testing/web-platform/tests/referrer-policy/generic/inheritance/iframe-inheritance-about-blank.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

<!doctype html>
<meta charset="utf-8">
<title>Referrer Policy: iframe src="about:blank"</title>
<link rel="author" title="Hiroshige Hayashizaki" href="mailto:hiroshige@chromium.org">
<link rel="author" title="Dom Farolino" href="mailto:dom@chromium.org">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name="referrer" content="origin">
<body>
<script>
const testFetchClientReferrer =
  async_test("The fetch() API in an about:blank iframe with the 'client' " +
             "referrer is fetched with no 'Referer' header");
const testFetchURLReferrer =
  async_test("The fetch() API in an about:blank iframe with a custom URL " +
             "referrer is fetched with a 'Referer` header that uses the " +
             "outer document's URL along with its referrer policy");
const testDocumentReferrer =
  async_test("The value of document.referrer in an about:blank iframe is the " +
             "outer document's full URL, regardless of referrer policy");
const testSubresource =
  async_test("A subresource fetched from an about:blank iframe is fetched " +
             "with no 'Referer' header");

window.addEventListener("message", msg => {
  const test_name = msg.data.test;
  const referrer = msg.data.referrer;
  if (test_name === "testFetchClientReferrer") {
    testFetchClientReferrer.step_func_done(() => {
      // Because the URL of the Document of <iframe src="about:blank"> is
      // "about:blank", the stripped URL is no referrer:
      // https://w3c.github.io/webappsec-referrer-policy/#strip-url.
      assert_equals(referrer, undefined);
    })();
  } else if (test_name === "testFetchURLReferrer") {
    // <iframe src="about:blank"> inherits its parent's referrer policy.
    // Note: Setting an explicit URL as referrer succeeds
    // because the same-origin check at
    // https://fetch.spec.whatwg.org/#dom-request
    // is done against <iframe>'s origin, which inherits the parent
    // Document's origin == location.orgin. Furthermore, since the iframe
    // inherits its parent's referrer policy, the URL should be restricted to
    // its origin.
    testFetchURLReferrer.step_func_done(() => {
      assert_equals(referrer, location.origin + '/');
    })();
  } else if (test_name === "testDocumentReferrer") {
    // The referrer of the initial document in an about:blank iframe is set to
    // its creating document's URL, unredacted by a referrer policy, as per step
    // 13 of:
    // https://html.spec.whatwg.org/multipage/browsers.html#creating-a-new-browsing-context.
    testDocumentReferrer.step_func_done(() => {
      assert_equals(referrer, location.href);
    })();
  } else if (test_name === "testSubresource") {
    // Because the URL of the Document of <iframe src="about:blank"> is
    // "about:blank", the stripped URL is no referrer:
    // https://w3c.github.io/webappsec-referrer-policy/#strip-url.
    testSubresource.step_func_done(() => {
      assert_equals(referrer, "");
    })();
  }
});

const iframe = document.createElement("iframe");

iframe.addEventListener("load", function() {
  const iframe_script = iframe.contentDocument.createElement('script');
  iframe_script.textContent = `
    // Test fetch() API with default "client" referrer.
    fetch("${location.origin}/common/security-features/subresource/xhr.py?name=testFetchClientReferrer")
      .then(r => r.json())
      .then(j => {
          top.postMessage({test: "testFetchClientReferrer", referrer: j.headers.referer}, "*")
        }).catch(e => {
          top.postMessage({test: "testFetchClientReferrer", referrer: "FAILURE"}, "*");
        });

    // Test fetch() API with custom URL referrer.
    fetch("${location.origin}/common/security-features/subresource/xhr.py?name=URL",
        {referrer: "${location.href}/custom"})
      .then(r => r.json())
      .then(j => {
          top.postMessage({test: "testFetchURLReferrer", referrer: j.headers.referer}, "*")
        }).catch(e => {
          top.postMessage({test: "testFetchURLReferrer", referrer: "FAILURE"}, "*");
        });

    // Test document.referrer.
    top.postMessage({test: "testDocumentReferrer", referrer: document.referrer}, "*");

    // Test a subresource being fetched by the iframe.
    const subresource_script = document.createElement('script');
    subresource_script.src = "${location.origin}/common/security-features/subresource/referrer.py";
    subresource_script.onload = e => {
      top.postMessage({test: "testSubresource", referrer: window.referrer}, "*");
    }
    subresource_script.onerror = function(e) {
      top.postMessage({test: "testSubresource", referrer: "FAILURE"}, "*");
    };
    document.head.appendChild(subresource_script);
  `;
  iframe.contentDocument.body.appendChild(iframe_script);
});

document.body.appendChild(iframe);
</script>