| <!DOCTYPE html> |
| <title>Prefetch with the referrer policy specified in speculation rules</title> |
| |
| <!--Split test cases due to the use of timeouts in speculation rules test utilities.--> |
| <meta name="variant" content="?1-1"> |
| <meta name="variant" content="?2-2"> |
| <meta name="variant" content="?3-3"> |
| <meta name="variant" content="?4-4"> |
| <meta name="variant" content="?5-5"> |
| <meta name="variant" content="?6-last"> |
| |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/dispatcher/dispatcher.js"></script> |
| <script src="/common/subset-tests.js"></script> |
| <script src="/common/utils.js"></script> |
| <script src="resources/utils.sub.js"></script> |
| |
| <script> |
| "use strict"; |
| |
| subsetTest(promise_test, async t => { |
| assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); |
| |
| const agent = await spawnWindow(t); |
| await agent.setReferrerPolicy("strict-origin-when-cross-origin"); |
| const expectedReferrer = agent.getExecutorURL().origin + "/"; |
| |
| const nextURL = agent.getExecutorURL({ page: 2 }); |
| await agent.forceSinglePrefetch(nextURL, { referrer_policy: "strict-origin" }); |
| await agent.navigate(nextURL); |
| |
| const headers = await agent.getRequestHeaders(); |
| assert_prefetched(headers, "must be prefetched"); |
| assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer"); |
| }, 'with "strict-origin" referrer policy in rule set overriding "strict-origin-when-cross-origin" of referring page'); |
| |
| subsetTest(promise_test, async t => { |
| assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); |
| |
| const agent = await spawnWindow(t); |
| const next_url = agent.getExecutorURL({ page: 2 }); |
| await agent.execute_script((url) => { |
| const a = addLink(url); |
| a.referrerPolicy = 'no-referrer'; |
| insertDocumentRule(undefined, { referrer_policy: 'strict-origin' }); |
| }, [next_url]); |
| await new Promise(resolve => t.step_timeout(resolve, 2000)); |
| await agent.navigate(next_url); |
| |
| const headers = await agent.getRequestHeaders(); |
| assert_prefetched(headers, 'must be prefetched'); |
| const expected_referrer = next_url.origin + '/'; |
| assert_equals(headers.referer, expected_referrer, 'must send the origin as the referrer'); |
| }, 'with "strict-origin" referrer policy in rule set override "no-referrer" of link'); |
| |
| subsetTest(promise_test, async t => { |
| assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); |
| |
| const agent = await spawnWindow(t); |
| await agent.setReferrerPolicy("unsafe-url"); |
| |
| const nextURL = agent.getExecutorURL({ hostname: PREFETCH_PROXY_BYPASS_HOST, page: 2 }); |
| await agent.forceSinglePrefetch( |
| nextURL, { referrer_policy: "no-referrer", requires: ["anonymous-client-ip-when-cross-origin"] }); |
| await agent.navigate(nextURL); |
| |
| // This referring page's referrer policy would not be eligible for |
| // cross-site prefetching, but setting a sufficiently strict policy in the |
| // rule allows for prefetching. |
| const headers = await agent.getRequestHeaders(); |
| assert_prefetched(headers, "must be prefetched"); |
| assert_equals(headers.referer, '', "must send no referrer"); |
| }, 'with "no-referrer" referrer policy in rule set overriding "unsafe-url" of cross-site referring page'); |
| |
| subsetTest(promise_test, async t => { |
| assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); |
| |
| const agent = await spawnWindow(t); |
| await agent.setReferrerPolicy("strict-origin-when-cross-origin"); |
| |
| const nextURL = agent.getExecutorURL({ page: 2 }); |
| await agent.forceSinglePrefetch(nextURL, { referrer_policy: "no-referrrrrrrer" }); |
| await agent.navigate(nextURL); |
| |
| const headers = await agent.getRequestHeaders(); |
| assert_not_prefetched(headers, "must not be prefetched"); |
| }, 'unrecognized policies invalidate the rule'); |
| |
| subsetTest(promise_test, async t => { |
| assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); |
| |
| const agent = await spawnWindow(t); |
| await agent.setReferrerPolicy("strict-origin-when-cross-origin"); |
| |
| const nextURL = agent.getExecutorURL({ page: 2 }); |
| await agent.forceSinglePrefetch(nextURL, { referrer_policy: "never" }); |
| await agent.navigate(nextURL); |
| |
| const headers = await agent.getRequestHeaders(); |
| assert_not_prefetched(headers, "must not be prefetched"); |
| }, 'treat legacy referrer policy values as invalid'); |
| |
| subsetTest(promise_test, async t => { |
| assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); |
| |
| const agent = await spawnWindow(t); |
| await agent.setReferrerPolicy("strict-origin"); |
| const expectedReferrer = agent.getExecutorURL().origin + "/"; |
| |
| const nextURL = agent.getExecutorURL({ hostname: PREFETCH_PROXY_BYPASS_HOST, page: 2 }); |
| await agent.forceSinglePrefetch( |
| nextURL, { referrer_policy: "unsafe-url", requires: ["anonymous-client-ip-when-cross-origin"] }); |
| await agent.navigate(nextURL); |
| |
| // This referring page's referrer policy would normally make it eligible for |
| // cross-site prefetching, but setting an unacceptable policy in the rule |
| // makes it ineligible. |
| const headers = await agent.getRequestHeaders(); |
| assert_not_prefetched(headers, "must not be prefetched"); |
| assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer"); |
| }, 'with "unsafe-url" referrer policy in rule set overriding "strict-origin" of cross-site referring page'); |
| |
| </script> |