Resource Load Statistics: Downgrade all third-party referrer headers
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Sep 2019 05:13:10 +0000 (05:13 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Sep 2019 05:13:10 +0000 (05:13 +0000)
https://bugs.webkit.org/show_bug.cgi?id=201353
<rdar://problem/54895650>
Source/WebKit:

Majority of this patch was written by John Wilander <wilander@apple.com>.

Patch by Kate Cheney <katherine_cheney@apple.com> on 2019-09-26
Reviewed by Brent Fulgham.

When tracking protections are enabled, we should downgrade all third-party
referrers to their origins. Note that this downgrade will be specific to
Cocoa so other ports will have to adopt as they see fit.

Cocoa already does this downgrade in ephemeral sessions (shipping).

The majority of these changes are test infrastructure. The functional
change is in WebKit::NetworkDataTaskCocoa and WebKit::NetworkSession.

* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::setShouldDowngradeReferrerForTesting):
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcess.messages.in:
* NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::isResourceLoadStatisticsEnabled const):
(WebKit::NetworkSession::setShouldDowngradeReferrerForTesting):
(WebKit::NetworkSession::shouldDowngradeReferrer const):
* NetworkProcess/NetworkSession.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::isThirdPartyRequest const):
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::restrictRequestReferrerToOriginIfNeeded):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
(WebKit::NetworkDataTaskCocoa::isThirdPartyRequest): Deleted.
* UIProcess/API/C/WKWebsiteDataStoreRef.cpp:
(WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTesting):
(WKWebsiteDataStoreStatisticsResetToConsistentState):
* UIProcess/API/C/WKWebsiteDataStoreRef.h:
* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::setShouldDowngradeReferrerForTesting):
* UIProcess/Network/NetworkProcessProxy.h:
* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::setResourceLoadStatisticsShouldDowngradeReferrerForTesting):
* UIProcess/WebsiteData/WebsiteDataStore.h:

Tools:

Majority of this patch was written by John Wilander <wilander@apple.com>.

Patch by Kate Cheney <katherine_cheney@apple.com> on 2019-09-26
Reviewed by Brent Fulgham.

The changes to the TestRunner facilitates an opt-out for test cases
that either test the referrer mechanism explicitly or tests that
rely on the full referrer to be sent.

The new boolean variable and early return in
TestRunner::setStatisticsShouldDowngradeReferrer() prevent the same
event from trying to set multiple TestRunner callbacks.

* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::didReceiveMessageToPage):
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setStatisticsShouldDowngradeReferrer):
(WTR::TestRunner::statisticsCallDidSetShouldDowngradeReferrerCallback):
* WebKitTestRunner/InjectedBundle/TestRunner.h:
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::setStatisticsShouldDowngradeReferrer):
* WebKitTestRunner/TestController.h:
* WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):
(WTR::TestInvocation::didSetShouldDowngradeReferrer):
* WebKitTestRunner/TestInvocation.h:

LayoutTests:

Majority of this patch was written by John Wilander <wilander@apple.com>

Patch by Kate Cheney <katherine_cheney@apple.com> on 2019-09-26
Reviewed by Brent Fulgham.

The changes in the two http/tests/resourceLoadStatistics/strip-referrer-to-origin*
tests and the http/tests/navigation/ping-attribute/* tests are for the functional
change. The other changes are to make use of the new
testRunner.setStatisticsShouldDowngradeReferrer() to maintain earlier functionality.

TestRunner::setStatisticsShouldDowngradeReferrer() function is not
supported for mac-wk1, win or wincairo.

* http/tests/blink/sendbeacon/beacon-cross-origin-expected.txt:
* http/tests/navigation/ping-attribute/anchor-cross-origin.html:
* http/tests/navigation/ping-attribute/area-cross-origin.html:
* http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html:
* http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html:
* http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html:
* http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html:
* http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html:
* http/tests/referrer-policy-script/no-referrer/same-origin.html:
* http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html:
* http/tests/referrer-policy-script/origin/cross-origin-http-http.html:
* http/tests/referrer-policy-script/origin/cross-origin-http.https.html:
* http/tests/referrer-policy-script/origin/same-origin.html:
* http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-script/same-origin/same-origin.html:
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html:
* http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html:
* http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html:
* http/tests/referrer-policy-script/strict-origin/same-origin.html:
* http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html:
* http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html:
* http/tests/referrer-policy-script/unsafe-url/same-origin.html:
* http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html:
* http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html:
* http/tests/referrer-policy/no-referrer-when-downgrade/same-origin.html:
* http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html:
* http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html:
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html: Removed.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects-expected.txt: Renamed from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects-expected.txt.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html: Copied from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests-expected.txt: Renamed from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests-expected.txt.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html: Renamed from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php:
* http/tests/security/referrer-policy-header.html:
* platform/ios-wk2/TestExpectations:
* platform/ios/TestExpectations:
* platform/mac-wk1/TestExpectations:
* platform/mac-wk2/TestExpectations:
* platform/win/TestExpectations:
* platform/wincairo/TestExpectations:
* platform/wk2/TestExpectations:
* resources/testharnessreport.js:
* resources/js-test.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250413 268f45cc-cd09-0410-ab3c-d52691b4dbfc

73 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin.html
LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin.html
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html
LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin.html
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/origin/same-origin.html
LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin.html
LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin.html
LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html
LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/same-origin.html
LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html
LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html
LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [deleted file]
LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects-expected.txt [moved from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects-expected.txt with 60% similarity]
LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html [new file with mode: 0644]
LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests-expected.txt [moved from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests-expected.txt with 65% similarity]
LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html [moved from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html with 53% similarity]
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php
LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php
LayoutTests/http/tests/security/referrer-policy-header.html
LayoutTests/platform/ios-wk2/TestExpectations
LayoutTests/platform/ios/TestExpectations
LayoutTests/platform/mac-wk1/TestExpectations
LayoutTests/platform/mac-wk2/TestExpectations
LayoutTests/platform/win/TestExpectations
LayoutTests/platform/wincairo/TestExpectations
LayoutTests/platform/wk2/TestExpectations
LayoutTests/resources/js-test.js
LayoutTests/resources/testharnessreport.js
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkProcess.cpp
Source/WebKit/NetworkProcess/NetworkProcess.h
Source/WebKit/NetworkProcess/NetworkProcess.messages.in
Source/WebKit/NetworkProcess/NetworkSession.cpp
Source/WebKit/NetworkProcess/NetworkSession.h
Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp
Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.h
Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
Tools/ChangeLog
Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp
Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
Tools/WebKitTestRunner/TestController.cpp
Tools/WebKitTestRunner/TestController.h
Tools/WebKitTestRunner/TestInvocation.cpp
Tools/WebKitTestRunner/TestInvocation.h

index 65e4c62d4c9783608ec1b8dff1bb17bf9e17ebbd..0ee7e0a4f4cfa4f0a7091a267c19a27a14ec7551 100644 (file)
@@ -1,3 +1,71 @@
+2019-09-26  Kate Cheney  <katherine_cheney@apple.com>
+
+        Resource Load Statistics: Downgrade all third-party referrer headers
+        https://bugs.webkit.org/show_bug.cgi?id=201353
+        <rdar://problem/54895650>
+
+        Majority of this patch was written by John Wilander <wilander@apple.com>
+
+        Reviewed by Brent Fulgham. 
+
+        The changes in the two http/tests/resourceLoadStatistics/strip-referrer-to-origin*
+        tests and the http/tests/navigation/ping-attribute/* tests are for the functional 
+        change. The other changes are to make use of the new
+        testRunner.setStatisticsShouldDowngradeReferrer() to maintain earlier functionality.
+
+        TestRunner::setStatisticsShouldDowngradeReferrer() function is not
+        supported for mac-wk1, win or wincairo.
+
+        * http/tests/blink/sendbeacon/beacon-cross-origin-expected.txt:
+        * http/tests/navigation/ping-attribute/anchor-cross-origin.html:
+        * http/tests/navigation/ping-attribute/area-cross-origin.html:
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html:
+        * http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/no-referrer/same-origin.html:
+        * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html:
+        * http/tests/referrer-policy-script/origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/origin/same-origin.html:
+        * http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/same-origin/same-origin.html:
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html:
+        * http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/strict-origin/same-origin.html:
+        * http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html:
+        * http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html:
+        * http/tests/referrer-policy-script/unsafe-url/same-origin.html:
+        * http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html:
+        * http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html:
+        * http/tests/referrer-policy/no-referrer-when-downgrade/same-origin.html:
+        * http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html:
+        * http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html:
+        * http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html: Removed.
+        * http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects-expected.txt: Renamed from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects-expected.txt.
+        * http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html: Copied from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html.
+        * http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests-expected.txt: Renamed from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests-expected.txt.
+        * http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html: Renamed from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html.
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php:
+        * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php:
+        * http/tests/security/referrer-policy-header.html:
+        * platform/ios-wk2/TestExpectations:
+        * platform/ios/TestExpectations:
+        * platform/mac-wk1/TestExpectations:
+        * platform/mac-wk2/TestExpectations:
+        * platform/win/TestExpectations:
+        * platform/wincairo/TestExpectations:
+        * platform/wk2/TestExpectations:
+        * resources/testharnessreport.js:
+        * resources/js-test.js:
+
 2019-09-26  Eric Carlson  <eric.carlson@apple.com>
 
         REGRESSION (iOS 13): Trying to record just audio using HTML Media Capture crashes Safari
index 76c01a5e9bca57e12e170d3c9dbfe22c104cf2c3..a899827895b3701657e94eb1b3bc8b9f643735dd 100644 (file)
@@ -7,7 +7,7 @@ PASS navigator.sendBeacon("http://localhost:8000/blink/sendbeacon/resources/save
 PASS Beacon sent successfully
 PASS Content-Type: text/plain;charset=UTF-8
 PASS Origin: http://127.0.0.1:8000
-PASS Referer: http://127.0.0.1:8000/blink/sendbeacon/beacon-cross-origin.html
+PASS Referer: http://127.0.0.1:8000/
 PASS Request-Method: POST
 PASS Length: 11
 PASS Body: CrossOrigin
index 700479884e1a90d388ba638099c66176da901c6e..6dca8c17f8417260f688289830f2b4b1d18deaff 100644 (file)
@@ -10,6 +10,7 @@ var testCalled = false;
 function test() {
     if (!testCalled) {
         if (window.testRunner && window.internals) {
+            testRunner.setStatisticsShouldDowngradeReferrer(false, function () { });
             testRunner.dumpAsText();
             internals.settings.setHyperlinkAuditingEnabled(true);
             testRunner.waitUntilDone();
index 4e53f1477f27eb10b243ed1251d46d99f08c96ea..1891b3f48d2d16a15b7c8bf579cce3e565653e14 100644 (file)
@@ -5,6 +5,7 @@
 <script>
 if (window.testRunner && window.internals) {
     testRunner.dumpAsText();
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { });
     internals.settings.setHyperlinkAuditingEnabled(true);
     testRunner.waitUntilDone();
 }
index f3e7b2a3437df840991ea213cc45986081f5ac4c..4e66522873f51e2939f239dbc8f549586c0af999 100644 (file)
@@ -3,7 +3,7 @@
 <head>
 <script src="/js-test-resources/js-test.js"></script>
 </head>
-<body>
+<body onload="runTest()">
 <script>
 description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin.");
 jsTestIsAsync = true;
@@ -14,7 +14,14 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html");
     finishJSTest();
 }
+
+function runTest() {
+    if (window.testRunner) {
+        setTimeout(function() {
+            testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('no-referrer-when-downgrade', 'localhost')});
+        }, 1000);
+    }
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer-when-downgrade"></script>
 </body>
 </html>
index 4b77685c13dd46a1d6221c5c3eb6c92e7b89e31f..dcf4f6ae95c135c5961d31641270e866ab246388 100644 (file)
@@ -17,7 +17,11 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+      downgradeReferrerCallback('no-referrer-when-downgrade', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer-when-downgrade"></script>
 </body>
 </html>
index 0fb8e436ff2781e6d068431954b2aace10d2de89..f82d6fe4b2a04803271a235519b97e53f85327ba 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/same-origin.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('no-referrer-when-downgrade', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy=no-referrer-when-downgrade"></script>
 </body>
 </html>
index f79f9b61c9f3996213adcd0a7240592429640093..f06c8c9cd9b2bc37d6593f2c10ca04709f3ded06 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('no-referrer', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script>
 </body>
 </html>
index 12443dcade0614fba12685fa65bf1e3da1b79745..f268cb9e9cd9218e0c6d3e43884f1f004141be4d 100644 (file)
@@ -17,7 +17,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function() { downgradeReferrerCallback('no-referrer', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script>
 </body>
 </html>
index 34283123d5b51fd97690a1d6cc27264e0d14c7c9..d875f4f7834b3945fc809213d93ed27c21170ccb 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('no-referrer', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script>
 </body>
 </html>
index 839205746f89739bc87cc9c8794168cb475f2628..0b6bd640626b8e915270fa7e5e2e24a0b3bdda5f 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('origin-when-cross-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script>
 </body>
 </html>
index dbf29e443dd49f1c414648f8bae4303814129e79..1cd17a2d2fbe34a53d7cce0680fd9753b0f056a7 100644 (file)
@@ -17,7 +17,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('origin-when-cross-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script>
 </body>
 </html>
index f0ba675f82653d330902432350d2c9aafa1ce12a..7a23c901dcb0704fe517d25b6f2a03a41c043f36 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/origin-when-cross-origin/same-origin.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('origin-when-cross-origin', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script>
 </body>
 </html>
index 38335b77e3880e9c094eb221deb9eb467f64b024..90018b8957ec8e99e6d452fd810194093250579f 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script>
 </body>
 </html>
index c34cb09a8f319d2d5c4143bf98a30624bfcfe4f4..070bb56996862c512e045cb26930ed91c27c4d31 100644 (file)
@@ -17,7 +17,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script>
 </body>
 </html>
index 260ac6212fda5d2fcd1ac41471bc18e502afd05e..1bcb7c8166d360b72a9d0da81141802a5b824515 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('origin', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script>
 </body>
 </html>
index 8b73c72d77540536b52ac74a4ee2d2ba3f5dcd52..4fdc0423c5ad4b78088c2e921c7a11814703a364 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('same-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script>
 </body>
 </html>
index c0917d7ec8a0b028384df2f6c758135ca7d35c0b..d9a6d822720fe7acea3ad2dd5e4f69b1a545703f 100644 (file)
@@ -17,7 +17,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('same-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script>
 </body>
 </html>
index 10c03270caa5a02a420505ee43f815747259eb27..e0f169f1ec8475b9a70484cba19e713b0bae4f36 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/same-origin/same-origin.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('same-origin', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script>
 </body>
 </html>
index d0706b9a69d2d5a1e5340403a4f45fb60de92f97..2aac82cbb3d041eb8766134f8ffc598ec77acbcc 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('strict-origin-when-cross-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script>
 </body>
 </html>
index d46b02a5ad0a6efa0e0c334e8231c9e234877428..c531c034a475645677bfcc4b0e111a8e7e8a1456 100644 (file)
@@ -17,7 +17,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('strict-origin-when-top-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script>
 </body>
 </html>
index 3bd3f4d4910a9cb37c32b7dd5dd02a1f06e00406..65856f7cf840c05d4b928e17007c46ea54a1dfa3 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('strict-origin-when-cross-origin', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script>
 </body>
 </html>
index 2692961facdd35155298f5d9b13f5c818068a022..38bee471a20115c3ffe34ebd00f70cf90c4ed5a1 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('strict-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script>
 </body>
 </html>
index 541c3708c87c80cf66b27c03e0c71ec82e0b47b2..d321680ecdc8d0511749a9d7e4ddc0ed9847d9e0 100644 (file)
@@ -17,7 +17,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('strict-origin', 'localhost')});
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script>
 </body>
 </html>
index 21ee31156944ccc1cf3c1031f95080bde3eda7fd..b977f561fdfa8a663e919abf72cdf583c206327e 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('strict-origin', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script>
 </body>
 </html>
index 71e1bfa589bf04404aa563fb8fda9d33c0481b94..5924817d05b728bcc5526cd826aa2499212ab5c5 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/cross-origin-http-http.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('unsafe-url', 'localhost') });
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="unsaf-url"></script>
 </body>
 </html>
index 0c1ac03405ff6eea419bf74ca54b041e253772ee..9664cd81244cde814a9ca48e87b42215370ce112 100644 (file)
@@ -17,7 +17,12 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/referrer-policy-script/unsafe-url/cross-origin-http.https.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        downgradeReferrerCallback('unsafe-url', 'localhost');
+    });
+}
 </script>
-<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="unsafe-url"></script>
 </body>
 </html>
index e5eddebb77d7feb6dba196537957c0e7b22b4a61..7b69d159a8ffc0a62e2fae6b3adc5bdc01de9c4e 100644 (file)
@@ -14,7 +14,10 @@ function checkReferrer(value) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/same-origin.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () { downgradeReferrerCallback('unsafe-url', '127.0.0.1')});
+}
 </script>
-<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="unsafe-url"></script>
 </body>
 </html>
index 08086d0d6d43947bdb8846d165c4a0964f59d24b..4c94f1dea4dd36b6d15f167fc67d3ea00a96e403 100644 (file)
@@ -15,7 +15,14 @@ window.onmessage = function(event) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/no-referrer-when-downgrade/cross-origin-http-http.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        let iframeElement = document.createElement("iframe");
+        iframeElement.src = "http://localhost:8000/referrer-policy/resources/document.html";
+        document.body.appendChild(iframeElement);
+    });
+}
 </script>
-<iframe src="http://localhost:8000/referrer-policy/resources/document.html"></iframe>
 </body>
 </html>
index ab4b2e2aa9cc7b10f0e232ce8cf56dae3ea14274..d6051ceadc2e715fe8f2cccc5dd92c64d56c8edb 100644 (file)
@@ -18,7 +18,14 @@ window.onmessage = function(event) {
     shouldBeEqualToString("referrer", "");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        let iframeElement = document.createElement("iframe");
+        iframeElement.src = "http://localhost:8000/referrer-policy/resources/document.html";
+        document.body.appendChild(iframeElement);
+    });
+}
 </script>
-<iframe src="http://localhost:8000/referrer-policy/resources/document.html"></iframe>
 </body>
 </html>
index a39e691ad776026ca3673aec4f759cd9e4b75a64..7a205d7395fcbb8719831f80d5be61623af7caba 100644 (file)
@@ -15,7 +15,14 @@ window.onmessage = function(event) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/no-referrer-when-downgrade/same-origin.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        let iframeElement = document.createElement("iframe");
+        iframeElement.src = "http://127.0.0.1:8000/referrer-policy/resources/document.html";
+        document.body.appendChild(iframeElement);
+    });
+}
 </script>
-<iframe src="http://127.0.0.1:8000/referrer-policy/resources/document.html"></iframe>
 </body>
 </html>
index 36eeb63960e91dd7e228aa64d5f4c0d586654c02..bba42ba88b7a24e49e73299fb207ef9ded0a8883 100644 (file)
@@ -15,7 +15,14 @@ window.onmessage = function(event) {
     shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy/unsafe-url/cross-origin-http-http.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        let iframeElement = document.createElement("iframe");
+        iframeElement.src = "http://localhost:8000/referrer-policy/resources/document.html";
+        document.body.appendChild(iframeElement);
+    });
+}
 </script>
-<iframe src="http://localhost:8000/referrer-policy/resources/document.html"></iframe>
 </body>
 </html>
index 4c391a391772622e6034c74f778ea30d376c370e..ffcd6e741ba391e0266db0d77a9d6be18c786662 100644 (file)
@@ -18,7 +18,14 @@ window.onmessage = function(event) {
     shouldBeEqualToString("referrer", "https://127.0.0.1:8443/referrer-policy/unsafe-url/cross-origin-http.https.html");
     finishJSTest();
 }
+
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        let iframeElement = document.createElement("iframe");
+        iframeElement.src = "http://localhost:8000/referrer-policy/resources/document.html";
+        document.body.appendChild(iframeElement);
+    });
+}
 </script>
-<iframe src="http://localhost:8000/referrer-policy/resources/document.html"></iframe>
 </body>
 </html>
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html b/LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html
deleted file mode 100644 (file)
index cd7c9cc..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script src="resources/util.js"></script>
-</head>
-<body>
-<script>
-    description("Tests that only the origin is sent as referrer for prevalent resources without user interaction.");
-    jsTestIsAsync = true;
-    testRunner.dumpChildFramesAsText();
-
-    function openIframe(url, onLoadHandler) {
-        const element = document.createElement("iframe");
-        element.src = url;
-        if (onLoadHandler) {
-            element.onload = onLoadHandler;
-        }
-        document.body.appendChild(element);
-    }
-
-    var referrer;
-    setEnableFeature(true, function() {
-        if (testRunner.isStatisticsPrevalentResource("http://localhost"))
-            testFailed("Localhost was classified as prevalent resource before the test started.");
-
-        fetch("resources/echo-referrer.php").then(function(response) {
-            return response.text();
-        }).then(function(data) {
-            referrer = data;
-            shouldBeEqualToString("referrer", "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html");
-
-            testRunner.setStatisticsPrevalentResource("http://localhost", true, function() {
-                if (!testRunner.isStatisticsPrevalentResource("http://localhost"))
-                    testFailed("Host did not get set as prevalent resource.");
-
-                testRunner.statisticsUpdateCookieBlocking(function() {
-                    fetch("http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php").then(function(response) {
-                        return response.text();
-                    }).then(function(data) {
-                        referrer = data;
-                        shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
-
-                        openIframe("resources/redirect.php?redirectTo=http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php", function() {
-                            setEnableFeature(false, finishJSTest);
-                        });
-
-                    }).catch(function(error) {
-                        console.log(error.message);
-                        setEnableFeature(false, finishJSTest);
-                    });
-                });
-            });
-        }).catch(function(error) {
-            console.log(error.message);
-            setEnableFeature(false, finishJSTest);
-        });
-    });
-</script>
-</body>
-</html>
@@ -1,9 +1,9 @@
-Tests that only the origin is sent as referrer in redirects to prevalent resources without user interaction.
+Tests that only the origin is sent as referrer in redirects to third-parties.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
 
 
-PASS referrer is "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html"
+PASS referrer is "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html"
 PASS successfullyParsed is true
 
 TEST COMPLETE
diff --git a/LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html b/LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html
new file mode 100644 (file)
index 0000000..24b557d
--- /dev/null
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/js-test-resources/js-test.js"></script>
+    <script src="resources/util.js"></script>
+</head>
+<body>
+<script>
+    description("Tests that only the origin is sent as referrer in redirects to third-parties.");
+    jsTestIsAsync = true;
+    testRunner.dumpChildFramesAsText();
+
+    function openIframe(url, onLoadHandler) {
+        const element = document.createElement("iframe");
+        element.src = url;
+        if (onLoadHandler) {
+            element.onload = onLoadHandler;
+        }
+        document.body.appendChild(element);
+    }
+
+    let referrer;
+    setEnableFeature(true, function() {
+        fetch("resources/echo-referrer.php").then(function(response) {
+            return response.text();
+        }).then(function(data) {
+            referrer = data;
+            shouldBeEqualToString("referrer", "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html");
+
+            openIframe("resources/redirect.php?redirectTo=http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php", function () {
+                setEnableFeature(false, finishJSTest);
+            });
+        }).catch(function(error) {
+            console.log(error.message);
+            setEnableFeature(false, finishJSTest);
+        });
+    });
+</script>
+</body>
+</html>
@@ -1,9 +1,9 @@
-Tests that only the origin is sent as referrer for prevalent resources without user interaction.
+Tests that only the origin is sent as referrer for third-party requests.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
 
 
-PASS referrer is "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html"
+PASS referrer is "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html"
 PASS referrer is "http://127.0.0.1:8000/"
 PASS successfullyParsed is true
 
similarity index 53%
rename from LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html
rename to LayoutTests/http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html
index 5d7a3bc781c01c97684e1b0dfb9301fb95469948..49f87cb627aff336d46af8caad38fe8364e97b63 100644 (file)
@@ -6,7 +6,7 @@
 </head>
 <body>
 <script>
-    description("Tests that only the origin is sent as referrer in redirects to prevalent resources without user interaction.");
+    description("Tests that only the origin is sent as referrer for third-party requests.");
     jsTestIsAsync = true;
     testRunner.dumpChildFramesAsText();
 
         document.body.appendChild(element);
     }
 
-    var referrer;
+    let referrer;
     setEnableFeature(true, function() {
-        if (testRunner.isStatisticsPrevalentResource("http://localhost"))
-            testFailed("Localhost was classified as prevalent resource before the test started.");
-
         fetch("resources/echo-referrer.php").then(function(response) {
             return response.text();
         }).then(function(data) {
             referrer = data;
-            shouldBeEqualToString("referrer", "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html");
+            shouldBeEqualToString("referrer", "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html");
 
-            testRunner.setStatisticsPrevalentResource("http://localhost", true, function() {
-                if (!testRunner.isStatisticsPrevalentResource("http://localhost"))
-                    testFailed("Host did not get set as prevalent resource.");
+            fetch("http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php").then(function(response) {
+                return response.text();
+            }).then(function(data) {
+                referrer = data;
+                shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
 
-                testRunner.statisticsUpdateCookieBlocking(function() {
-                    openIframe("resources/redirect.php?redirectTo=http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php", function() {
-                        setEnableFeature(false, finishJSTest);
-                    });
+                openIframe("resources/redirect.php?redirectTo=http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php", function() {
+                    setEnableFeature(false, finishJSTest);
                 });
+
+            }).catch(function(error) {
+                console.log(error.message);
+                setEnableFeature(false, finishJSTest);
             });
         }).catch(function(error) {
             console.log(error.message);
index eb7821eb590804b998b3f3ebee941bddd24bbc49..01bd6227fc6d55702479d4d71a75a35a3745d54d 100644 (file)
@@ -6,15 +6,25 @@
 <html>
 <body>
 <script>
-    var xhr = new XMLHttpRequest();
-    xhr.open("GET", "http://localhost:8080/cookies/resources/setCookies.cgi", false);
-    xhr.setRequestHeader("SET-COOKIE", "hello=world;path=/");
-    xhr.send(null);
-</script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
 
-<!-- This image will generate a CSP violation report. -->
-<img src="/security/resources/abe.png">
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        var xhr = new XMLHttpRequest();
+        xhr.open("GET", "http://localhost:8080/cookies/resources/setCookies.cgi", false);
+        xhr.setRequestHeader("SET-COOKIE", "hello=world;path=/");
+        xhr.send(null);
 
-<script src="resources/go-to-echo-report.js"></script>
+        // This image will generate a CSP violation report.
+        let imgElement = document.createElement("img");
+        imgElement.onload = imgElement.onerror = function () {
+            window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
+        };
+        imgElement.src = "/security/resources/abe.png";
+        document.body.appendChild(imgElement);
+    });
+}
+</script>
 </body>
 </html>
index 62d3180819e9cb76f507efc7510f85e05a917a5c..a5a3f74a2fed2ce592d29d3a873e019eff127426 100644 (file)
@@ -5,15 +5,25 @@
 <html>
 <body>
 <script>
-    var xhr = new XMLHttpRequest();
-    xhr.open("GET", "http://localhost:8080/cookies/resources/setCookies.cgi", false);
-    xhr.setRequestHeader("SET-COOKIE", "hello=world;path=/");
-    xhr.send(null);
-</script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
 
-<!-- This image will generate a CSP violation report. -->
-<img src="/security/resources/abe.png">
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        var xhr = new XMLHttpRequest();
+        xhr.open("GET", "http://localhost:8080/cookies/resources/setCookies.cgi", false);
+        xhr.setRequestHeader("SET-COOKIE", "hello=world;path=/");
+        xhr.send(null);
 
-<script src="resources/go-to-echo-report.js"></script>
+        // This image will generate a CSP violation report.
+        let imgElement = document.createElement("img");
+        imgElement.onload = imgElement.onerror = function () {
+            window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
+        };
+        imgElement.src = "/security/resources/abe.png";
+        document.body.appendChild(imgElement);
+    });
+}
+</script>
 </body>
 </html>
index 95ad042e1678c0e9fd40a10814043104336bc57c..0a14bc34d55adb398e647006f16447a3863aacc6 100644 (file)
@@ -82,7 +82,11 @@ function runNextTest()
     document.body.appendChild(frame);    
 }
 
-runNextTest();
+if (window.testRunner) {
+    testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
+        runNextTest();
+    });
+}
 </script>
 </body>
 </html>
index 37b24372bd853986601fc4c5eaacbc99dbdb02a8..d7e98a9b0ec16eb5cbe7fb7360172b16bbe45834 100644 (file)
@@ -67,6 +67,10 @@ http/tests/webAPIStatistics [ Skip ]
 scrollingcoordinator/non-fast-scrollable-region-scaled-iframe.html [ Skip ]
 scrollingcoordinator/non-fast-scrollable-region-transformed-iframe.html [ Skip ]
 
+# Cocoa-specific
+http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html [ Pass ]
+http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html [ Pass ]
+
 #//////////////////////////////////////////////////////////////////////////////////////////
 # End platform-specific directories.
 #//////////////////////////////////////////////////////////////////////////////////////////
index 9c9471afc147e3213a81f2f0748663b166f2aeb2..412fb236a87f42c2419e5ce6fcc35f3bb710ffb4 100644 (file)
@@ -2793,8 +2793,8 @@ http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html [ Pass
 http/tests/resourceLoadStatistics/grandfathering.html [ Pass ]
 http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store.html [ Pass ]
 http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store-one-hour.html [ Pass ]
-http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html [ Pass ]
-http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [ Pass ]
+http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html [ Pass ]
+http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html [ Pass ]
 http/tests/storageAccess/deny-storage-access-under-opener.html [ Pass ]
 http/tests/storageAccess/deny-storage-access-under-opener-if-auto-dismiss.html [ Pass ]
 http/tests/resourceLoadStatistics/cap-cache-max-age-for-prevalent-resource.html [ Pass ]
index 84df856e9571dd4d7decfa456d5eb81911d47256..b00cbd6e928d025bb36c364f4015a371a92e5ab5 100644 (file)
@@ -132,6 +132,17 @@ http/tests/security/contentSecurityPolicy/connect-src-beacon-allowed.html [ Skip
 http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html [ Skip ]
 http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.php [ Skip ]
 
+# testRunner.setStatisticsShouldDowngradeReferrer() is not supported on WK1
+http/tests/referrer-policy-script/ [ Skip ]
+http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php [ Skip ] 
+http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php [ Skip ] 
+http/tests/security/referrer-policy-header.html [ Skip ] 
+http/tests/navigation/ping-attribute/area-cross-origin.html [ Skip ] 
+http/tests/navigation/ping-attribute/anchor-cross-origin.html [ Skip ] 
+http/tests/referrer-policy/no-referrer-when-downgrade/ [ Skip ] 
+http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html [ Skip ] 
+http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html [ Skip ] 
+
 # Not supported on WK1
 http/tests/intersection-observer [ Skip ]
 imported/w3c/web-platform-tests/intersection-observer [ Skip ]
index db1da1b82bdab7051098f78f24e75526030b80cb..200ee9ae51b4d4acda27fa958eee267ea84e043e 100644 (file)
@@ -774,13 +774,11 @@ webkit.org/b/185994 fast/text/user-installed-fonts/shadow-postscript-family.html
 [ HighSierra+ ] http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store.html [ Pass ]
 [ HighSierra+ ] http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store-one-hour.html [ Pass ]
 [ HighSierra+ ] http/tests/resourceLoadStatistics/grandfathering.html [ Pass ]
-[ HighSierra+ ] http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html [ Pass ]
-[ HighSierra+ ] http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [ Pass ]
+[ HighSierra+ ] http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html [ Pass ]
+[ HighSierra+ ] http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html [ Pass ]
 [ HighSierra+ ] http/tests/resourceLoadStatistics/cap-cache-max-age-for-prevalent-resource.html [ Pass ]
 
 # Skipped in general expectations since they only work on iOS and Mac, WK2.
-http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html [ Pass ]
-http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html [ Pass ]
 media/deactivate-audio-session.html [ Pass ]
 
 # Link preconnect is disabled on pre-High Sierra because the CFNetwork SPI is missing.
index c512ca0f80afc3362fc64d1efd7d5fe872d3e76a..6c5047aef83b0bbba939aa35691a9714a6951506 100644 (file)
@@ -142,6 +142,15 @@ http/tests/misc/willCacheResponse-delegate-callback.html [ Skip ]
 # testRunner.setAlwaysAcceptCookies() is not implemented on Windows.
 http/tests/xmlhttprequest/cross-origin-cookie-storage.html [ Skip ]
 
+# testRunner.setStatisticsShouldDowngradeReferrer() is not supported on Windows
+http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php [ Skip ] 
+http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php [ Skip ] 
+http/tests/navigation/ping-attribute/area-cross-origin.html [ Skip ] 
+http/tests/navigation/ping-attribute/anchor-cross-origin.html [ Skip ] 
+http/tests/referrer-policy/no-referrer-when-downgrade/ [ Skip ] 
+http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html [ Skip ] 
+http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html [ Skip ] 
+
 # Dark mode not supported on Windows
 css-dark-mode [ Skip ]
 
index b1ea2be950db214d340da0ac3bf65e2162ece875..a7e5c72b787a53615121f790189424caaba2eb2f 100644 (file)
@@ -936,6 +936,16 @@ http/tests/quicklook [ Skip ]
 http/tests/referrer-policy-iframe [ Skip ]
 http/tests/referrer-policy-script [ Skip ]
 
+# testRunner.setStatisticsShouldDowngradeReferrer() is not supported
+http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php [ Skip ] 
+http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php [ Skip ] 
+http/tests/security/referrer-policy-header.html [ Skip ] 
+http/tests/navigation/ping-attribute/area-cross-origin.html [ Skip ] 
+http/tests/navigation/ping-attribute/anchor-cross-origin.html [ Skip ] 
+http/tests/referrer-policy/no-referrer-when-downgrade/ [ Skip ] 
+http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html [ Skip ] 
+http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html [ Skip ] 
+
 # All timing out
 http/tests/resourceLoadStatistics [ Skip ]
 
index 384afb5db5026992e34dce6646e4c775bdbae070..e3fabbd31bd1163792047d632cc8af6e0108134a 100644 (file)
@@ -743,8 +743,8 @@ http/tests/websocket/connection-refusal-in-frame-resource-load-statistics.html [
 # These are only supported behind a compile time flag in macOS High Sierra + iOS 11, and above.
 http/tests/resourceLoadStatistics/cookie-deletion.html [ Skip ]
 http/tests/resourceLoadStatistics/cookies-with-and-without-user-interaction.html [ Skip ]
-http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html [ Skip ]
-http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [ Skip ]
+http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-redirects.html [ Skip ]
+http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-third-party-requests.html [ Skip ]
 http/tests/resourceLoadStatistics/add-blocking-to-redirect.html [ Skip ]
 http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html [ Skip ]
 http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html [ Skip ]
index e056492b5f78890b51fd478a7b214ddf9736b2de..68a456a83c6499f94efbb921483832d325c213cb 100644 (file)
@@ -895,3 +895,10 @@ if (isWorker()) {
         workerPort.postMessage(msg);
     };
 }
+
+function downgradeReferrerCallback(policy, host) {
+    let scriptElement = document.createElement("script");
+    scriptElement.src = "http://".concat(host, ":8000/referrer-policy/resources/script.php");
+    scriptElement.referrerPolicy = policy;
+    document.body.appendChild(scriptElement);
+}
index d9842f88f3a80143b673e1520f59174afde8458a..bcb7afb153a2603454ffdc64f5252e391c6d504f 100644 (file)
@@ -27,6 +27,9 @@ if (self.testRunner) {
         self.AudioContext = self.webkitAudioContext;
         self.OfflineAudioContext = self.webkitOfflineAudioContext;
     }
+
+    if (testRunner.setStatisticsShouldDowngradeReferrer) 
+       testRunner.setStatisticsShouldDowngradeReferrer(false, function() { });
 }
 
 if (self.internals && internals.setDisableGetDisplayMediaUserGestureConstraint)
index 19e235b3d97909a1cd24559255f669ceea4cf089..f03686ce70ad81638c3d487808bed8fee5444d72 100644 (file)
@@ -1,3 +1,49 @@
+2019-09-26  Kate Cheney  <katherine_cheney@apple.com>
+
+        Resource Load Statistics: Downgrade all third-party referrer headers
+        https://bugs.webkit.org/show_bug.cgi?id=201353
+        <rdar://problem/54895650>
+        
+        Majority of this patch was written by John Wilander <wilander@apple.com>.
+
+        Reviewed by Brent Fulgham. 
+
+        When tracking protections are enabled, we should downgrade all third-party
+        referrers to their origins. Note that this downgrade will be specific to
+        Cocoa so other ports will have to adopt as they see fit.
+
+        Cocoa already does this downgrade in ephemeral sessions (shipping).
+
+        The majority of these changes are test infrastructure. The functional
+        change is in WebKit::NetworkDataTaskCocoa and WebKit::NetworkSession.
+
+        * NetworkProcess/NetworkProcess.cpp:
+        (WebKit::NetworkProcess::setShouldDowngradeReferrerForTesting):
+        * NetworkProcess/NetworkProcess.h:
+        * NetworkProcess/NetworkProcess.messages.in:
+        * NetworkProcess/NetworkSession.cpp:
+        (WebKit::NetworkSession::isResourceLoadStatisticsEnabled const):
+        (WebKit::NetworkSession::setShouldDowngradeReferrerForTesting):
+        (WebKit::NetworkSession::shouldDowngradeReferrer const):
+        * NetworkProcess/NetworkSession.h:
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+        (WebKit::NetworkDataTaskCocoa::isThirdPartyRequest const):
+        (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
+        (WebKit::NetworkDataTaskCocoa::restrictRequestReferrerToOriginIfNeeded):
+        (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
+        (WebKit::NetworkDataTaskCocoa::isThirdPartyRequest): Deleted.
+        * UIProcess/API/C/WKWebsiteDataStoreRef.cpp:
+        (WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTesting):
+        (WKWebsiteDataStoreStatisticsResetToConsistentState):
+        * UIProcess/API/C/WKWebsiteDataStoreRef.h:
+        * UIProcess/Network/NetworkProcessProxy.cpp:
+        (WebKit::NetworkProcessProxy::setShouldDowngradeReferrerForTesting):
+        * UIProcess/Network/NetworkProcessProxy.h:
+        * UIProcess/WebsiteData/WebsiteDataStore.cpp:
+        (WebKit::WebsiteDataStore::setResourceLoadStatisticsShouldDowngradeReferrerForTesting):
+        * UIProcess/WebsiteData/WebsiteDataStore.h:
+
 2019-09-26  Eric Carlson  <eric.carlson@apple.com>
 
         REGRESSION (iOS 13): Trying to record just audio using HTML Media Capture crashes Safari
index e218737f0947d5d1b5ac65b82002fe29168ada17..4611a7347d4905366511838540485ce73b068e0d 100644 (file)
@@ -1242,6 +1242,14 @@ void NetworkProcess::hasIsolatedSession(PAL::SessionID sessionID, const WebCore:
         result = networkSession->hasIsolatedSession(domain);
     completionHandler(result);
 }
+
+void NetworkProcess::setShouldDowngradeReferrerForTesting(bool enabled, CompletionHandler<void()>&& completionHandler)
+{
+    forEachNetworkSession([enabled](auto& networkSession) {
+        networkSession.setShouldDowngradeReferrerForTesting(enabled);
+    });
+    completionHandler();
+}
 #endif // ENABLE(RESOURCE_LOAD_STATISTICS)
 
 bool NetworkProcess::sessionIsControlledByAutomation(PAL::SessionID sessionID) const
index bf5db7ffb3fa1fa3967ae6453f16b7fc4abd51da..9d56f1a30849df5d2e931359aaa8480d28f64e77 100644 (file)
@@ -265,6 +265,7 @@ public:
     void resetCrossSiteLoadsWithLinkDecorationForTesting(PAL::SessionID, CompletionHandler<void()>&&);
     void hasIsolatedSession(PAL::SessionID, const WebCore::RegistrableDomain&, CompletionHandler<void(bool)>&&) const;
     bool isITPDatabaseEnabled() const { return m_isITPDatabaseEnabled; }
+    void setShouldDowngradeReferrerForTesting(bool, CompletionHandler<void()>&&);
 #endif
 
     using CacheStorageRootPathCallback = CompletionHandler<void(String&&)>;
index c9e1aeabc695f5fafaf7b7b444ba26550cc6db9c..032f9f4e976799095cf44499f0fe6b62a7acba64 100644 (file)
@@ -137,6 +137,7 @@ messages -> NetworkProcess LegacyReceiver {
     ResetCrossSiteLoadsWithLinkDecorationForTesting(PAL::SessionID sessionID) -> () Async
     DeleteCookiesForTesting(PAL::SessionID sessionID, WebCore::RegistrableDomain domain, bool includeHttpOnlyCookies) -> () Async
     HasIsolatedSession(PAL::SessionID sessionID, WebCore::RegistrableDomain domain) -> (bool hasIsolatedSession) Async
+    SetShouldDowngradeReferrerForTesting(bool enabled) -> () Async
 #endif
 
     SetSessionIsControlledByAutomation(PAL::SessionID sessionID, bool controlled);
index e5fdaf47b9a99152887538fb28081815686e9fa7..0902869cecf33cad83f96efc8a4b9cd9a3d56f7d 100644 (file)
@@ -175,6 +175,11 @@ void NetworkSession::recreateResourceLoadStatisticStore()
     m_resourceLoadStatistics = WebResourceLoadStatisticsStore::create(*this, m_resourceLoadStatisticsDirectory, m_shouldIncludeLocalhostInResourceLoadStatistics);
 }
 
+bool NetworkSession::isResourceLoadStatisticsEnabled() const
+{
+    return !!m_resourceLoadStatistics;
+}
+
 void NetworkSession::notifyResourceLoadStatisticsProcessed()
 {
     m_networkProcess->parentProcessConnection()->send(Messages::NetworkProcessProxy::NotifyResourceLoadStatisticsProcessed(), 0);
@@ -199,6 +204,17 @@ void NetworkSession::registrableDomainsWithWebsiteData(OptionSet<WebsiteDataType
 {
     m_networkProcess->registrableDomainsWithWebsiteData(m_sessionID, dataTypes, shouldNotifyPage, WTFMove(completionHandler));
 }
+
+void NetworkSession::setShouldDowngradeReferrerForTesting(bool enabled)
+{
+    m_downgradeReferrer = enabled;
+}
+
+bool NetworkSession::shouldDowngradeReferrer() const
+{
+    return m_downgradeReferrer;
+}
+
 #endif // ENABLE(RESOURCE_LOAD_STATISTICS)
 
 void NetworkSession::storeAdClickAttribution(WebCore::AdClickAttribution&& adClickAttribution)
index 53e9ff7dcf58f6ccbf21f432843863971e2d20b4..b182c698fd85f42967b337c743574718397b15b4 100644 (file)
@@ -85,6 +85,7 @@ public:
     WebResourceLoadStatisticsStore* resourceLoadStatistics() const { return m_resourceLoadStatistics.get(); }
     void setResourceLoadStatisticsEnabled(bool);
     void recreateResourceLoadStatisticStore();
+    bool isResourceLoadStatisticsEnabled() const;
     void notifyResourceLoadStatisticsProcessed();
     void deleteWebsiteDataForRegistrableDomains(OptionSet<WebsiteDataType>, Vector<std::pair<WebCore::RegistrableDomain, WebsiteDataToRemove>>&&, bool shouldNotifyPage, CompletionHandler<void(const HashSet<WebCore::RegistrableDomain>&)>&&);
     void registrableDomainsWithWebsiteData(OptionSet<WebsiteDataType>, bool shouldNotifyPage, CompletionHandler<void(HashSet<WebCore::RegistrableDomain>&&)>&&);
@@ -95,6 +96,8 @@ public:
     bool shouldIsolateSessionsForPrevalentTopFrames() const { return m_enableResourceLoadStatisticsNSURLSessionSwitching == EnableResourceLoadStatisticsNSURLSessionSwitching::Yes; }
     virtual bool hasIsolatedSession(const WebCore::RegistrableDomain) const { return false; }
     virtual void clearIsolatedSessions() { }
+    void setShouldDowngradeReferrerForTesting(bool);
+    bool shouldDowngradeReferrer() const;
 #endif
     void storeAdClickAttribution(WebCore::AdClickAttribution&&);
     void handleAdClickAttributionConversion(WebCore::AdClickAttribution::Conversion&&, const URL& requestURL, const WebCore::ResourceRequest& redirectRequest);
@@ -137,6 +140,7 @@ protected:
     WebCore::RegistrableDomain m_resourceLoadStatisticsManualPrevalentResource;
     EnableResourceLoadStatisticsNSURLSessionSwitching m_enableResourceLoadStatisticsNSURLSessionSwitching { EnableResourceLoadStatisticsNSURLSessionSwitching::No };
     bool m_enableResourceLoadStatisticsLogTestingEvent;
+    bool m_downgradeReferrer { true };
 #endif
     UniqueRef<AdClickAttributionManager> m_adClickAttribution;
 
index 43ad6f1de41c5161dd9db3b69af91ca3f7ab2433..945a52ada942c6871805357f19c055cab1d60ff0 100644 (file)
@@ -80,13 +80,13 @@ private:
     bool tryPasswordBasedAuthentication(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&);
     void applySniffingPoliciesAndBindRequestToInferfaceIfNeeded(__strong NSURLRequest*&, bool shouldContentSniff, bool shouldContentEncodingSniff);
 
-    void restrictRequestReferrerToOriginIfNeeded(WebCore::ResourceRequest&, bool shouldBlockCookies);
+    void restrictRequestReferrerToOriginIfNeeded(WebCore::ResourceRequest&);
 
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
     static NSHTTPCookieStorage *statelessCookieStorage();
     void blockCookies();
 #endif
-    bool isThirdPartyRequest(const WebCore::ResourceRequest&);
+    bool isThirdPartyRequest(const WebCore::ResourceRequest&) const;
     bool isAlwaysOnLoggingAllowed() const;
 
     RefPtr<SandboxExtension> m_sandboxExtension;
index a4efa9fba464a95040f3ada0d8bed01e9ed40815..77a220f0e788cc6177e02352d3fdc6a3e23797a3 100644 (file)
@@ -144,7 +144,7 @@ void NetworkDataTaskCocoa::blockCookies()
 }
 #endif
 
-bool NetworkDataTaskCocoa::isThirdPartyRequest(const WebCore::ResourceRequest& request)
+bool NetworkDataTaskCocoa::isThirdPartyRequest(const WebCore::ResourceRequest& request) const
 {
     return !WebCore::areRegistrableDomainsEqual(request.url(), request.firstPartyForCookies());
 }
@@ -216,7 +216,7 @@ NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataT
         needsIsolatedSession = session.shouldIsolateSessionsForPrevalentTopFrames() && networkStorageSession->shouldBlockThirdPartyCookiesButKeepFirstPartyCookiesFor(firstParty);
     }
 #endif
-    restrictRequestReferrerToOriginIfNeeded(request, shouldBlockCookies);
+    restrictRequestReferrerToOriginIfNeeded(request);
 
     NSURLRequest *nsRequest = request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody);
     applySniffingPoliciesAndBindRequestToInferfaceIfNeeded(nsRequest, shouldContentSniff == WebCore::ContentSniffingPolicy::SniffContent && !url.isLocalFile(), shouldContentEncodingSniff == WebCore::ContentEncodingSniffingPolicy::Sniff);
@@ -297,9 +297,9 @@ NetworkDataTaskCocoa::~NetworkDataTaskCocoa()
     }
 }
 
-void NetworkDataTaskCocoa::restrictRequestReferrerToOriginIfNeeded(WebCore::ResourceRequest& request, bool shouldBlockCookies)
+void NetworkDataTaskCocoa::restrictRequestReferrerToOriginIfNeeded(WebCore::ResourceRequest& request)
 {
-    if (shouldBlockCookies || (m_session->sessionID().isEphemeral() && isThirdPartyRequest(request)))
+    if ((m_session->sessionID().isEphemeral() || m_session->isResourceLoadStatisticsEnabled()) && m_session->shouldDowngradeReferrer() && isThirdPartyRequest(request))
         request.setExistingHTTPReferrerToOriginString();
 }
 
@@ -402,14 +402,8 @@ void NetworkDataTaskCocoa::willPerformHTTPRedirection(WebCore::ResourceResponse&
         m_client->willPerformHTTPRedirection(WTFMove(redirectResponse), WTFMove(request), [completionHandler = WTFMove(completionHandler), this, weakThis = makeWeakPtr(*this)] (auto&& request) mutable {
             if (!weakThis)
                 return completionHandler({ });
-            if (!request.isNull()) {
-#if ENABLE(RESOURCE_LOAD_STATISTICS)
-                bool shouldBlockCookies = m_session->networkStorageSession() && m_session->networkStorageSession()->shouldBlockCookies(request, m_frameID, m_pageID);
-#else
-                bool shouldBlockCookies = false;
-#endif
-                restrictRequestReferrerToOriginIfNeeded(request, shouldBlockCookies);
-            }
+            if (!request.isNull())
+                restrictRequestReferrerToOriginIfNeeded(request);
             completionHandler(WTFMove(request));
         });
     else {
index f296b6b2d8c13ca93e5c39f6fea307dfb971dedd..960f9fb0f22b9ec809e651beb9e5a7630c6ed954 100644 (file)
@@ -502,6 +502,17 @@ void WKWebsiteDataStoreStatisticsHasIsolatedSession(WKWebsiteDataStoreRef dataSt
 #endif
 }
 
+void WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTesting(WKWebsiteDataStoreRef dataStoreRef, bool enabled, void* context, WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTestingFunction completionHandler)
+{
+#if ENABLE(RESOURCE_LOAD_STATISTICS)
+    WebKit::toImpl(dataStoreRef)->setResourceLoadStatisticsShouldDowngradeReferrerForTesting(enabled, [context, completionHandler] {
+        completionHandler(context);
+    });
+#else
+    completionHandler(context);
+#endif
+}
+
 void WKWebsiteDataStoreStatisticsResetToConsistentState(WKWebsiteDataStoreRef dataStoreRef, void* context, WKWebsiteDataStoreStatisticsResetToConsistentStateFunction completionHandler)
 {
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
@@ -513,6 +524,7 @@ void WKWebsiteDataStoreStatisticsResetToConsistentState(WKWebsiteDataStoreRef da
     store.clearResourceLoadStatisticsInWebProcesses([callbackAggregator = callbackAggregator.copyRef()] { });
     store.resetCacheMaxAgeCapForPrevalentResources([callbackAggregator = callbackAggregator.copyRef()] { });
     store.resetCrossSiteLoadsWithLinkDecorationForTesting([callbackAggregator = callbackAggregator.copyRef()] { });
+    store.setResourceLoadStatisticsShouldDowngradeReferrerForTesting(true, [callbackAggregator = callbackAggregator.copyRef()] { });
     store.resetParametersToDefaultValues([callbackAggregator = callbackAggregator.copyRef()] { });
     store.scheduleClearInMemoryAndPersistent(WebKit::ShouldGrandfatherStatistics::No, [callbackAggregator = callbackAggregator.copyRef()] { });
 #else
index b8357cc2704fedebd5595d032c0e93e4a570e1bd..ccf591389fb915f23516d3048c9e27dcc197e325 100644 (file)
@@ -110,6 +110,8 @@ typedef void (*WKWebsiteDataStoreSetStatisticsCacheMaxAgeCapFunction)(void* func
 WK_EXPORT void WKWebsiteDataStoreSetStatisticsCacheMaxAgeCap(WKWebsiteDataStoreRef dataStoreRef, double seconds, void* context, WKWebsiteDataStoreSetStatisticsCacheMaxAgeCapFunction);
 typedef void (*WKWebsiteDataStoreStatisticsHasIsolatedSessionFunction)(bool hasIsolatedSession, void* functionContext);
 WK_EXPORT void WKWebsiteDataStoreStatisticsHasIsolatedSession(WKWebsiteDataStoreRef dataStoreRef, WKStringRef host, void* context, WKWebsiteDataStoreStatisticsHasIsolatedSessionFunction callback);
+typedef void (*WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTestingFunction)(void* functionContext);
+WK_EXPORT void WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTesting(WKWebsiteDataStoreRef dataStoreRef, bool enabled, void* context, WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTestingFunction completionHandler);
 typedef void (*WKWebsiteDataStoreStatisticsResetToConsistentStateFunction)(void* functionContext);
 WK_EXPORT void WKWebsiteDataStoreStatisticsResetToConsistentState(WKWebsiteDataStoreRef dataStoreRef, void* context, WKWebsiteDataStoreStatisticsResetToConsistentStateFunction completionHandler);
 
index b5f69afff1ba0277ab27a9dbf6d51a846aaa35d5..02ce8c4a3b0ea0957fec4ef8f33559a5b8e0cdea 100644 (file)
@@ -1029,6 +1029,15 @@ void NetworkProcessProxy::hasIsolatedSession(PAL::SessionID sessionID, const Reg
     sendWithAsyncReply(Messages::NetworkProcess::HasIsolatedSession(sessionID, domain), WTFMove(completionHandler));
 }
 
+void NetworkProcessProxy::setShouldDowngradeReferrerForTesting(bool enabled, CompletionHandler<void()>&& completionHandler)
+{
+    if (!canSendMessage()) {
+        completionHandler();
+        return;
+    }
+    
+    sendWithAsyncReply(Messages::NetworkProcess::SetShouldDowngradeReferrerForTesting(enabled), WTFMove(completionHandler));
+}
 #endif // ENABLE(RESOURCE_LOAD_STATISTICS)
 
 void NetworkProcessProxy::sendProcessWillSuspendImminently()
index 5eedb70759986c2f5dbc6689241eaf74ba08ea8e..2fbf3f0a42820bf919f0486e2cf4de05bccd803b 100644 (file)
@@ -152,6 +152,7 @@ public:
     void deleteCookiesForTesting(PAL::SessionID, const RegistrableDomain&, bool includeHttpOnlyCookies, CompletionHandler<void()>&&);
     void deleteWebsiteDataInUIProcessForRegistrableDomains(PAL::SessionID, OptionSet<WebsiteDataType>, OptionSet<WebsiteDataFetchOption>, Vector<RegistrableDomain>, CompletionHandler<void(HashSet<WebCore::RegistrableDomain>&&)>&&);
     void hasIsolatedSession(PAL::SessionID, const RegistrableDomain&, CompletionHandler<void(bool)>&&);
+    void setShouldDowngradeReferrerForTesting(bool, CompletionHandler<void()>&&);
 #endif
 
     void processReadyToSuspend();
index 032ebcb6be94303e248f12cc0f84cfc858152300..78e11dba5d2cf45f5fea600bb6c2e0f8cf680bfa 100644 (file)
@@ -1710,6 +1710,20 @@ void WebsiteDataStore::hasIsolatedSessionForTesting(const URL& url, CompletionHa
     }
     ASSERT(!completionHandler);
 }
+
+void WebsiteDataStore::setResourceLoadStatisticsShouldDowngradeReferrerForTesting(bool enabled, CompletionHandler<void()>&& completionHandler)
+{
+    auto callbackAggregator = CallbackAggregator::create(WTFMove(completionHandler));
+    
+    for (auto& processPool : processPools()) {
+        if (auto* networkProcess = processPool->networkProcess()) {
+            networkProcess->setShouldDowngradeReferrerForTesting(enabled, [callbackAggregator = callbackAggregator.copyRef()] { });
+            ASSERT(processPools().size() == 1);
+            break;
+        }
+    }
+    ASSERT(!completionHandler);
+}
 #endif // ENABLE(RESOURCE_LOAD_STATISTICS)
 
 void WebsiteDataStore::setCacheMaxAgeCapForPrevalentResources(Seconds seconds, CompletionHandler<void()>&& completionHandler)
index fc1291f1fff49e0a2441c49f13cc5bdc27bb741f..8a5feba83b7da0dcc74b78c5a0192c0f7f52ec7f 100644 (file)
@@ -187,6 +187,7 @@ public:
     void deleteCookiesForTesting(const URL&, bool includeHttpOnlyCookies, CompletionHandler<void()>&&);
     void hasLocalStorageForTesting(const URL&, CompletionHandler<void(bool)>&&) const;
     void hasIsolatedSessionForTesting(const URL&, CompletionHandler<void(bool)>&&) const;
+    void setResourceLoadStatisticsShouldDowngradeReferrerForTesting(bool, CompletionHandler<void()>&&);
 #endif
     void setCacheMaxAgeCapForPrevalentResources(Seconds, CompletionHandler<void()>&&);
     void resetCacheMaxAgeCapForPrevalentResources(CompletionHandler<void()>&&);
index 16570c95ce241b8f0313b54ce5a5efa649dbcffa..a541ff5f3b10352692e0c68646491e2b96d090af 100644 (file)
@@ -1,3 +1,36 @@
+2019-09-26 Kate Cheney <katherine_cheney@apple.com>
+
+        Resource Load Statistics: Downgrade all third-party referrer headers
+        https://bugs.webkit.org/show_bug.cgi?id=201353
+        <rdar://problem/54895650>
+
+        Majority of this patch was written by John Wilander <wilander@apple.com>.
+
+        Reviewed by Brent Fulgham. 
+
+        The changes to the TestRunner facilitates an opt-out for test cases
+        that either test the referrer mechanism explicitly or tests that
+        rely on the full referrer to be sent. 
+
+        The new boolean variable and early return in 
+        TestRunner::setStatisticsShouldDowngradeReferrer() prevent the same
+        event from trying to set multiple TestRunner callbacks.
+
+        * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
+        * WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
+        (WTR::InjectedBundle::didReceiveMessageToPage):
+        * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
+        (WTR::TestRunner::setStatisticsShouldDowngradeReferrer):
+        (WTR::TestRunner::statisticsCallDidSetShouldDowngradeReferrerCallback):
+        * WebKitTestRunner/InjectedBundle/TestRunner.h:
+        * WebKitTestRunner/TestController.cpp:
+        (WTR::TestController::setStatisticsShouldDowngradeReferrer):
+        * WebKitTestRunner/TestController.h:
+        * WebKitTestRunner/TestInvocation.cpp:
+        (WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):
+        (WTR::TestInvocation::didSetShouldDowngradeReferrer):
+        * WebKitTestRunner/TestInvocation.h:
+
 2019-09-26  Dean Jackson  <dino@apple.com>
 
         Build fix.
index 9676f2ea65f4524e194159024a6ed6282405b0d7..6a3981b83fe5000aa0c70d10d89d0bc103fba66a 100644 (file)
@@ -338,6 +338,7 @@ interface TestRunner {
     void setStatisticsCacheMaxAgeCap(double seconds);
     void statisticsResetToConsistentState(object completionHandler);
     boolean hasStatisticsIsolatedSession(DOMString hostName);
+    void setStatisticsShouldDowngradeReferrer(boolean value, object callback);
 
     // Injected bundle form client.
     void installTextDidChangeInTextFieldCallback(object callback);
index 7339afceef534bd4513286d8d467f5f6711a095c..9c10b4084d9bf3d9ffd4bd07a5eb5ff43ecd94d8 100644 (file)
@@ -327,6 +327,11 @@ void InjectedBundle::didReceiveMessageToPage(WKBundlePageRef page, WKStringRef m
         return;
     }
 
+    if (WKStringIsEqualToUTF8CString(messageName, "CallDidSetShouldDowngradeReferrer")) {
+        m_testRunner->statisticsCallDidSetShouldDowngradeReferrerCallback();
+        return;
+    }
+
     if (WKStringIsEqualToUTF8CString(messageName, "CallDidResetStatisticsToConsistentState")) {
         m_testRunner->statisticsCallDidResetToConsistentStateCallback();
         return;
index cff40f39904a570265695ef39b49b1f17f755303..3e77f87315c74834e21246ee02997cf2f07b0d8f 100644 (file)
@@ -741,6 +741,7 @@ enum {
     StatisticsDidClearThroughWebsiteDataRemovalCallbackID,
     StatisticsDidResetToConsistentStateCallbackID,
     StatisticsDidSetBlockCookiesForHostCallbackID,
+    StatisticsDidSetShouldDowngradeReferrerCallbackID,
     AllStorageAccessEntriesCallbackID,
     DidRemoveAllSessionCredentialsCallbackID,
     GetApplicationManifestCallbackID,
@@ -2100,6 +2101,23 @@ bool TestRunner::hasStatisticsIsolatedSession(JSStringRef hostName)
     return WKBooleanGetValue(adoptWK(static_cast<WKBooleanRef>(returnData)).get());
 }
 
+void TestRunner::setStatisticsShouldDowngradeReferrer(bool value, JSValueRef completionHandler)
+{
+    if (m_hasSetDowngradeReferrerCallback)
+        return;
+    
+    cacheTestRunnerCallback(StatisticsDidSetShouldDowngradeReferrerCallbackID, completionHandler);
+    WKRetainPtr<WKStringRef> messageName = adoptWK(WKStringCreateWithUTF8CString("SetStatisticsShouldDowngradeReferrer"));
+    WKRetainPtr<WKBooleanRef> messageBody = adoptWK(WKBooleanCreate(value));
+    WKBundlePostSynchronousMessage(InjectedBundle::singleton().bundle(), messageName.get(), messageBody.get(), nullptr);
+    m_hasSetDowngradeReferrerCallback = true;
+}
+
+void TestRunner::statisticsCallDidSetShouldDowngradeReferrerCallback()
+{
+    callTestRunnerCallback(StatisticsDidSetShouldDowngradeReferrerCallbackID);
+}
+
 void TestRunner::statisticsCallClearThroughWebsiteDataRemovalCallback()
 {
     callTestRunnerCallback(StatisticsDidClearThroughWebsiteDataRemovalCallbackID);
index f4ad3a60e2e5750b3c1656264842559a5dc3263b..0c93a8fd3227f5c0bd707e45c84589d8f10e7811 100644 (file)
@@ -435,6 +435,8 @@ public:
     bool isStatisticsHasLocalStorage(JSStringRef hostName);
     void setStatisticsCacheMaxAgeCap(double seconds);
     bool hasStatisticsIsolatedSession(JSStringRef hostName);
+    void setStatisticsShouldDowngradeReferrer(bool, JSValueRef callback);
+    void statisticsCallDidSetShouldDowngradeReferrerCallback();
     void statisticsResetToConsistentState(JSValueRef completionHandler);
     void statisticsCallDidResetToConsistentStateCallback();
 
@@ -568,6 +570,7 @@ private:
 
     bool m_userStyleSheetEnabled { false };
     bool m_dumpAllHTTPRedirectedResponseHeaders { false };
+    bool m_hasSetDowngradeReferrerCallback { false };
 };
 
 } // namespace WTR
index 2f5bd992967d73af32a0b7f4ab56ce46b145f962..fc6712ef1358ad4f4d4a7cec48ea11092f0bdaa9 100644 (file)
@@ -3516,6 +3516,14 @@ bool TestController::hasStatisticsIsolatedSession(WKStringRef host)
     return context.result;
 }
 
+void TestController::setStatisticsShouldDowngradeReferrer(bool value)
+{
+    ResourceStatisticsCallbackContext context(*this);
+    WKWebsiteDataStoreSetResourceLoadStatisticsShouldDowngradeReferrerForTesting(TestController::websiteDataStore(), value, &context, resourceStatisticsVoidResultCallback);
+    runUntil(context.done, noTimeout);
+    m_currentInvocation->didSetShouldDowngradeReferrer();
+}
+
 void TestController::statisticsResetToConsistentState()
 {
     ResourceStatisticsCallbackContext context(*this);
index 72edabe8ff2a9ce4f26f95347684bd84a6bc616b..eb71df82c02fea2ed85a2627bb711c6d6aba7815 100644 (file)
@@ -249,6 +249,7 @@ public:
     bool isStatisticsHasLocalStorage(WKStringRef hostName);
     void setStatisticsCacheMaxAgeCap(double seconds);
     bool hasStatisticsIsolatedSession(WKStringRef hostName);
+    void setStatisticsShouldDowngradeReferrer(bool value);
     void statisticsResetToConsistentState();
 
     void getAllStorageAccessEntries();
index 30650c49911393addf081c7a10f0c48e1d389447..3e4f2e7fe9f8dec9b993ff6beccf2b9317794d20 100644 (file)
@@ -1489,6 +1489,13 @@ WKRetainPtr<WKTypeRef> TestInvocation::didReceiveSynchronousMessageFromInjectedB
         return result;
     }
     
+    if (WKStringIsEqualToUTF8CString(messageName, "SetStatisticsShouldDowngradeReferrer")) {
+        ASSERT(WKGetTypeID(messageBody) == WKBooleanGetTypeID());
+        WKBooleanRef value = static_cast<WKBooleanRef>(messageBody);
+        TestController::singleton().setStatisticsShouldDowngradeReferrer(WKBooleanGetValue(value));
+        return nullptr;
+    }
+    
     if (WKStringIsEqualToUTF8CString(messageName, "RemoveAllSessionCredentials")) {
         TestController::singleton().removeAllSessionCredentials();
         return nullptr;
@@ -1770,6 +1777,12 @@ void TestInvocation::didClearStatisticsThroughWebsiteDataRemoval()
     WKPagePostMessageToInjectedBundle(TestController::singleton().mainWebView()->page(), messageName.get(), 0);
 }
 
+void TestInvocation::didSetShouldDowngradeReferrer()
+{
+    WKRetainPtr<WKStringRef> messageName = adoptWK(WKStringCreateWithUTF8CString("CallDidSetShouldDowngradeReferrer"));
+    WKPagePostMessageToInjectedBundle(TestController::singleton().mainWebView()->page(), messageName.get(), 0);
+}
+
 void TestInvocation::didResetStatisticsToConsistentState()
 {
     WKRetainPtr<WKStringRef> messageName = adoptWK(WKStringCreateWithUTF8CString("CallDidResetStatisticsToConsistentState"));
index 85b1b0206eb89226e86c6b41ab93e5db95ebfd92..76aa9b8e1dc02ec8ad938694157458f195da3cd6 100644 (file)
@@ -73,6 +73,7 @@ public:
     void notifyDownloadDone();
 
     void didClearStatisticsThroughWebsiteDataRemoval();
+    void didSetShouldDowngradeReferrer();
     void didResetStatisticsToConsistentState();
     void didSetBlockCookiesForHost();
     void didSetStatisticsDebugMode();