Add referrerpolicy attribute support for <script> elements
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jul 2019 09:03:37 +0000 (09:03 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jul 2019 09:03:37 +0000 (09:03 +0000)
https://bugs.webkit.org/show_bug.cgi?id=185550

Patch by Rob Buis <rbuis@igalia.com> on 2019-07-17
Reviewed by Youenn Fablet.

Source/WebCore:

This patch adds 'referrerpolicy' attribute support for script elements.
If set, the value is restricted to the ReferrerPolicy enum, and
if valid it is used for the script fetch.
If not set or invalid, the current behavior is kept.

Tests: http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html
       http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html
       http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html
       http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html
       http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html
       http/tests/referrer-policy-script/no-referrer/same-origin.html
       http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html
       http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html
       http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html
       http/tests/referrer-policy-script/origin/cross-origin-http-http.html
       http/tests/referrer-policy-script/origin/cross-origin-http.https.html
       http/tests/referrer-policy-script/origin/same-origin.html
       http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html
       http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html
       http/tests/referrer-policy-script/same-origin/same-origin.html
       http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html
       http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html
       http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html
       http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html
       http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html
       http/tests/referrer-policy-script/strict-origin/same-origin.html
       http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html
       http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html
       http/tests/referrer-policy-script/unsafe-url/same-origin.html

* bindings/js/CachedScriptFetcher.cpp:
(WebCore::CachedScriptFetcher::requestScriptWithCache const):
* bindings/js/CachedScriptFetcher.h:
(WebCore::CachedScriptFetcher::CachedScriptFetcher):
* dom/InlineClassicScript.h:
* dom/LoadableClassicScript.cpp:
(WebCore::LoadableClassicScript::create):
* dom/LoadableClassicScript.h:
* dom/LoadableModuleScript.cpp:
(WebCore::LoadableModuleScript::create):
(WebCore::LoadableModuleScript::LoadableModuleScript):
* dom/LoadableModuleScript.h:
* dom/LoadableScript.h:
(WebCore::LoadableScript::LoadableScript):
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::requestClassicScript):
(WebCore::ScriptElement::requestModuleScript):
* dom/ScriptElement.h:
* dom/ScriptElementCachedScriptFetcher.h:
(WebCore::ScriptElementCachedScriptFetcher::ScriptElementCachedScriptFetcher):
* html/HTMLIFrameElement.cpp:
(WebCore::HTMLIFrameElement::referrerPolicyForBindings const):
* html/HTMLScriptElement.cpp:
(WebCore::HTMLScriptElement::setReferrerPolicyForBindings):
(WebCore::HTMLScriptElement::referrerPolicyForBindings const):
(WebCore::HTMLScriptElement::referrerPolicy const):
* html/HTMLScriptElement.h:
* html/HTMLScriptElement.idl:
* html/parser/CSSPreloadScanner.cpp:
(WebCore::CSSPreloadScanner::emitRule):
* html/parser/HTMLPreloadScanner.cpp:
(WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest):
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
* html/parser/HTMLResourcePreloader.cpp:
(WebCore::PreloadRequest::resourceRequest):
* html/parser/HTMLResourcePreloader.h:
(WebCore::PreloadRequest::PreloadRequest):
* platform/ReferrerPolicy.cpp:
(WebCore::referrerPolicyToString):
* platform/ReferrerPolicy.h:
* svg/SVGScriptElement.h:

LayoutTests:

Add tests for scripts with various referrerpolicy attribute values.

* http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html: Added.
* http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/no-referrer/same-origin.html: Added.
* http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html: Added.
* http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/origin/same-origin.html: Added.
* http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/same-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/same-origin/same-origin.html: Added.
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html: Added.
* http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/strict-origin/same-origin.html: Added.
* http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt: Added.
* http/tests/referrer-policy-script/unsafe-url/same-origin.html: Added.
* http/tests/referrer-policy/resources/script.php: Added.
* platform/win/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247509 268f45cc-cd09-0410-ab3c-d52691b4dbfc

74 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/referrer-policy/resources/script.php [new file with mode: 0644]
LayoutTests/platform/win/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/CachedScriptFetcher.cpp
Source/WebCore/bindings/js/CachedScriptFetcher.h
Source/WebCore/dom/InlineClassicScript.h
Source/WebCore/dom/LoadableClassicScript.cpp
Source/WebCore/dom/LoadableClassicScript.h
Source/WebCore/dom/LoadableModuleScript.cpp
Source/WebCore/dom/LoadableModuleScript.h
Source/WebCore/dom/LoadableScript.h
Source/WebCore/dom/ScriptElement.cpp
Source/WebCore/dom/ScriptElement.h
Source/WebCore/dom/ScriptElementCachedScriptFetcher.h
Source/WebCore/html/HTMLIFrameElement.cpp
Source/WebCore/html/HTMLScriptElement.cpp
Source/WebCore/html/HTMLScriptElement.h
Source/WebCore/html/HTMLScriptElement.idl
Source/WebCore/html/parser/CSSPreloadScanner.cpp
Source/WebCore/html/parser/HTMLPreloadScanner.cpp
Source/WebCore/html/parser/HTMLResourcePreloader.cpp
Source/WebCore/html/parser/HTMLResourcePreloader.h
Source/WebCore/platform/ReferrerPolicy.cpp
Source/WebCore/platform/ReferrerPolicy.h
Source/WebCore/svg/SVGScriptElement.h

index 74a399e..b68602d 100644 (file)
@@ -1,3 +1,63 @@
+2019-07-17  Rob Buis  <rbuis@igalia.com>
+
+        Add referrerpolicy attribute support for <script> elements
+        https://bugs.webkit.org/show_bug.cgi?id=185550
+
+        Reviewed by Youenn Fablet.
+
+        Add tests for scripts with various referrerpolicy attribute values.
+
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html: Added.
+        * http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/no-referrer/same-origin.html: Added.
+        * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html: Added.
+        * http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/origin/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/origin/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/origin/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/origin/same-origin.html: Added.
+        * http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/same-origin/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/same-origin/same-origin.html: Added.
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html: Added.
+        * http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/strict-origin/same-origin.html: Added.
+        * http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt: Added.
+        * http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html: Added.
+        * http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt: Added.
+        * http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html: Added.
+        * http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt: Added.
+        * http/tests/referrer-policy-script/unsafe-url/same-origin.html: Added.
+        * http/tests/referrer-policy/resources/script.php: Added.
+        * platform/win/TestExpectations:
+
 2019-07-16  Myles C. Maxfield  <mmaxfield@apple.com>
 
         [WHLSL] Move WHLSL tests to their own folder
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..9774e08
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..f3e7b2a
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer-when-downgrade"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..2581865
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..4b77685
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer-when-downgrade"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..e1eb268
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of no-referrer-when-downgrade referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/same-origin.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html
new file mode 100644 (file)
index 0000000..0fb8e43
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of no-referrer-when-downgrade referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/same-origin.html");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy=no-referrer-when-downgrade"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..17d7c3e
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of no-referrer referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..f79f9b6
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of no-referrer referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..fdd48ed
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..12443dc
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..19114a6
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of no-referrer referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin.html
new file mode 100644 (file)
index 0000000..3428312
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of no-referrer referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..28d6289
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of origin-when-cross-origin referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..8392057
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin, not the full URL, because we are cross-origin.
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..3300fbf
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "https://127.0.0.1:8443/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..dbf29e4
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin, not the full URL, because we are cross-origin.
+    shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..c83210b
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of origin-when-cross-origin referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/origin-when-cross-origin/same-origin.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html
new file mode 100644 (file)
index 0000000..f0ba675
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of origin-when-cross-origin referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL because we are same-origin.
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/origin-when-cross-origin/same-origin.html");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..83c2309
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of origin referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..38335b7
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of origin referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..6486268
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "https://127.0.0.1:8443/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..c34cb09
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin
+    shouldBeEqualToString("referrer", "https://127.0.0.1:8443/");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..f59fc57
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of origin referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/origin/same-origin.html
new file mode 100644 (file)
index 0000000..260ac62
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of origin referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..1baae63
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of same-origin referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..8b73c72
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of same-origin referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string because we are cross-origin.
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..ec81e95
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..c0917d7
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string because we are cross-origin.
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..ea40ae8
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of same-origin referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/same-origin/same-origin.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin.html
new file mode 100644 (file)
index 0000000..10c0327
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of same-origin referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL because we are same-origin.
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/same-origin/same-origin.html");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..f2fde08
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..d0706b9
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin, not the full URL, because we are cross-origin.
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..ad10690
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..d46b02a
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string because we are cross-origin and going from HTTPS to HTTP.
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..f72d248
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of strict-origin-when-cross-origin referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html
new file mode 100644 (file)
index 0000000..3bd3f4d
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of strict-origin-when-cross-origin referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL because we are same-origin.
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..da95369
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of strict-origin referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..2692961
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of strict-origin referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin, not the full URL.
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..5b78a7e
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..541c370
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the empty string because we are going from HTTPS to HTTP.
+    shouldBeEqualToString("referrer", "");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..057bdd0
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of strict-origin referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin.html
new file mode 100644 (file)
index 0000000..21ee311
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of strict-origin referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the origin, not the full URL.
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt
new file mode 100644 (file)
index 0000000..0b0f03e
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of unsafe-url referrer policy when cross origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/cross-origin-http-http.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html
new file mode 100644 (file)
index 0000000..71e1bfa
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of unsafe-url referrer policy when cross origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/cross-origin-http-http.html");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="unsaf-url"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt
new file mode 100644 (file)
index 0000000..e7126e4
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "https://127.0.0.1:8443/referrer-policy-script/unsafe-url/cross-origin-http.https.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html
new file mode 100644 (file)
index 0000000..0c1ac03
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.");
+jsTestIsAsync = true;
+
+if (window.internals)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL
+    shouldBeEqualToString("referrer", "https://127.0.0.1:8443/referrer-policy-script/unsafe-url/cross-origin-http.https.html");
+    finishJSTest();
+}
+</script>
+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="unsafe-url"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt
new file mode 100644 (file)
index 0000000..6b67f0d
--- /dev/null
@@ -0,0 +1,10 @@
+Tests the behavior of unsafe-url referrer policy when same origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/same-origin.html"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin.html
new file mode 100644 (file)
index 0000000..e5eddeb
--- /dev/null
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Tests the behavior of unsafe-url referrer policy when same origin.");
+jsTestIsAsync = true;
+
+function checkReferrer(value) {
+    referrer = value;
+    // Should be the full URL
+    shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/same-origin.html");
+    finishJSTest();
+}
+</script>
+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="unsafe-url"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/referrer-policy/resources/script.php b/LayoutTests/http/tests/referrer-policy/resources/script.php
new file mode 100644 (file)
index 0000000..bc23c71
--- /dev/null
@@ -0,0 +1,5 @@
+<?php
+header("Cache: no-cache, no-store");
+$refer = $_SERVER['HTTP_REFERER'];
+print("checkReferrer('$refer');");
+?>
index 98ff6bc..79d02f7 100644 (file)
@@ -4311,6 +4311,8 @@ webkit.org/b/195461 http/tests/referrer-policy-iframe/origin/cross-origin-http.h
 webkit.org/b/195461 http/tests/referrer-policy-iframe/origin/same-origin.html [ Failure ]
 webkit.org/b/195461 http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html [ Failure ]
 
+webkit.org/b/195461 http/tests/referrer-policy-script [ Skip ]
+
 # webkit.org/b/196463
 [ Win10 ] fast/css/font-family-pictograph.html [ Failure ]
 [ Win10 ] fast/css/font-shorthand-line-height.html [ Failure ]
index 026e84b..0a8962b 100644 (file)
@@ -1,3 +1,82 @@
+2019-07-17  Rob Buis  <rbuis@igalia.com>
+
+        Add referrerpolicy attribute support for <script> elements
+        https://bugs.webkit.org/show_bug.cgi?id=185550
+
+        Reviewed by Youenn Fablet.
+
+        This patch adds 'referrerpolicy' attribute support for script elements.
+        If set, the value is restricted to the ReferrerPolicy enum, and
+        if valid it is used for the script fetch.
+        If not set or invalid, the current behavior is kept.
+
+        Tests: http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html
+               http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html
+               http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html
+               http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html
+               http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html
+               http/tests/referrer-policy-script/no-referrer/same-origin.html
+               http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html
+               http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html
+               http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html
+               http/tests/referrer-policy-script/origin/cross-origin-http-http.html
+               http/tests/referrer-policy-script/origin/cross-origin-http.https.html
+               http/tests/referrer-policy-script/origin/same-origin.html
+               http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html
+               http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html
+               http/tests/referrer-policy-script/same-origin/same-origin.html
+               http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html
+               http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html
+               http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html
+               http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html
+               http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html
+               http/tests/referrer-policy-script/strict-origin/same-origin.html
+               http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html
+               http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html
+               http/tests/referrer-policy-script/unsafe-url/same-origin.html
+
+        * bindings/js/CachedScriptFetcher.cpp:
+        (WebCore::CachedScriptFetcher::requestScriptWithCache const):
+        * bindings/js/CachedScriptFetcher.h:
+        (WebCore::CachedScriptFetcher::CachedScriptFetcher):
+        * dom/InlineClassicScript.h:
+        * dom/LoadableClassicScript.cpp:
+        (WebCore::LoadableClassicScript::create):
+        * dom/LoadableClassicScript.h:
+        * dom/LoadableModuleScript.cpp:
+        (WebCore::LoadableModuleScript::create):
+        (WebCore::LoadableModuleScript::LoadableModuleScript):
+        * dom/LoadableModuleScript.h:
+        * dom/LoadableScript.h:
+        (WebCore::LoadableScript::LoadableScript):
+        * dom/ScriptElement.cpp:
+        (WebCore::ScriptElement::requestClassicScript):
+        (WebCore::ScriptElement::requestModuleScript):
+        * dom/ScriptElement.h:
+        * dom/ScriptElementCachedScriptFetcher.h:
+        (WebCore::ScriptElementCachedScriptFetcher::ScriptElementCachedScriptFetcher):
+        * html/HTMLIFrameElement.cpp:
+        (WebCore::HTMLIFrameElement::referrerPolicyForBindings const):
+        * html/HTMLScriptElement.cpp:
+        (WebCore::HTMLScriptElement::setReferrerPolicyForBindings):
+        (WebCore::HTMLScriptElement::referrerPolicyForBindings const):
+        (WebCore::HTMLScriptElement::referrerPolicy const):
+        * html/HTMLScriptElement.h:
+        * html/HTMLScriptElement.idl:
+        * html/parser/CSSPreloadScanner.cpp:
+        (WebCore::CSSPreloadScanner::emitRule):
+        * html/parser/HTMLPreloadScanner.cpp:
+        (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest):
+        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
+        * html/parser/HTMLResourcePreloader.cpp:
+        (WebCore::PreloadRequest::resourceRequest):
+        * html/parser/HTMLResourcePreloader.h:
+        (WebCore::PreloadRequest::PreloadRequest):
+        * platform/ReferrerPolicy.cpp:
+        (WebCore::referrerPolicyToString):
+        * platform/ReferrerPolicy.h:
+        * svg/SVGScriptElement.h:
+
 2019-07-16  Christopher Reid  <chris.reid@sony.com>
 
         Bytecode cache should use FileSystem
index 7c87b23..60fc1b2 100644 (file)
@@ -56,6 +56,7 @@ CachedResourceHandle<CachedScript> CachedScriptFetcher::requestScriptWithCache(D
     options.contentSecurityPolicyImposition = hasKnownNonce ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
     options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
     options.integrity = WTFMove(integrity);
+    options.referrerPolicy = m_referrerPolicy;
 
     auto request = createPotentialAccessControlRequest(sourceURL, document, crossOriginMode, WTFMove(options));
     request.upgradeInsecureRequestIfNeeded(document);
index 3823142..1b8876a 100644 (file)
@@ -26,6 +26,7 @@
 #pragma once
 
 #include "CachedResourceHandle.h"
+#include "ReferrerPolicy.h"
 #include <JavaScriptCore/ScriptFetcher.h>
 #include <wtf/text/WTFString.h>
 
@@ -41,11 +42,12 @@ public:
     static Ref<CachedScriptFetcher> create(const String& charset);
 
 protected:
-    CachedScriptFetcher(const String& nonce, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
+    CachedScriptFetcher(const String& nonce, ReferrerPolicy referrerPolicy, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
         : m_nonce(nonce)
         , m_charset(charset)
         , m_initiatorName(initiatorName)
         , m_isInUserAgentShadowTree(isInUserAgentShadowTree)
+        , m_referrerPolicy(referrerPolicy)
     {
     }
 
@@ -61,6 +63,7 @@ private:
     String m_charset;
     AtomString m_initiatorName;
     bool m_isInUserAgentShadowTree { false };
+    ReferrerPolicy m_referrerPolicy { ReferrerPolicy::EmptyString };
 };
 
 } // namespace WebCore
index ad4b850..b489a1b 100644 (file)
@@ -40,7 +40,7 @@ public:
 
 private:
     InlineClassicScript(const String& nonce, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
-        : ScriptElementCachedScriptFetcher(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
+        : ScriptElementCachedScriptFetcher(nonce, ReferrerPolicy::EmptyString, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
     {
     }
 };
index 739dbf4..c8443a3 100644 (file)
@@ -35,9 +35,9 @@
 
 namespace WebCore {
 
-Ref<LoadableClassicScript> LoadableClassicScript::create(const String& nonce, const String& integrityMetadata, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
+Ref<LoadableClassicScript> LoadableClassicScript::create(const String& nonce, const String& integrityMetadata, ReferrerPolicy policy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
 {
-    return adoptRef(*new LoadableClassicScript(nonce, integrityMetadata, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree));
+    return adoptRef(*new LoadableClassicScript(nonce, integrityMetadata, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree));
 }
 
 LoadableClassicScript::~LoadableClassicScript()
index 381b5a1..04c7119 100644 (file)
@@ -29,6 +29,7 @@
 #include "CachedResourceHandle.h"
 #include "CachedScript.h"
 #include "LoadableScript.h"
+#include "ReferrerPolicy.h"
 #include <wtf/TypeCasts.h>
 
 namespace WebCore {
@@ -40,7 +41,7 @@ class LoadableClassicScript final : public LoadableScript, private CachedResourc
 public:
     virtual ~LoadableClassicScript();
 
-    static Ref<LoadableClassicScript> create(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree);
+    static Ref<LoadableClassicScript> create(const String& nonce, const String& integrity, ReferrerPolicy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree);
     bool isLoaded() const final;
     Optional<Error> error() const final;
     bool wasCanceled() const final;
@@ -55,8 +56,8 @@ public:
     bool load(Document&, const URL&);
 
 private:
-    LoadableClassicScript(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
-        : LoadableScript(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
+    LoadableClassicScript(const String& nonce, const String& integrity, ReferrerPolicy policy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
+        : LoadableScript(nonce, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
         , m_integrity(integrity)
     {
     }
index db94fe4..9a25c16 100644 (file)
 
 namespace WebCore {
 
-Ref<LoadableModuleScript> LoadableModuleScript::create(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
+Ref<LoadableModuleScript> LoadableModuleScript::create(const String& nonce, const String& integrity, ReferrerPolicy policy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
 {
-    return adoptRef(*new LoadableModuleScript(nonce, integrity, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree));
+    return adoptRef(*new LoadableModuleScript(nonce, integrity, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree));
 }
 
-LoadableModuleScript::LoadableModuleScript(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
-    : LoadableScript(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
+LoadableModuleScript::LoadableModuleScript(const String& nonce, const String& integrity, ReferrerPolicy policy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
+    : LoadableScript(nonce, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
     , m_parameters(ModuleFetchParameters::create(integrity))
 {
 }
index 90aa367..bb79954 100644 (file)
@@ -37,7 +37,7 @@ class LoadableModuleScript final : public LoadableScript {
 public:
     virtual ~LoadableModuleScript();
 
-    static Ref<LoadableModuleScript> create(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree);
+    static Ref<LoadableModuleScript> create(const String& nonce, const String& integrity, ReferrerPolicy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree);
 
     bool isLoaded() const final;
     Optional<Error> error() const final;
@@ -60,7 +60,7 @@ public:
     UniquedStringImpl* moduleKey() const { return m_moduleKey.get(); }
 
 private:
-    LoadableModuleScript(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree);
+    LoadableModuleScript(const String& nonce, const String& integrity, ReferrerPolicy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree);
 
     Ref<ModuleFetchParameters> m_parameters;
     RefPtr<UniquedStringImpl> m_moduleKey;
index bfea293..c3e6f16 100644 (file)
@@ -68,8 +68,8 @@ public:
     void removeClient(LoadableScriptClient&);
 
 protected:
-    LoadableScript(const String& nonce, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
-        : ScriptElementCachedScriptFetcher(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
+    LoadableScript(const String& nonce, ReferrerPolicy policy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
+        : ScriptElementCachedScriptFetcher(nonce, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)
     {
     }
 
index 063d64d..113abc4 100644 (file)
@@ -284,6 +284,7 @@ bool ScriptElement::requestClassicScript(const String& sourceURL)
         auto script = LoadableClassicScript::create(
             m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
             m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(),
+            referrerPolicy(),
             m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr),
             scriptCharset(),
             m_element.localName(),
@@ -335,6 +336,7 @@ bool ScriptElement::requestModuleScript(const TextPosition& scriptStartPosition)
         auto script = LoadableModuleScript::create(
             nonce,
             m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(),
+            referrerPolicy(),
             crossOriginMode,
             scriptCharset(),
             m_element.localName(),
@@ -344,7 +346,7 @@ bool ScriptElement::requestModuleScript(const TextPosition& scriptStartPosition)
         return true;
     }
 
-    auto script = LoadableModuleScript::create(nonce, emptyString(), crossOriginMode, scriptCharset(), m_element.localName(), m_element.isInUserAgentShadowTree());
+    auto script = LoadableModuleScript::create(nonce, emptyString(), referrerPolicy(), crossOriginMode, scriptCharset(), m_element.localName(), m_element.isInUserAgentShadowTree());
 
     TextPosition position = m_element.document().isInDocumentWrite() ? TextPosition() : scriptStartPosition;
     ScriptSourceCode sourceCode(scriptContent(), URL(m_element.document().url()), position, JSC::SourceProviderSourceType::Module, script.copyRef());
index ac1d7d4..4fed24c 100644 (file)
@@ -23,6 +23,7 @@
 
 #include "ContainerNode.h"
 #include "LoadableScript.h"
+#include "ReferrerPolicy.h"
 #include "UserGestureIndicator.h"
 #include <wtf/MonotonicTime.h>
 #include <wtf/text/TextPosition.h>
@@ -113,6 +114,7 @@ private:
     virtual bool hasDeferAttribute() const = 0;
     virtual bool hasSourceAttribute() const = 0;
     virtual bool hasNoModuleAttribute() const = 0;
+    virtual ReferrerPolicy referrerPolicy() const = 0;
 
     Element& m_element;
     WTF::OrdinalNumber m_startLineNumber;
index 170804e..2d5f56c 100644 (file)
@@ -39,8 +39,8 @@ public:
     const String& crossOriginMode() const { return m_crossOriginMode; }
 
 protected:
-    ScriptElementCachedScriptFetcher(const String& nonce, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
-        : CachedScriptFetcher(nonce, charset, initiatorName, isInUserAgentShadowTree)
+    ScriptElementCachedScriptFetcher(const String& nonce, ReferrerPolicy policy, const String& crossOriginMode, const String& charset, const AtomString& initiatorName, bool isInUserAgentShadowTree)
+        : CachedScriptFetcher(nonce, policy, charset, initiatorName, isInUserAgentShadowTree)
         , m_crossOriginMode(crossOriginMode)
     {
     }
index fa07d71..68f6548 100644 (file)
@@ -119,28 +119,7 @@ void HTMLIFrameElement::setReferrerPolicyForBindings(const AtomString& value)
 
 String HTMLIFrameElement::referrerPolicyForBindings() const
 {
-    switch (referrerPolicy()) {
-    case ReferrerPolicy::NoReferrer:
-        return "no-referrer"_s;
-    case ReferrerPolicy::UnsafeUrl:
-        return "unsafe-url"_s;
-    case ReferrerPolicy::Origin:
-        return "origin"_s;
-    case ReferrerPolicy::OriginWhenCrossOrigin:
-        return "origin-when-cross-origin"_s;
-    case ReferrerPolicy::SameOrigin:
-        return "same-origin"_s;
-    case ReferrerPolicy::StrictOrigin:
-        return "strict-origin"_s;
-    case ReferrerPolicy::StrictOriginWhenCrossOrigin:
-        return "strict-origin-when-cross-origin"_s;
-    case ReferrerPolicy::NoReferrerWhenDowngrade:
-        return "no-referrer-when-downgrade"_s;
-    case ReferrerPolicy::EmptyString:
-        return { };
-    }
-    ASSERT_NOT_REACHED();
-    return { };
+    return referrerPolicyToString(referrerPolicy());
 }
 
 ReferrerPolicy HTMLIFrameElement::referrerPolicy() const
index f40d57d..54ad550 100644 (file)
@@ -184,4 +184,21 @@ Ref<Element> HTMLScriptElement::cloneElementWithoutAttributesAndChildren(Documen
     return adoptRef(*new HTMLScriptElement(tagQName(), targetDocument, false, alreadyStarted()));
 }
 
+void HTMLScriptElement::setReferrerPolicyForBindings(const AtomString& value)
+{
+    setAttributeWithoutSynchronization(referrerpolicyAttr, value);
+}
+
+String HTMLScriptElement::referrerPolicyForBindings() const
+{
+    return referrerPolicyToString(referrerPolicy());
+}
+
+ReferrerPolicy HTMLScriptElement::referrerPolicy() const
+{
+    if (RuntimeEnabledFeatures::sharedFeatures().referrerPolicyAttributeEnabled())
+        return parseReferrerPolicy(attributeWithoutSynchronization(referrerpolicyAttr), ReferrerPolicySource::ReferrerPolicyAttribute).valueOr(ReferrerPolicy::EmptyString);
+    return ReferrerPolicy::EmptyString;
+}
+
 }
index 5faec2c..b0c5636 100644 (file)
@@ -44,6 +44,10 @@ public:
     WEBCORE_EXPORT void setCrossOrigin(const AtomString&);
     WEBCORE_EXPORT String crossOrigin() const;
 
+    void setReferrerPolicyForBindings(const AtomString&);
+    String referrerPolicyForBindings() const;
+    ReferrerPolicy referrerPolicy() const final;
+
     using HTMLElement::ref;
     using HTMLElement::deref;
 
index cb9e6b1..6a7fc60 100644 (file)
@@ -31,4 +31,5 @@ interface HTMLScriptElement : HTMLElement {
     [Reflect] attribute DOMString nonce;
     [CEReactions=NotNeeded, Reflect] attribute boolean noModule;
     [CEReactions=NotNeeded, Reflect, EnabledBySetting=SubresourceIntegrity] attribute DOMString integrity;
+    [EnabledAtRuntime=ReferrerPolicyAttribute, ImplementedAs=referrerPolicyForBindings, CEReactions=NotNeeded] attribute DOMString referrerPolicy;
 };
index 4c79f80..e8590cc 100644 (file)
@@ -201,7 +201,7 @@ void CSSPreloadScanner::emitRule()
         if (!url.isEmpty()) {
             URL baseElementURL; // FIXME: This should be passed in from the HTMLPreloadScanner via scan(): without it we will get relative URLs wrong.
             // FIXME: Should this be including the charset in the preload request?
-            m_requests->append(std::make_unique<PreloadRequest>("css", url, baseElementURL, CachedResource::Type::CSSStyleSheet, String(), PreloadRequest::ModuleScript::No));
+            m_requests->append(std::make_unique<PreloadRequest>("css", url, baseElementURL, CachedResource::Type::CSSStyleSheet, String(), PreloadRequest::ModuleScript::No, ReferrerPolicy::EmptyString));
         }
         m_state = Initial;
     } else if (equalLettersIgnoringASCIICase(rule, "charset"))
index 3231496..53a172d 100644 (file)
@@ -161,7 +161,7 @@ public:
         if (!LinkLoader::isSupportedType(type.value(), m_typeAttribute))
             return nullptr;
 
-        auto request = std::make_unique<PreloadRequest>(initiatorFor(m_tagId), m_urlToLoad, predictedBaseURL, type.value(), m_mediaAttribute, m_moduleScript);
+        auto request = std::make_unique<PreloadRequest>(initiatorFor(m_tagId), m_urlToLoad, predictedBaseURL, type.value(), m_mediaAttribute, m_moduleScript, m_referrerPolicy);
         request->setCrossOriginMode(m_crossOriginMode);
         request->setNonce(m_nonceAttribute);
 
@@ -236,8 +236,13 @@ private:
             if (match(attributeName, typeAttr)) {
                 m_moduleScript = equalLettersIgnoringASCIICase(attributeValue, "module") ? PreloadRequest::ModuleScript::Yes : PreloadRequest::ModuleScript::No;
                 break;
-            } else if (match(attributeName, nonceAttr))
+            } else if (match(attributeName, nonceAttr)) {
                 m_nonceAttribute = attributeValue;
+                break;
+            } else if (match(attributeName, referrerpolicyAttr)) {
+                m_referrerPolicy = parseReferrerPolicy(attributeValue, ReferrerPolicySource::ReferrerPolicyAttribute).valueOr(ReferrerPolicy::EmptyString);
+                break;
+            }
             processImageAndScriptAttribute(attributeName, attributeValue);
             break;
         case TagId::Link:
@@ -370,6 +375,7 @@ private:
     bool m_inputIsImage;
     float m_deviceScaleFactor;
     PreloadRequest::ModuleScript m_moduleScript { PreloadRequest::ModuleScript::No };
+    ReferrerPolicy m_referrerPolicy { ReferrerPolicy::EmptyString };
 };
 
 TokenPreloadScanner::TokenPreloadScanner(const URL& documentURL, float deviceScaleFactor)
index 3d006ab..0821956 100644 (file)
@@ -59,6 +59,8 @@ CachedResourceRequest PreloadRequest::resourceRequest(Document& document)
         if (crossOriginMode.isNull())
             crossOriginMode = "omit"_s;
     }
+    if (m_resourceType == CachedResource::Type::Script)
+        options.referrerPolicy = m_referrerPolicy;
     auto request = createPotentialAccessControlRequest(completeURL(document), document, crossOriginMode, WTFMove(options));
     request.setInitiator(m_initiator);
     return request;
index dae7464..45735a6 100644 (file)
@@ -37,13 +37,14 @@ public:
         Yes,
         No,
     };
-    PreloadRequest(const String& initiator, const String& resourceURL, const URL& baseURL, CachedResource::Type resourceType, const String& mediaAttribute, ModuleScript moduleScript)
+    PreloadRequest(const String& initiator, const String& resourceURL, const URL& baseURL, CachedResource::Type resourceType, const String& mediaAttribute, ModuleScript moduleScript, const ReferrerPolicy& referrerPolicy)
         : m_initiator(initiator)
         , m_resourceURL(resourceURL)
         , m_baseURL(baseURL.isolatedCopy())
         , m_resourceType(resourceType)
         , m_mediaAttribute(mediaAttribute)
         , m_moduleScript(moduleScript)
+        , m_referrerPolicy(referrerPolicy)
     {
     }
 
@@ -68,6 +69,7 @@ private:
     String m_crossOriginMode;
     String m_nonceAttribute;
     ModuleScript m_moduleScript;
+    ReferrerPolicy m_referrerPolicy;
 };
 
 typedef Vector<std::unique_ptr<PreloadRequest>> PreloadRequestStream;
index f161854..f7e97c2 100644 (file)
@@ -89,4 +89,30 @@ Optional<ReferrerPolicy> parseReferrerPolicy(StringView policyString, ReferrerPo
     return WTF::nullopt;
 }
 
+String referrerPolicyToString(const ReferrerPolicy& referrerPolicy)
+{
+    switch (referrerPolicy) {
+    case ReferrerPolicy::NoReferrer:
+        return "no-referrer"_s;
+    case ReferrerPolicy::UnsafeUrl:
+        return "unsafe-url"_s;
+    case ReferrerPolicy::Origin:
+        return "origin"_s;
+    case ReferrerPolicy::OriginWhenCrossOrigin:
+        return "origin-when-cross-origin"_s;
+    case ReferrerPolicy::SameOrigin:
+        return "same-origin"_s;
+    case ReferrerPolicy::StrictOrigin:
+        return "strict-origin"_s;
+    case ReferrerPolicy::StrictOriginWhenCrossOrigin:
+        return "strict-origin-when-cross-origin"_s;
+    case ReferrerPolicy::NoReferrerWhenDowngrade:
+        return "no-referrer-when-downgrade"_s;
+    case ReferrerPolicy::EmptyString:
+        return { };
+    }
+    ASSERT_NOT_REACHED();
+    return { };
+}
+
 } // namespace WebCore
index ef52137..d5d4984 100644 (file)
@@ -50,6 +50,7 @@ enum class ReferrerPolicy : uint8_t {
 
 enum class ReferrerPolicySource : uint8_t { MetaTag, HTTPHeader, ReferrerPolicyAttribute };
 Optional<ReferrerPolicy> parseReferrerPolicy(StringView, ReferrerPolicySource);
+String referrerPolicyToString(const ReferrerPolicy&);
 
 }
 
index 2bd57a4..299d764 100644 (file)
@@ -65,6 +65,7 @@ private:
     bool hasAsyncAttribute() const final { return false; }
     bool hasDeferAttribute() const final { return false; }
     bool hasNoModuleAttribute() const final { return false; }
+    ReferrerPolicy referrerPolicy() const final { return ReferrerPolicy::EmptyString; }
     bool hasSourceAttribute() const final { return hasAttribute(SVGNames::hrefAttr) || hasAttribute(XLinkNames::hrefAttr); }
 
     void dispatchLoadEvent() final { SVGExternalResourcesRequired::dispatchLoadEvent(); }