<!DOCTYPE html> <title>Prefetch with the referrer policy specified in speculation rules</title> <!--Split test cases due to the use of timeouts in speculation rules test utilities.--> <meta name="variant" content="?1-1"> <meta name="variant" content="?2-2"> <meta name="variant" content="?3-3"> <meta name="variant" content="?4-4"> <meta name="variant" content="?5-5"> <meta name="variant" content="?6-6"> <meta name="variant" content="?7-last"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <script src="/common/dispatcher/dispatcher.js"></script> <script src="/common/subset-tests.js"></script> <script src="/common/utils.js"></script> <script src="resources/utils.sub.js"></script> <script> "use strict"; subsetTest(promise_test, async t => { assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); const agent = await spawnWindow(t); await agent.setReferrerPolicy("strict-origin-when-cross-origin"); const expectedReferrer = agent.getExecutorURL().origin + "/"; const nextURL = agent.getExecutorURL({ page: 2 }); await agent.forceSinglePrefetch(nextURL, { referrer_policy: "strict-origin" }); await agent.navigate(nextURL); const headers = await agent.getRequestHeaders(); assert_prefetched(headers, "must be prefetched"); assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer"); }, 'with "strict-origin" referrer policy in rule set overriding "strict-origin-when-cross-origin" of referring page'); subsetTest(promise_test, async t => { assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); const agent = await spawnWindow(t); const next_url = agent.getExecutorURL({ page: 2 }); await agent.execute_script((url) => { const a = addLink(url); a.referrerPolicy = 'no-referrer'; insertDocumentRule(undefined, { referrer_policy: 'strict-origin' }); }, [next_url]); await new Promise(resolve => t.step_timeout(resolve, 2000)); await agent.navigate(next_url); const headers = await agent.getRequestHeaders(); assert_prefetched(headers, 'must be prefetched'); const expected_referrer = next_url.origin + '/'; assert_equals(headers.referer, expected_referrer, 'must send the origin as the referrer'); }, 'with "strict-origin" referrer policy in rule set override "no-referrer" of link'); subsetTest(promise_test, async t => { assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); const agent = await spawnWindow(t); await agent.setReferrerPolicy("unsafe-url"); const nextURL = agent.getExecutorURL({ hostname: PREFETCH_PROXY_BYPASS_HOST, page: 2 }); await agent.forceSinglePrefetch( nextURL, { referrer_policy: "no-referrer", requires: ["anonymous-client-ip-when-cross-origin"] }); await agent.navigate(nextURL); // This referring page's referrer policy would not be eligible for // cross-site prefetching, but setting a sufficiently strict policy in the // rule allows for prefetching. const headers = await agent.getRequestHeaders(); assert_prefetched(headers, "must be prefetched"); assert_equals(headers.referer, '', "must send no referrer"); }, 'with "no-referrer" referrer policy in rule set overriding "unsafe-url" of cross-site referring page'); subsetTest(promise_test, async t => { assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); const agent = await spawnWindow(t); await agent.setReferrerPolicy("strict-origin-when-cross-origin"); const nextURL = agent.getExecutorURL({ page: 2 }); await agent.forceSinglePrefetch(nextURL, { referrer_policy: "no-referrrrrrrer" }); await agent.navigate(nextURL); const headers = await agent.getRequestHeaders(); assert_not_prefetched(headers, "must not be prefetched"); }, 'unrecognized policies invalidate the rule'); subsetTest(promise_test, async t => { assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); const agent = await spawnWindow(t); await agent.setReferrerPolicy("strict-origin-when-cross-origin"); const nextURL = agent.getExecutorURL({ page: 2 }); await agent.forceSinglePrefetch(nextURL, { referrer_policy: "never" }); await agent.navigate(nextURL); const headers = await agent.getRequestHeaders(); assert_not_prefetched(headers, "must not be prefetched"); }, 'treat legacy referrer policy values as invalid'); subsetTest(promise_test, async t => { assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); const agent = await spawnWindow(t); await agent.setReferrerPolicy("strict-origin"); const expectedReferrer = agent.getExecutorURL().origin + "/"; const nextURL = agent.getExecutorURL({ hostname: PREFETCH_PROXY_BYPASS_HOST, page: 2 }); await agent.forceSinglePrefetch( nextURL, { referrer_policy: "unsafe-url", requires: ["anonymous-client-ip-when-cross-origin"] }); await agent.navigate(nextURL); // This referring page's referrer policy would normally make it eligible for // cross-site prefetching, but setting an unacceptable policy in the rule // makes it ineligible. const headers = await agent.getRequestHeaders(); assert_not_prefetched(headers, "must not be prefetched"); assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer"); }, 'with "unsafe-url" referrer policy in rule set overriding "strict-origin" of cross-site referring page'); subsetTest(promise_test, async t => { assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); const agent = await spawnWindow(t); await agent.setReferrerPolicy("strict-origin"); const expectedReferrer = agent.getExecutorURL().origin + "/"; const nextURL = agent.getExecutorURL({ page: 2 }); // The empty string is a valid value for "referrer_policy" and will be // treated as if the key were omitted. await agent.forceSinglePrefetch(nextURL, { referrer_policy: "" }); await agent.navigate(nextURL); const headers = await agent.getRequestHeaders(); assert_prefetched(headers, "must be prefetched"); assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer"); }, 'with empty string referrer policy in rule set defaulting to "strict-origin" of referring page'); </script>