commit e1720c576c47dfef2557f620b1d1dc10b3594867
author Sam Sneddon <gsnedders@apple.com> Wed Jul 14 11:40:34 2021
committer GitHub <noreply@github.com> Wed Jul 14 11:40:34 2021
tree 34fd7c383af2543a36bbd433c5d1a33d3808eca6
parent 6f7552921abb51b1bfafbce7cd5bd46ca7618d7a

Make the Referrer-Policy tests allow further truncated referrers (#29434)

This allows UAs to take advantage of the spec's allowance to be more
aggressive than otherwise:

> The user agent MAY alter referrerURL or referrerOrigin at this point
> to enforce arbitrary policy considerations in the interests of
> minimizing data leakage.

referrer-policy/generic/test-case.sub.js

diff --git a/referrer-policy/generic/test-case.sub.js b/referrer-policy/generic/test-case.sub.js
index 6656084..717cd1a 100644
--- a/referrer-policy/generic/test-case.sub.js
+++ b/referrer-policy/generic/test-case.sub.js
@@ -41,14 +41,20 @@
 }
 
 const referrerUrlResolver = {
+  // The spec allows UAs to "enforce arbitrary policy considerations in the
+  // interests of minimizing data leakage"; to start to vaguely approximate
+  // this, we allow stronger policies to be used instead of what's specificed.
   "omitted": function(sourceUrl) {
-    return undefined;
+    return [undefined];
   },
   "origin": function(sourceUrl) {
-    return stripUrlForUseAsReferrer(sourceUrl, true);
+    return [stripUrlForUseAsReferrer(sourceUrl, true),
+            undefined];
   },
   "stripped-referrer": function(sourceUrl) {
-    return stripUrlForUseAsReferrer(sourceUrl, false);
+    return [stripUrlForUseAsReferrer(sourceUrl, false),
+            stripUrlForUseAsReferrer(sourceUrl, true),
+            undefined];
   }
 };
 
@@ -70,18 +76,16 @@
     // external <iframe>.
     referrerSource = location.toString();
   }
-  const expectedReferrerUrl =
+  const possibleReferrerUrls =
     referrerUrlResolver[expectation](referrerSource);
 
   // Check the reported URL.
-  assert_equals(result.referrer,
-                expectedReferrerUrl,
-                "Reported Referrer URL is '" +
-                expectation + "'.");
-  assert_equals(result.headers.referer,
-                expectedReferrerUrl,
-                "Reported Referrer URL from HTTP header is '" +
-                expectedReferrerUrl + "'");
+  assert_in_array(result.referrer,
+                  possibleReferrerUrls,
+                  "document.referrer");
+  assert_in_array(result.headers.referer,
+                  possibleReferrerUrls,
+                  "HTTP Referer header");
 }
 
 function runLengthTest(scenario, urlLength, expectation, testDescription) {