Resource Load Statistics: Downgrade document.referrer for all third-party iframes
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Oct 2019 20:50:34 +0000 (20:50 +0000)
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Oct 2019 20:50:34 +0000 (20:50 +0000)
https://bugs.webkit.org/show_bug.cgi?id=202506
<rdar://problem/55786397>

Reviewed by Brent Fulgham.

Source/WebCore:

This change downgrades document.referrer for all third-party iframes if ITP/Resource Load Statistics
is enabled. The behavior matches the downgrade of all HTTP referrers for third-party resources
which landed in https://trac.webkit.org/changeset/250413/webkit.

Tests: http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe.html
       http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe.html
       http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe.html

* dom/Document.cpp:
(WebCore::Document::referrer):
(WebCore::Document::referrer const): Deleted.
    Can no longer be const since it lazily downgrades and saves the referrer on read.
* dom/Document.h:

LayoutTests:

The tests that are not new rely on document.referrer and so they are made to turn off
ITP before they run to maintain a full referrer.

* http/tests/media/media-stream/enumerate-devices-source-id.html:
* http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/no-referrer-when-downgrade/same-origin.html:
* http/tests/referrer-policy-iframe/no-referrer/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/no-referrer/same-origin.html:
* http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/origin-when-cross-origin/same-origin.html:
* http/tests/referrer-policy-iframe/origin/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/origin/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/origin/same-origin.html:
* http/tests/referrer-policy-iframe/same-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/same-origin/same-origin.html:
* http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/same-origin.html:
* http/tests/referrer-policy-iframe/strict-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/strict-origin/same-origin.html:
* http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html:
* http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html:
* http/tests/referrer-policy-iframe/unsafe-url/same-origin.html:
* http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html:
* http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html:
* http/tests/referrer-policy/no-referrer-when-downgrade/same-origin.html:
* http/tests/referrer-policy/no-referrer/cross-origin-http-http.html:
* http/tests/referrer-policy/no-referrer/cross-origin-http.https.html:
* http/tests/referrer-policy/no-referrer/same-origin.html:
* http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html:
* http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html:
* http/tests/referrer-policy/origin-when-cross-origin/same-origin.html:
* http/tests/referrer-policy/origin/cross-origin-http-http.html:
* http/tests/referrer-policy/origin/cross-origin-http.https.html:
* http/tests/referrer-policy/origin/same-origin.html:
* http/tests/referrer-policy/same-origin/cross-origin-http-http.html:
* http/tests/referrer-policy/same-origin/cross-origin-http.https.html:
* http/tests/referrer-policy/same-origin/same-origin.html:
* http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html:
* http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html:
* http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html:
* http/tests/referrer-policy/strict-origin/cross-origin-http-http.html:
* http/tests/referrer-policy/strict-origin/cross-origin-http.https.html:
* http/tests/referrer-policy/strict-origin/same-origin.html:
* http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html:
* http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html:
* http/tests/referrer-policy/unsafe-url/same-origin.html:
* http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe-expected.txt: Added.
* http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe.html: Added.
* http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe-expected.txt: Added.
* http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe.html: Added.
* http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe-expected.txt: Added.
* http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe.html: Added.
* http/tests/resourceLoadStatistics/resources/nest-iframe-report-document-referrer.html: Added.
* http/tests/resourceLoadStatistics/resources/report-document-referrer.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250676 268f45cc-cd09-0410-ab3c-d52691b4dbfc

61 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/media/media-stream/enumerate-devices-source-id.html
LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/same-origin.html
LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/no-referrer/same-origin.html
LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/origin/same-origin.html
LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/same-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/strict-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/same-origin.html
LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/same-origin.html
LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/no-referrer/same-origin.html
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/same-origin.html
LayoutTests/http/tests/referrer-policy/origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/origin/same-origin.html
LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/same-origin/same-origin.html
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html
LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/strict-origin/same-origin.html
LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/unsafe-url/same-origin.html
LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/resources/nest-iframe-report-document-referrer.html [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/resources/report-document-referrer.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h

index 1318c4e..88b8426 100644 (file)
@@ -1,3 +1,72 @@
+2019-10-03  John Wilander  <wilander@apple.com>
+
+        Resource Load Statistics: Downgrade document.referrer for all third-party iframes
+        https://bugs.webkit.org/show_bug.cgi?id=202506
+        <rdar://problem/55786397>
+
+        Reviewed by Brent Fulgham.
+
+        The tests that are not new rely on document.referrer and so they are made to turn off
+        ITP before they run to maintain a full referrer.
+
+        * http/tests/media/media-stream/enumerate-devices-source-id.html:
+        * http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/no-referrer-when-downgrade/same-origin.html:
+        * http/tests/referrer-policy-iframe/no-referrer/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/no-referrer/same-origin.html:
+        * http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/origin-when-cross-origin/same-origin.html:
+        * http/tests/referrer-policy-iframe/origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/origin/same-origin.html:
+        * http/tests/referrer-policy-iframe/same-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/same-origin/same-origin.html:
+        * http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/same-origin.html:
+        * http/tests/referrer-policy-iframe/strict-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/strict-origin/same-origin.html:
+        * http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html:
+        * http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html:
+        * http/tests/referrer-policy-iframe/unsafe-url/same-origin.html:
+        * http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html:
+        * http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html:
+        * http/tests/referrer-policy/no-referrer-when-downgrade/same-origin.html:
+        * http/tests/referrer-policy/no-referrer/cross-origin-http-http.html:
+        * http/tests/referrer-policy/no-referrer/cross-origin-http.https.html:
+        * http/tests/referrer-policy/no-referrer/same-origin.html:
+        * http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy/origin-when-cross-origin/same-origin.html:
+        * http/tests/referrer-policy/origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy/origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy/origin/same-origin.html:
+        * http/tests/referrer-policy/same-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy/same-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy/same-origin/same-origin.html:
+        * http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy/strict-origin-when-cross-origin/same-origin.html:
+        * http/tests/referrer-policy/strict-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy/strict-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy/strict-origin/same-origin.html:
+        * http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html:
+        * http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html:
+        * http/tests/referrer-policy/unsafe-url/same-origin.html:
+        * http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe.html: Added.
+        * http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe.html: Added.
+        * http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe-expected.txt: Added.
+        * http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe.html: Added.
+        * http/tests/resourceLoadStatistics/resources/nest-iframe-report-document-referrer.html: Added.
+        * http/tests/resourceLoadStatistics/resources/report-document-referrer.html: Added.
+
 2019-10-03  Antoine Quint  <graouts@apple.com>
 
         REGRESSION: touchend doesn't trigger on element when touch is released outside of its bounds
index 250084a..eff6cf1 100644 (file)
@@ -8,6 +8,9 @@
         <script>
             window.jsTestIsAsync = true;
 
+            if (internals)
+                internals.setResourceLoadStatisticsEnabled(false);
+
             if (window.testRunner)
                 testRunner.setUserMediaPermission(true);
 
@@ -48,6 +51,8 @@
                 devices.forEach(device => checkID(document.origin, device));
 
                 debug('');
+                if (internals)
+                    internals.setResourceLoadStatisticsEnabled(true);
                 finishJSTest();
             }
 
index 9fe1d9e..1fa8a85 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-http.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index f97d417..b449363 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index bfc1437..7f758ec 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of no-referrer-when-downgrade referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-iframe/no-referrer-when-downgrade/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index d2e0151..5d00b1e 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of no-referrer referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index e208e4e..1598d9e 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 8ad2ee7..f9babda 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of no-referrer referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 528197e..057a6c4 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL, because we are cross-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 4771a8d..fb9fefd 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL, because we are cross-origin.
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 9a6f5cf..27c4e33 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of origin-when-cross-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL because we are same-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-iframe/origin-when-cross-origin/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index de9e19c..4dd2bb8 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index cea3a13..d10b7e2 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index f543eb5..0e66caa 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 200980c..119c5cb 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of same-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are cross-origin.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index fe2aed6..da52496 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are cross-origin.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 78e02a8..a5ed957 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of same-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL because we are same-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-iframe/same-origin/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index e99c33d..4694bb7 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL, because we are cross-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 84ad1e7..d40e2cf 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are cross-origin and going from HTTPS to HTTP.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 02d2e76..cc366d0 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of strict-origin-when-cross-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL because we are same-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-iframe/strict-origin-when-cross-origin/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 4ef9c5d..90c1d4b 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of strict-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index c710f9b..c8283eb 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are going from HTTPS to HTTP.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 91af678..95351c5 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of strict-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 5fce9c4..cb0e8ec 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of unsafe-url referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-iframe/unsafe-url/cross-origin-http-http.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index a5eb780..6057c74 100644 (file)
@@ -8,13 +8,17 @@
 description("Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 21f1f4e..def5b65 100644 (file)
@@ -8,10 +8,15 @@
 description("Tests the behavior of unsafe-url referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-iframe/unsafe-url/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 4c94f1d..250e296 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 
index d6051ce..3da1e55 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 
index 7a205d7..1d6e8e3 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of no-referrer-when-downgrade referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/no-referrer-when-downgrade/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 
index f227701..a39be1d 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of no-referrer referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 8637f78..b76041d 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index e43411e..ce7695e 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of no-referrer referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 2af42c4..60af992 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL, because we are cross-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 7ee4847..a4cbac7 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL, because we are cross-origin.
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 8a85e33..c94b51c 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of origin-when-cross-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL because we are same-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/origin-when-cross-origin/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index de4cf23..5e66ee0 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 0d892ed..211d532 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index fe88458..b34804a 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 10bad9c..6fd8598 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of same-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are cross-origin.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index e53b154..fc7f4d7 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are cross-origin.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 55bfd55..7c6d5aa 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of same-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL because we are same-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/same-origin/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 65f8346..85be252 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL, because we are cross-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 33f9fb3..896673b 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are cross-origin and going from HTTPS to HTTP.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index cad861b..1aa3b5c 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of strict-origin-when-cross-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL because we are same-origin.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/strict-origin-when-cross-origin/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 67df44f..c46bdf1 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of strict-origin referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 83bfc9a..ea68df3 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the empty string because we are going from HTTPS to HTTP.
     shouldBeEqualToString("referrer", "");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index 55cf27a..a66f471 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of strict-origin referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the origin, not the full URL.
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
index bba42ba..0e32a18 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of unsafe-url referrer policy when cross origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/unsafe-url/cross-origin-http-http.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 
index ffcd6e7..00e8dd0 100644 (file)
@@ -9,13 +9,17 @@
 description("Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.");
 jsTestIsAsync = true;
 
-if (window.internals)
+if (window.internals) {
     internals.settings.setAllowDisplayOfInsecureContent(true);
+    internals.setResourceLoadStatisticsEnabled(false);
+}
 
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/referrer-policy/unsafe-url/cross-origin-http.https.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 
index f6b97a7..6f7a070 100644 (file)
@@ -9,10 +9,15 @@
 description("Tests the behavior of unsafe-url referrer policy when same origin.");
 jsTestIsAsync = true;
 
+if (window.internals)
+    internals.setResourceLoadStatisticsEnabled(false);
+
 window.onmessage = function(event) {
     referrer = event.data.referrer;
     // Should be the full URL
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/unsafe-url/same-origin.html");
+    if (window.internals)
+        internals.setResourceLoadStatisticsEnabled(true);
     finishJSTest();
 }
 </script>
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe-expected.txt b/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe-expected.txt
new file mode 100644 (file)
index 0000000..2e6b307
--- /dev/null
@@ -0,0 +1,10 @@
+Tests that document.referrer is downgraded in nested third-party iframes.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.referrer is http://127.0.0.1:8000
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe.html b/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe.html
new file mode 100644 (file)
index 0000000..4e1e23a
--- /dev/null
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/js-test-resources/js-test.js"></script>
+    <script src="resources/util.js"></script>
+</head>
+<body onload="runTest()">
+<script>
+    description("Tests that document.referrer is downgraded in nested third-party iframes.");
+    jsTestIsAsync = true;
+
+    function receiveMessage(event) {
+        if (event.origin === "http://localhost:8000") {
+            if (event.data.indexOf("PASS") === -1)
+                testFailed(event.data.replace("FAIL ", ""));
+            else
+                testPassed(event.data.replace("PASS ", ""));
+        } else
+            testFailed("Received a message from an unexpected origin: " + event.origin);
+        setEnableFeature(false, finishJSTest);
+    }
+
+    window.addEventListener("message", receiveMessage, false);
+
+    function runTest() {
+        if (testRunner) {
+            testRunner.setUseITPDatabase(true);
+            setEnableFeature(true, function() {
+                let iframeElement = document.createElement("iframe");
+                iframeElement.src = "http://127.0.0.1:8000/resourceLoadStatistics/resources/nest-iframe-report-document-referrer.html";
+                document.body.appendChild(iframeElement);
+            });
+        }
+    }
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe-expected.txt b/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe-expected.txt
new file mode 100644 (file)
index 0000000..bb2ac72
--- /dev/null
@@ -0,0 +1,10 @@
+Tests that document.referrer is downgraded in third-party iframes.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.referrer is http://127.0.0.1:8000
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe.html b/LayoutTests/http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe.html
new file mode 100644 (file)
index 0000000..864d11f
--- /dev/null
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/js-test-resources/js-test.js"></script>
+    <script src="resources/util.js"></script>
+</head>
+<body onload="runTest()">
+<script>
+    description("Tests that document.referrer is downgraded in third-party iframes.");
+    jsTestIsAsync = true;
+
+    function receiveMessage(event) {
+        if (event.origin === "http://localhost:8000") {
+            if (event.data.indexOf("PASS") === -1)
+                testFailed(event.data.replace("FAIL ", ""));
+            else
+                testPassed(event.data.replace("PASS ", ""));
+        } else
+            testFailed("Received a message from an unexpected origin: " + event.origin);
+        setEnableFeature(false, finishJSTest);
+    }
+
+    window.addEventListener("message", receiveMessage, false);
+
+    function runTest() {
+        if (testRunner) {
+            testRunner.setUseITPDatabase(true);
+            setEnableFeature(true, function() {
+                let iframeElement = document.createElement("iframe");
+                iframeElement.src = "http://localhost:8000/resourceLoadStatistics/resources/report-document-referrer.html";
+                document.body.appendChild(iframeElement);
+            });
+        }
+    }
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe-expected.txt b/LayoutTests/http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe-expected.txt
new file mode 100644 (file)
index 0000000..1236dac
--- /dev/null
@@ -0,0 +1,10 @@
+Tests that an empty document.referrer is left alone in third-party iframes.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.referrer is [empty]
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe.html b/LayoutTests/http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe.html
new file mode 100644 (file)
index 0000000..385eada
--- /dev/null
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/js-test-resources/js-test.js"></script>
+    <script src="resources/util.js"></script>
+</head>
+<body onload="runTest()">
+<script>
+    description("Tests that an empty document.referrer is left alone in third-party iframes.");
+    jsTestIsAsync = true;
+
+    function receiveMessage(event) {
+        if (event.origin === "http://localhost:8000") {
+            if (event.data.indexOf("PASS") === -1)
+                testFailed(event.data.replace("FAIL ", ""));
+            else
+                testPassed(event.data.replace("PASS ", ""));
+        } else
+            testFailed("Received a message from an unexpected origin: " + event.origin);
+        setEnableFeature(false, finishJSTest);
+    }
+
+    window.addEventListener("message", receiveMessage, false);
+
+    function runTest() {
+        if (testRunner) {
+            testRunner.setUseITPDatabase(true);
+            setEnableFeature(true, function() {
+                let iframeElement = document.createElement("iframe");
+                iframeElement.referrerPolicy = "no-referrer";
+                iframeElement.src = "http://localhost:8000/resourceLoadStatistics/resources/report-document-referrer.html";
+                document.body.appendChild(iframeElement);
+            });
+        }
+    }
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/resources/nest-iframe-report-document-referrer.html b/LayoutTests/http/tests/resourceLoadStatistics/resources/nest-iframe-report-document-referrer.html
new file mode 100644 (file)
index 0000000..77d1c4e
--- /dev/null
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<head>
+</head>
+<body>
+<iframe src="http://localhost:8000/resourceLoadStatistics/resources/report-document-referrer.html"></iframe>
+</body>
+</html>
\ No newline at end of file
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/resources/report-document-referrer.html b/LayoutTests/http/tests/resourceLoadStatistics/resources/report-document-referrer.html
new file mode 100644 (file)
index 0000000..83dec01
--- /dev/null
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+</head>
+<body>
+<script>
+    top.postMessage("PASS document.referrer is " + (document.referrer === "" ? "[empty]" : document.referrer), "http://127.0.0.1:8000");
+</script>
+</body>
+</html>
\ No newline at end of file
index f79a39e..9630122 100644 (file)
@@ -1,3 +1,25 @@
+2019-10-03  John Wilander  <wilander@apple.com>
+
+        Resource Load Statistics: Downgrade document.referrer for all third-party iframes
+        https://bugs.webkit.org/show_bug.cgi?id=202506
+        <rdar://problem/55786397>
+
+        Reviewed by Brent Fulgham.
+
+        This change downgrades document.referrer for all third-party iframes if ITP/Resource Load Statistics
+        is enabled. The behavior matches the downgrade of all HTTP referrers for third-party resources
+        which landed in https://trac.webkit.org/changeset/250413/webkit.
+
+        Tests: http/tests/resourceLoadStatistics/downgrade-document-referrer-nested-third-party-iframe.html
+               http/tests/resourceLoadStatistics/downgrade-document-referrer-third-party-iframe.html
+               http/tests/resourceLoadStatistics/leave-empty-document-referrer-alone-third-party-iframe.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::referrer):
+        (WebCore::Document::referrer const): Deleted.
+            Can no longer be const since it lazily downgrades and saves the referrer on read.
+        * dom/Document.h:
+
 2019-10-03  Devin Rousso  <drousso@apple.com>
 
         Web Inspector: remove `InspectorInstrumentationCookie`
index 00610ec..0fd0fa0 100644 (file)
@@ -58,6 +58,7 @@
 #include "DOMWindow.h"
 #include "DateComponents.h"
 #include "DebugPageOverlays.h"
+#include "DeprecatedGlobalSettings.h"
 #include "DocumentLoader.h"
 #include "DocumentMarkerController.h"
 #include "DocumentSharedObjectPool.h"
@@ -4842,11 +4843,22 @@ ExceptionOr<void> Document::setCookie(const String& value)
     return { };
 }
 
-String Document::referrer() const
+String Document::referrer()
 {
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
     if (!m_referrerOverride.isEmpty())
         return m_referrerOverride;
+    if (DeprecatedGlobalSettings::resourceLoadStatisticsEnabled() && frame()) {
+        auto referrerStr = frame()->loader().referrer();
+        if (!referrerStr.isEmpty()) {
+            URL referrerURL { URL(), referrerStr };
+            RegistrableDomain referrerRegistrableDomain { referrerURL };
+            if (!referrerRegistrableDomain.matches(securityOrigin().data())) {
+                m_referrerOverride = referrerURL.protocolHostAndPort();
+                return m_referrerOverride;
+            }
+        }
+    }
 #endif
     if (frame())
         return frame()->loader().referrer();
index 9c1163c..10e34d2 100644 (file)
@@ -916,7 +916,7 @@ public:
     WEBCORE_EXPORT ExceptionOr<String> cookie();
     WEBCORE_EXPORT ExceptionOr<void> setCookie(const String&);
 
-    WEBCORE_EXPORT String referrer() const;
+    WEBCORE_EXPORT String referrer();
 
     WEBCORE_EXPORT String origin() const final;