40 UTC (rev 280081)
@@ -20,6 +20,6 @@
finishJSTest();
}
</script>
-<iframe src="" referrerpolicy="unsaf-url"></iframe>
+<iframe src="" referrerpolicy="unsafe-url"></iframe>
</body>
</html>
Modified: trunk/LayoutTests/http/tests/resourceLoadStatistics/downgraded-referrer-for-navigation-with-link-query-from-prevalent-resource.html (280080 => 280081)
--- trunk/LayoutTests/http/tests/resourceLoadStatistics/downgraded-referrer-for-navigation-with-link-query-from-prevalent-resource.html 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/resourceLoadStatistics/downgraded-referrer-for-navigation-with-link-query-from-prevalent-resource.html 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,6 +1,7 @@
<!DOCTYPE html>
<html>
<head>
+ <meta name="referrer" content="unsafe-url">
<script src=""
<script src=""
<script src=""
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -5,4 +5,4 @@
REQUEST_METHOD: POST
REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
=== POST DATA =""
-{"csp-report":{"document-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/s
ecurity/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":200}}
+{"csp-report":{"document-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL",
"status-code":200}}
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -5,4 +5,4 @@
REQUEST_METHOD: POST
REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
=== POST DATA =""
-{"csp-report":{"document-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ft
est%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","status-code":0}}
+{"csp-report":{"document-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL"
;,"status-code":0}}
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -5,4 +5,4 @@
REQUEST_METHOD: POST
REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
=== POST DATA =""
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest
%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"http://127.0.0.1:8000/","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri save-report.py?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+save-report.py%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL",&
quot;status-code":0}}
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -11,7 +11,7 @@
Kicking off the tests:
PASS window.e.documentURI is "https://127.0.0.1:8443/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html"
-PASS window.e.referrer is "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html"
+PASS window.e.referrer is "http://127.0.0.1:8000/"
FAIL window.e.blockedURI should be http://127.0.0.1:8000/security/resources/abe.png. Was http://127.0.0.1:8000.
PASS window.e.violatedDirective is "img-src 'none'"
PASS window.e.effectiveDirective is "img-src"
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -17,7 +17,7 @@
--------
This background color should be white.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -29,4 +29,4 @@
REQUEST_METHOD: POST
REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py
=== POST DATA =""
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","blocked-uri":"http://127.0.0.1:8000","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","referrer":"http://127.0.0.1:8000/","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.py?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.py","blocked-uri":"http://127.0.0.1:8000","status-code":0}}
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -9,7 +9,7 @@
This test opens a window and loads an insecure stylesheet. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -16,7 +16,7 @@
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -18,7 +18,7 @@
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image-with-enforced-and-report-policies.py
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads an insecure image. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -16,7 +16,7 @@
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-plugin.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads an insecure plugin. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-plugin.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -15,7 +15,7 @@
Frame: '<!--frame1-->'
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-script.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads an insecure external script. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-script.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -17,7 +17,7 @@
Frame: '<!--frame1-->'
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -12,7 +12,7 @@
This test opens a window and loads insecure data via asynchronous XHR. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -15,7 +15,7 @@
Frame: '<!--frame1-->'
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads insecure data via synchronous XHR. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py 2021-07-20 16:42:40 UTC (rev 280081)
@@ -8,6 +8,7 @@
'<!-- webkit-test-runner [ useEphemeralSession=true ] -->\n'
'<!DOCTYPE html>\n'
'<html>\n'
+ '<meta name="referrer" content="unsafe-url">\n'
'<body>\n'
'<script>\n'
'if (window.testRunner) {\n'
@@ -32,4 +33,4 @@
'</script>\n'
'</body>\n'
'</html>\n'
-)
\ No newline at end of file
+)
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.py 2021-07-20 16:42:40 UTC (rev 280081)
@@ -9,6 +9,7 @@
print('''<!DOCTYPE html>
<html>
+<meta name="referrer" content="unsafe-url">
<body>
<script>
// Normal browsing mode
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.py 2021-07-20 16:42:40 UTC (rev 280081)
@@ -7,6 +7,7 @@
'Content-Type: text/html\r\n\r\n'
'<!DOCTYPE html>\n'
'<html>\n'
+ '<meta name="referrer" content="unsafe-url">\n'
'<body>\n'
'<script>\n'
'if (window.testRunner) {\n'
@@ -31,4 +32,4 @@
'</script>\n'
'</body>\n'
'</html>\n'
-)
\ No newline at end of file
+)
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -13,4 +13,4 @@
REQUEST_METHOD: POST
REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
=== POST DATA =""
-{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.py?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.py 2021-07-20 16:42:40 UTC (rev 280081)
@@ -5,9 +5,10 @@
sys.stdout.write(
'Content-Security-Policy: script-src \'self\'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.py\r\n'
'Content-Type: text/html\r\n\r\n'
+ '<meta name="referrer" content="unsafe-url">\n'
'<script>\n'
'// This script block will trigger a violation report.\n'
'alert(\'FAIL\');\n'
'</script>\n'
'<script src=""
-)
\ No newline at end of file
+)
Modified: trunk/LayoutTests/http/tests/security/referrer-policy-header-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -76,7 +76,7 @@
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=0&id=24"
+PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0&id=25"
@@ -85,7 +85,7 @@
PASS actualReferrer is ""
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? false
-PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=0&id=27"
+PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? false
PASS actualReferrer is "https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0&id=28"
Modified: trunk/LayoutTests/http/tests/security/referrer-policy-header-multipart-expected.txt (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-multipart-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-multipart-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -76,7 +76,7 @@
PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-FAIL actualReferrer should be https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=1&id=24. Was https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://localhost:8443/&isTestingMultipart=0&id=24.
+PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: invalid' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
FAIL actualReferrer should be https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1&id=25. Was https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=invalid&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0&id=25.
@@ -85,7 +85,7 @@
PASS actualReferrer is ""
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://localhost:8443/ - isMultipartResponse? true
-FAIL actualReferrer should be https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=1&id=27. Was https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://localhost:8443/&isTestingMultipart=0&id=27.
+PASS actualReferrer is "https://127.0.0.1:8443/"
Testing 'Referrer-Policy: ' - referrer origin: https://127.0.0.1:8443/ - destination origin: https://127.0.0.1:8443/ - isMultipartResponse? true
FAIL actualReferrer should be https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=1&id=28. Was https://127.0.0.1:8443/security/resources/serve-referrer-policy-and-test.py?value=&destinationOrigin=https://127.0.0.1:8443/&isTestingMultipart=0&id=28.
Modified: trunk/LayoutTests/http/tests/security/referrer-policy-header-test.js (280080 => 280081)
--- trunk/LayoutTests/http/tests/security/referrer-policy-header-test.js 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-header-test.js 2021-07-20 16:42:40 UTC (rev 280081)
@@ -29,10 +29,10 @@
["origin-when-cross-origin", sourceOrigin, crossOrigin],
["origin-when-cross-origin", fullSourceURL, sourceOrigin],
["origin-when-cross-origin", sourceOrigin, downgradedOrigin],
- ["invalid", fullSourceURL, crossOrigin],
+ ["invalid", sourceOrigin, crossOrigin],
["invalid", fullSourceURL, sourceOrigin],
["invalid", "", downgradedOrigin],
- ["", fullSourceURL, crossOrigin],
+ ["", sourceOrigin, crossOrigin],
["", fullSourceURL, sourceOrigin],
["", "", downgradedOrigin],
];
Modified: trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html (280080 => 280081)
--- trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html 2021-07-20 16:42:40 UTC (rev 280081)
@@ -35,7 +35,7 @@
assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
return pollResult(test, id) .then(result => {
assert_equals(result['preflight'], 1, "Received preflight")
- assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
+ assert_equals(result['preflight_referer'], window.origin + "/", "Preflight referer header")
assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
let requested_headers = result['preflight_requested_headers'].toLowerCase()
assert_true(requested_headers.includes("content-type"), "Content-Type header is requested")
Modified: trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html (280080 => 280081)
--- trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html 2021-07-20 16:42:40 UTC (rev 280081)
@@ -35,7 +35,7 @@
assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
return pollResult(test, id) .then(result => {
assert_equals(result['preflight'], 1, "Received preflight")
- assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
+ assert_equals(result['preflight_referer'], window.origin + "/", "Preflight referer header")
assert_equals(result['preflight_origin'], 'http://localhost:8800', "Preflight origin header")
assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
let requested_headers = result['preflight_requested_headers'].toLowerCase()
Modified: trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html (280080 => 280081)
--- trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html 2021-07-20 16:42:40 UTC (rev 280081)
@@ -38,7 +38,7 @@
assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
return pollResult(test, id) .then(result => {
assert_equals(result['preflight'], 1, "Received preflight")
- assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
+ assert_equals(result['preflight_referer'], window.origin + "/", "Preflight referer header")
assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
assert_equals(result['preflight_origin'], "null", "Received beacon")
assert_equals(result['beacon'], 1, "Received beacon")
Modified: trunk/LayoutTests/http/wpt/html/browsers/windows/browsing-context.html (280080 => 280081)
--- trunk/LayoutTests/http/wpt/html/browsers/windows/browsing-context.html 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/http/wpt/html/browsers/windows/browsing-context.html 2021-07-20 16:42:40 UTC (rev 280081)
@@ -43,7 +43,7 @@
}, "Check that new document nodes extant, empty");
test(function () {
- assert_equals(doc.referrer, document.URL, "The document's referrer should be its creator document's address.");
+ assert_equals(doc.referrer, document.location.origin + '/', "The document's referrer should be its creator document's origin.");
assert_equals(iframe.contentWindow.parent.document, document);
}, "Check the document properties corresponding to the creator browsing context");
</script>
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (280080 => 280081)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,3 +1,18 @@
+2021-07-20 Sam Sneddon <gsnedd...@apple.com>
+
+ Change referrer-policy default to strict-origin-when-cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=218909
+
+ Reviewed by Chris Dumez.
+
+ This matches the behavior of other browsers. Update all our tests to deal with the origin now being shorter.
+
+ * web-platform-tests/fetch/api/cors/cors-preflight-referrer.any-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-preflight-referrer.any.worker-expected.txt:
+ * web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/source/navigate-child-src-about-blank-expected.txt:
+ * web-platform-tests/html/browsers/windows/browsing-context-expected.txt:
+ * web-platform-tests/service-workers/service-worker/fetch-event-referrer-policy.https-expected.txt:
+
2021-07-20 Ziran Sun <z...@igalia.com>
Images as grid items should use the overridingLogicalWidth when defined to compute the logical Height
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-referrer.any-expected.txt (280080 => 280081)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-referrer.any-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-referrer.any-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,8 +1,8 @@
PASS Referrer policy: no-referrer and referrer: default
PASS Referrer policy: no-referrer and referrer: 'myreferrer'
-FAIL Referrer policy: "" and referrer: default assert_equals: Preflight's referrer is correct expected "http://localhost:8800/" but got "http://localhost:8800/fetch/api/cors/cors-preflight-referrer.any.html"
-FAIL Referrer policy: "" and referrer: 'myreferrer' assert_equals: Preflight's referrer is correct expected "http://localhost:8800/" but got "http://localhost:8800/fetch/api/cors/myreferrer"
+PASS Referrer policy: "" and referrer: default
+PASS Referrer policy: "" and referrer: 'myreferrer'
PASS Referrer policy: no-referrer-when-downgrade and referrer: default
PASS Referrer policy: no-referrer-when-downgrade and referrer: 'myreferrer'
PASS Referrer policy: origin and referrer: default
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-referrer.any.worker-expected.txt (280080 => 280081)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-referrer.any.worker-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-referrer.any.worker-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,8 +1,8 @@
PASS Referrer policy: no-referrer and referrer: default
PASS Referrer policy: no-referrer and referrer: 'myreferrer'
-FAIL Referrer policy: "" and referrer: default assert_equals: Preflight's referrer is correct expected "http://localhost:8800/" but got "http://localhost:8800/fetch/api/cors/cors-preflight-referrer.any.worker.js"
-FAIL Referrer policy: "" and referrer: 'myreferrer' assert_equals: Preflight's referrer is correct expected "http://localhost:8800/" but got "http://localhost:8800/fetch/api/cors/myreferrer"
+PASS Referrer policy: "" and referrer: default
+PASS Referrer policy: "" and referrer: 'myreferrer'
PASS Referrer policy: no-referrer-when-downgrade and referrer: default
PASS Referrer policy: no-referrer-when-downgrade and referrer: 'myreferrer'
PASS Referrer policy: origin and referrer: default
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/source/navigate-child-src-about-blank-expected.txt (280080 => 280081)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/source/navigate-child-src-about-blank-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/source/navigate-child-src-about-blank-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,4 +1,3 @@
-CONSOLE MESSAGE: Error: assert_equals: expected "http://localhost:8800/" but got "http://localhost:8800/html/browsers/browsing-the-web/navigating-across-documents/source/navigate-child-src-about-blank.html"
-FAIL Set the src attribute to about:blank and check referrer Error: assert_equals: expected "http://localhost:8800/" but got "http://localhost:8800/html/browsers/browsing-the-web/navigating-across-documents/source/navigate-child-src-about-blank.html"
+PASS Set the src attribute to about:blank and check referrer
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-expected.txt (280080 => 280081)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,5 +1,5 @@
PASS Check that browsing context has new, ready HTML document
PASS Check that new document nodes extant, empty
-FAIL Check the document properties corresponding to the creator browsing context assert_equals: The document's referrer should be its creator document's origin. expected "http://localhost:8800/" but got "http://localhost:8800/html/browsers/windows/browsing-context.html"
+PASS Check the document properties corresponding to the creator browsing context
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-referrer-policy.https-expected.txt (280080 => 280081)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-referrer-policy.https-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-referrer-policy.https-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,6 +1,6 @@
FAIL Service Worker responds to fetch event with the referrer policy promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
-FAIL Service Worker should respond to fetch with the default referrer policy assert_equals: expected "ReferrerPolicy: strict-origin-when-cross-origin" but got "ReferrerPolicy: no-referrer-when-downgrade"
-FAIL Service Worker should respond to fetch with the referrer URL when a member of RequestInit is present - Default Referrer assert_equals: expected "Referrer: https://localhost:9443/service-workers/service-worker/resources/simple.html?referrerPolicy\nReferrerPolicy: strict-origin-when-cross-origin" but got "Referrer: https://localhost:9443/service-workers/service-worker/resources/simple.html?referrerPolicy\nReferrerPolicy: no-referrer-when-downgrade"
+PASS Service Worker should respond to fetch with the default referrer policy
+PASS Service Worker should respond to fetch with the referrer URL when a member of RequestInit is present - Default Referrer
Added: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any-expected.txt (0 => 280081)
--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -0,0 +1,34 @@
+
+PASS Same origin redirection, empty init, unsafe-url redirect header
+PASS Same origin redirection, empty init, no-referrer-when-downgrade redirect header
+PASS Same origin redirection, empty init, same-origin redirect header
+PASS Same origin redirection, empty init, origin redirect header
+PASS Same origin redirection, empty init, origin-when-cross-origin redirect header
+PASS Same origin redirection, empty init, no-referrer redirect header
+PASS Same origin redirection, empty init, strict-origin redirect header
+PASS Same origin redirection, empty init, strict-origin-when-cross-origin redirect header
+PASS Same origin redirection, empty redirect header, unsafe-url init
+PASS Same origin redirection, empty redirect header, no-referrer-when-downgrade init
+PASS Same origin redirection, empty redirect header, same-origin init
+PASS Same origin redirection, empty redirect header, origin init
+PASS Same origin redirection, empty redirect header, origin-when-cross-origin init
+PASS Same origin redirection, empty redirect header, no-referrer init
+PASS Same origin redirection, empty redirect header, strict-origin init
+PASS Same origin redirection, empty redirect header, strict-origin-when-cross-origin init
+FAIL Cross origin redirection, empty init, unsafe-url redirect header assert_equals: Check referrer header expected "http://localhost:8800/fetch/api/redirect/redirect-referrer.any.html" but got "http://localhost:8800/"
+FAIL Cross origin redirection, empty init, no-referrer-when-downgrade redirect header assert_equals: Check referrer header expected "http://localhost:8800/fetch/api/redirect/redirect-referrer.any.html" but got "http://localhost:8800/"
+PASS Cross origin redirection, empty init, same-origin redirect header
+PASS Cross origin redirection, empty init, origin redirect header
+PASS Cross origin redirection, empty init, origin-when-cross-origin redirect header
+PASS Cross origin redirection, empty init, no-referrer redirect header
+PASS Cross origin redirection, empty init, strict-origin redirect header
+PASS Cross origin redirection, empty init, strict-origin-when-cross-origin redirect header
+PASS Cross origin redirection, empty redirect header, unsafe-url init
+PASS Cross origin redirection, empty redirect header, no-referrer-when-downgrade init
+PASS Cross origin redirection, empty redirect header, same-origin init
+PASS Cross origin redirection, empty redirect header, origin init
+PASS Cross origin redirection, empty redirect header, origin-when-cross-origin init
+PASS Cross origin redirection, empty redirect header, no-referrer init
+PASS Cross origin redirection, empty redirect header, strict-origin init
+PASS Cross origin redirection, empty redirect header, strict-origin-when-cross-origin init
+
Added: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any.worker-expected.txt (0 => 280081)
--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any.worker-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-referrer.any.worker-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -0,0 +1,34 @@
+
+PASS Same origin redirection, empty init, unsafe-url redirect header
+PASS Same origin redirection, empty init, no-referrer-when-downgrade redirect header
+PASS Same origin redirection, empty init, same-origin redirect header
+PASS Same origin redirection, empty init, origin redirect header
+PASS Same origin redirection, empty init, origin-when-cross-origin redirect header
+PASS Same origin redirection, empty init, no-referrer redirect header
+PASS Same origin redirection, empty init, strict-origin redirect header
+PASS Same origin redirection, empty init, strict-origin-when-cross-origin redirect header
+PASS Same origin redirection, empty redirect header, unsafe-url init
+PASS Same origin redirection, empty redirect header, no-referrer-when-downgrade init
+PASS Same origin redirection, empty redirect header, same-origin init
+PASS Same origin redirection, empty redirect header, origin init
+PASS Same origin redirection, empty redirect header, origin-when-cross-origin init
+PASS Same origin redirection, empty redirect header, no-referrer init
+PASS Same origin redirection, empty redirect header, strict-origin init
+PASS Same origin redirection, empty redirect header, strict-origin-when-cross-origin init
+FAIL Cross origin redirection, empty init, unsafe-url redirect header assert_equals: Check referrer header expected "http://localhost:8800/fetch/api/redirect/redirect-referrer.any.worker.js" but got "http://localhost:8800/"
+FAIL Cross origin redirection, empty init, no-referrer-when-downgrade redirect header assert_equals: Check referrer header expected "http://localhost:8800/fetch/api/redirect/redirect-referrer.any.worker.js" but got "http://localhost:8800/"
+PASS Cross origin redirection, empty init, same-origin redirect header
+PASS Cross origin redirection, empty init, origin redirect header
+PASS Cross origin redirection, empty init, origin-when-cross-origin redirect header
+PASS Cross origin redirection, empty init, no-referrer redirect header
+PASS Cross origin redirection, empty init, strict-origin redirect header
+PASS Cross origin redirection, empty init, strict-origin-when-cross-origin redirect header
+PASS Cross origin redirection, empty redirect header, unsafe-url init
+PASS Cross origin redirection, empty redirect header, no-referrer-when-downgrade init
+PASS Cross origin redirection, empty redirect header, same-origin init
+PASS Cross origin redirection, empty redirect header, origin init
+PASS Cross origin redirection, empty redirect header, origin-when-cross-origin init
+PASS Cross origin redirection, empty redirect header, no-referrer init
+PASS Cross origin redirection, empty redirect header, strict-origin init
+PASS Cross origin redirection, empty redirect header, strict-origin-when-cross-origin init
+
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -17,7 +17,7 @@
--------
This background color should be white.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -9,7 +9,7 @@
This test opens a window and loads an insecure stylesheet. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -16,7 +16,7 @@
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -18,7 +18,7 @@
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image-with-enforced-and-report-policies.py
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads an insecure image. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -16,7 +16,7 @@
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-plugin.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads an insecure plugin. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-plugin.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -16,7 +16,7 @@
Frame: '<!--frame1-->'
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-script.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads an insecure external script. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-script.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -17,7 +17,7 @@
Frame: '<!--frame1-->'
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -12,7 +12,7 @@
This test opens a window and loads insecure data via asynchronous XHR. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -15,7 +15,7 @@
Frame: '<!--frame1-->'
--------
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt (280080 => 280081)
--- trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt 2021-07-20 16:42:40 UTC (rev 280081)
@@ -10,7 +10,7 @@
This test opens a window and loads insecure data via synchronous XHR. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
-referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame.html
+referrer: http://127.0.0.1:8000/
blockedURI: http://127.0.0.1:8000
violatedDirective: block-all-mixed-content
effectiveDirective: block-all-mixed-content
Modified: trunk/Source/WebCore/ChangeLog (280080 => 280081)
--- trunk/Source/WebCore/ChangeLog 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Source/WebCore/ChangeLog 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,3 +1,22 @@
+2021-07-20 Sam Sneddon <gsnedd...@apple.com>
+
+ Change referrer-policy default to strict-origin-when-cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=218909
+
+ Reviewed by Chris Dumez.
+
+ This matches the behavior of other browsers.
+ Covered by existing tests and web platform tests we haven't imported yet.
+
+ * dom/Document.h:
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::effectiveReferrerPolicy const):
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::requestResource):
+ * platform/ReferrerPolicy.cpp:
+ (WebCore::parseReferrerPolicyToken):
+ * platform/ReferrerPolicy.h:
+
2021-07-20 Philippe Normand <pnorm...@igalia.com>
[GStreamer] Switch raw GstStructure pointers to GUniquePtr
Modified: trunk/Source/WebCore/dom/Document.h (280080 => 280081)
--- trunk/Source/WebCore/dom/Document.h 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Source/WebCore/dom/Document.h 2021-07-20 16:42:40 UTC (rev 280081)
@@ -417,7 +417,7 @@
#endif
void setReferrerPolicy(ReferrerPolicy);
- ReferrerPolicy referrerPolicy() const final { return m_referrerPolicy.value_or(ReferrerPolicy::NoReferrerWhenDowngrade); }
+ ReferrerPolicy referrerPolicy() const final { return m_referrerPolicy.value_or(ReferrerPolicy::Default); }
WEBCORE_EXPORT DocumentType* doctype() const;
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (280080 => 280081)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2021-07-20 16:42:40 UTC (rev 280081)
@@ -3922,7 +3922,7 @@
return parentFrame->document()->referrerPolicy();
if (m_opener)
return m_opener->document()->referrerPolicy();
- return ReferrerPolicy::NoReferrerWhenDowngrade;
+ return ReferrerPolicy::Default;
}
String FrameLoader::referrer() const
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (280080 => 280081)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2021-07-20 16:42:40 UTC (rev 280081)
@@ -904,7 +904,7 @@
return makeUnexpected(frame.loader().blockedError(request.resourceRequest()));
}
- request.updateReferrerPolicy(document() ? document()->referrerPolicy() : ReferrerPolicy::NoReferrerWhenDowngrade);
+ request.updateReferrerPolicy(document() ? document()->referrerPolicy() : ReferrerPolicy::Default);
if (InspectorInstrumentation::willIntercept(&frame, request.resourceRequest()))
request.setCachingPolicy(CachingPolicy::DisallowCaching);
Modified: trunk/Source/WebCore/platform/ReferrerPolicy.cpp (280080 => 280081)
--- trunk/Source/WebCore/platform/ReferrerPolicy.cpp 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Source/WebCore/platform/ReferrerPolicy.cpp 2021-07-20 16:42:40 UTC (rev 280081)
@@ -41,7 +41,7 @@
if (equalLettersIgnoringASCIICase(policy, "always"))
return ReferrerPolicy::UnsafeUrl;
if (equalLettersIgnoringASCIICase(policy, "default"))
- return ReferrerPolicy::NoReferrerWhenDowngrade;
+ return ReferrerPolicy::Default;
}
if (equalLettersIgnoringASCIICase(policy, "no-referrer"))
Modified: trunk/Source/WebCore/platform/ReferrerPolicy.h (280080 => 280081)
--- trunk/Source/WebCore/platform/ReferrerPolicy.h 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Source/WebCore/platform/ReferrerPolicy.h 2021-07-20 16:42:40 UTC (rev 280081)
@@ -46,7 +46,8 @@
StrictOrigin,
OriginWhenCrossOrigin,
StrictOriginWhenCrossOrigin,
- UnsafeUrl
+ UnsafeUrl,
+ Default = StrictOriginWhenCrossOrigin
};
enum class ReferrerPolicySource : uint8_t { MetaTag, HTTPHeader, ReferrerPolicyAttribute };
Modified: trunk/Tools/ChangeLog (280080 => 280081)
--- trunk/Tools/ChangeLog 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Tools/ChangeLog 2021-07-20 16:42:40 UTC (rev 280081)
@@ -1,3 +1,16 @@
+2021-07-20 Sam Sneddon <gsnedd...@apple.com>
+
+ Change referrer-policy default to strict-origin-when-cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=218909
+
+ Reviewed by Chris Dumez.
+
+ This matches the behavior of other browsers.
+ Covered by existing tests and web platform tests we haven't imported yet.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm:
+ (TEST):
+
2021-07-20 Aakash Jain <aakash_j...@apple.com>
EWS should send email notification when a bot goes out of disk space
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm (280080 => 280081)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm 2021-07-20 15:29:14 UTC (rev 280080)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm 2021-07-20 16:42:40 UTC (rev 280081)
@@ -66,7 +66,7 @@
});
});
auto webView = adoptNS([WKWebView new]);
- [webView loadHTMLString:[NSString stringWithFormat:@"<body _onload_='document.getElementById(\"formID\").submit()'><form id='formID' method='post' action=''></form></body>", server.port()] baseURL:baseURL];
+ [webView loadHTMLString:[NSString stringWithFormat:@"<meta name='referrer' content='unsafe-url'><body _onload_='document.getElementById(\"formID\").submit()'><form id='formID' method='post' action=''></form></body>", server.port()] baseURL:baseURL];
Util::run(&done);
};
