summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fetch/api/policies
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/fetch/api/policies
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fetch/api/policies')
-rw-r--r--testing/web-platform/tests/fetch/api/policies/csp-blocked-worker.html16
-rw-r--r--testing/web-platform/tests/fetch/api/policies/csp-blocked.html15
-rw-r--r--testing/web-platform/tests/fetch/api/policies/csp-blocked.html.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/csp-blocked.js13
-rw-r--r--testing/web-platform/tests/fetch/api/policies/csp-blocked.js.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/nested-policy.js1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/nested-policy.js.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-service-worker.https.html18
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-worker.html17
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html15
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js19
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-service-worker.https.html18
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-service-worker.https.html17
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-worker.html16
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html16
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js21
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin-worker.html17
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin.html16
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin.html.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin.js30
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-origin.js.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-service-worker.https.html18
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-worker.html17
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html16
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html.headers1
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js21
-rw-r--r--testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js.headers1
31 files changed, 348 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/api/policies/csp-blocked-worker.html b/testing/web-platform/tests/fetch/api/policies/csp-blocked-worker.html
new file mode 100644
index 0000000000..e8660dffa9
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/csp-blocked-worker.html
@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: blocked by CSP</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script>
+ fetch_tests_from_worker(new Worker("csp-blocked.js"));
+ </script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/csp-blocked.html b/testing/web-platform/tests/fetch/api/policies/csp-blocked.html
new file mode 100644
index 0000000000..99e90dfcd8
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/csp-blocked.html
@@ -0,0 +1,15 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: blocked by CSP</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script src="../resources/utils.js"></script>
+ <script src="csp-blocked.js"></script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/csp-blocked.html.headers b/testing/web-platform/tests/fetch/api/policies/csp-blocked.html.headers
new file mode 100644
index 0000000000..c8c1e9ffbd
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/csp-blocked.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: connect-src 'none'; \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/csp-blocked.js b/testing/web-platform/tests/fetch/api/policies/csp-blocked.js
new file mode 100644
index 0000000000..28653fff85
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/csp-blocked.js
@@ -0,0 +1,13 @@
+if (this.document === undefined) {
+ importScripts("/resources/testharness.js");
+ importScripts("../resources/utils.js");
+}
+
+//Content-Security-Policy: connect-src 'none'; cf .headers file
+cspViolationUrl = RESOURCES_DIR + "top.txt";
+
+promise_test(function(test) {
+ return promise_rejects_js(test, TypeError, fetch(cspViolationUrl));
+}, "Fetch is blocked by CSP, got a TypeError");
+
+done();
diff --git a/testing/web-platform/tests/fetch/api/policies/csp-blocked.js.headers b/testing/web-platform/tests/fetch/api/policies/csp-blocked.js.headers
new file mode 100644
index 0000000000..c8c1e9ffbd
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/csp-blocked.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: connect-src 'none'; \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/nested-policy.js b/testing/web-platform/tests/fetch/api/policies/nested-policy.js
new file mode 100644
index 0000000000..b0d17696c3
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/nested-policy.js
@@ -0,0 +1 @@
+// empty, but referrer-policy set on this file
diff --git a/testing/web-platform/tests/fetch/api/policies/nested-policy.js.headers b/testing/web-platform/tests/fetch/api/policies/nested-policy.js.headers
new file mode 100644
index 0000000000..7ffbf17d6b
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/nested-policy.js.headers
@@ -0,0 +1 @@
+Referrer-Policy: no-referrer
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-service-worker.https.html b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-service-worker.https.html
new file mode 100644
index 0000000000..af898aa29f
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-service-worker.https.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in service worker: referrer with no-referrer policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ service_worker_test("referrer-no-referrer.js");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-worker.html b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-worker.html
new file mode 100644
index 0000000000..dbef9bb658
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer-worker.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: referrer with no-referrer policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script>
+ fetch_tests_from_worker(new Worker("referrer-no-referrer.js"));
+ </script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html
new file mode 100644
index 0000000000..22a6f34c52
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html
@@ -0,0 +1,15 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: referrer with no-referrer policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script src="../resources/utils.js"></script>
+ <script src="referrer-no-referrer.js"></script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html.headers b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html.headers
new file mode 100644
index 0000000000..7ffbf17d6b
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.html.headers
@@ -0,0 +1 @@
+Referrer-Policy: no-referrer
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js
new file mode 100644
index 0000000000..60600bf081
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js
@@ -0,0 +1,19 @@
+if (this.document === undefined) {
+ importScripts("/resources/testharness.js");
+ importScripts("../resources/utils.js");
+}
+
+var fetchedUrl = RESOURCES_DIR + "inspect-headers.py?headers=origin";
+
+promise_test(function(test) {
+ return fetch(fetchedUrl).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ var referrer = resp.headers.get("x-request-referer");
+ //Either no referrer header is sent or it is empty
+ if (referrer)
+ assert_equals(referrer, "", "request's referrer is empty");
+ });
+}, "Request's referrer is empty");
+
+done();
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js.headers b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js.headers
new file mode 100644
index 0000000000..7ffbf17d6b
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-no-referrer.js.headers
@@ -0,0 +1 @@
+Referrer-Policy: no-referrer
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-service-worker.https.html b/testing/web-platform/tests/fetch/api/policies/referrer-origin-service-worker.https.html
new file mode 100644
index 0000000000..4018b83781
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-service-worker.https.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in service worker: referrer with no-referrer policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ service_worker_test("referrer-origin.js?pipe=sub");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-service-worker.https.html b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-service-worker.https.html
new file mode 100644
index 0000000000..d87192e227
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-service-worker.https.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in service worker: referrer with origin-when-cross-origin policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ service_worker_test("referrer-origin-when-cross-origin.js?pipe=sub");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-worker.html b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-worker.html
new file mode 100644
index 0000000000..f95ae8cf08
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin-worker.html
@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: referrer with origin-when-cross-origin policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script>
+ fetch_tests_from_worker(new Worker("referrer-origin-when-cross-origin.js?pipe=sub"));
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html
new file mode 100644
index 0000000000..5cd79e4b53
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html
@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: referrer with origin-when-cross-origin policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/get-host-info.sub.js"></script>
+ </head>
+ <body>
+ <script src="../resources/utils.js"></script>
+ <script src="referrer-origin-when-cross-origin.js?pipe=sub"></script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html.headers b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html.headers
new file mode 100644
index 0000000000..ad768e6329
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.html.headers
@@ -0,0 +1 @@
+Referrer-Policy: origin-when-cross-origin
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js
new file mode 100644
index 0000000000..0adadbc550
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js
@@ -0,0 +1,21 @@
+if (this.document === undefined) {
+ importScripts("/resources/testharness.js");
+ importScripts("../resources/utils.js");
+ importScripts("/common/get-host-info.sub.js");
+
+ // A nested importScripts() with a referrer-policy should have no effect
+ // on overall worker policy.
+ importScripts("nested-policy.js");
+}
+
+var referrerOrigin = location.origin + '/';
+var fetchedUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?cors&headers=referer";
+
+promise_test(function(test) {
+ return fetch(fetchedUrl).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.headers.get("x-request-referer"), referrerOrigin, "request's referrer is " + referrerOrigin);
+ });
+}, "Request's referrer is origin");
+
+done();
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js.headers b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js.headers
new file mode 100644
index 0000000000..ad768e6329
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-when-cross-origin.js.headers
@@ -0,0 +1 @@
+Referrer-Policy: origin-when-cross-origin
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin-worker.html b/testing/web-platform/tests/fetch/api/policies/referrer-origin-worker.html
new file mode 100644
index 0000000000..bb80dd54fb
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin-worker.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: referrer with origin policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script>
+ fetch_tests_from_worker(new Worker("referrer-origin.js?pipe=sub"));
+ </script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin.html b/testing/web-platform/tests/fetch/api/policies/referrer-origin.html
new file mode 100644
index 0000000000..b164afe01d
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin.html
@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: referrer with origin policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script src="../resources/utils.js"></script>
+ <script src="referrer-origin.js?pipe=sub"></script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin.html.headers b/testing/web-platform/tests/fetch/api/policies/referrer-origin.html.headers
new file mode 100644
index 0000000000..5b29739bbd
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin.html.headers
@@ -0,0 +1 @@
+Referrer-Policy: origin
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin.js b/testing/web-platform/tests/fetch/api/policies/referrer-origin.js
new file mode 100644
index 0000000000..918f8f207c
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin.js
@@ -0,0 +1,30 @@
+if (this.document === undefined) {
+ importScripts("/resources/testharness.js");
+ importScripts("../resources/utils.js");
+
+ // A nested importScripts() with a referrer-policy should have no effect
+ // on overall worker policy.
+ importScripts("nested-policy.js");
+}
+
+var referrerOrigin = (new URL("/", location.href)).href;
+var fetchedUrl = RESOURCES_DIR + "inspect-headers.py?headers=referer";
+
+promise_test(function(test) {
+ return fetch(fetchedUrl).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ assert_equals(resp.headers.get("x-request-referer"), referrerOrigin, "request's referrer is " + referrerOrigin);
+ });
+}, "Request's referrer is origin");
+
+promise_test(function(test) {
+ var referrerUrl = "https://{{domains[www]}}:{{ports[https][0]}}/";
+ return fetch(fetchedUrl, { "referrer": referrerUrl }).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ assert_equals(resp.headers.get("x-request-referer"), referrerOrigin, "request's referrer is " + referrerOrigin);
+ });
+}, "Cross-origin referrer is overridden by client origin");
+
+done();
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-origin.js.headers b/testing/web-platform/tests/fetch/api/policies/referrer-origin.js.headers
new file mode 100644
index 0000000000..5b29739bbd
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-origin.js.headers
@@ -0,0 +1 @@
+Referrer-Policy: origin
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-service-worker.https.html b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-service-worker.https.html
new file mode 100644
index 0000000000..634877edae
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-service-worker.https.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: referrer with unsafe-url policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ service_worker_test("referrer-unsafe-url.js");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-worker.html b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-worker.html
new file mode 100644
index 0000000000..42045776b1
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url-worker.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: referrer with unsafe-url policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script>
+ fetch_tests_from_worker(new Worker("referrer-unsafe-url.js"));
+ </script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html
new file mode 100644
index 0000000000..10dd79e3d3
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html
@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: referrer with unsafe-url policy</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#main-fetch">
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-network-or-cache-fetch">
+ <meta name="author" title="Canon Research France" href="https://www.crf.canon.fr">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script src="../resources/utils.js"></script>
+ <script src="referrer-unsafe-url.js"></script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html.headers b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html.headers
new file mode 100644
index 0000000000..8e23770bd6
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.html.headers
@@ -0,0 +1 @@
+Referrer-Policy: unsafe-url
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js
new file mode 100644
index 0000000000..4d61172613
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js
@@ -0,0 +1,21 @@
+if (this.document === undefined) {
+ importScripts("/resources/testharness.js");
+ importScripts("../resources/utils.js");
+
+ // A nested importScripts() with a referrer-policy should have no effect
+ // on overall worker policy.
+ importScripts("nested-policy.js");
+}
+
+var referrerUrl = location.href;
+var fetchedUrl = RESOURCES_DIR + "inspect-headers.py?headers=referer";
+
+promise_test(function(test) {
+ return fetch(fetchedUrl).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ assert_equals(resp.headers.get("x-request-referer"), referrerUrl, "request's referrer is " + referrerUrl);
+ });
+}, "Request's referrer is the full url of current document/worker");
+
+done();
diff --git a/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js.headers b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js.headers
new file mode 100644
index 0000000000..8e23770bd6
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/policies/referrer-unsafe-url.js.headers
@@ -0,0 +1 @@
+Referrer-Policy: unsafe-url