1 files changed, 34 insertions, 0 deletions

diff --git a/testing/web-platform/tests/referrer-policy/generic/multiple-headers-one-invalid.html b/testing/web-platform/tests/referrer-policy/generic/multiple-headers-one-invalid.html
new file mode 100644
index 0000000000..eca734601a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/multiple-headers-one-invalid.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Referrer Policy: multiple Referrer-Policy headers with one invalid</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+
+    <script src="/common/security-features/resources/common.sub.js"></script>
+  </head>
+  <body>
+    <h1>Referrer Policy: multiple Referrer-Policy headers with one invalid</h1>
+    <p></p>
+
+    <pre id="received_message">Running...</pre>
+
+    <script>
+      promise_test(() => {
+        var urlPath = '/common/security-features/subresource/image.py?cache_destroyer=' + (new Date()).getTime();
+        // The default referrer policy is strict-origin-when-cross-origin.
+        // This document's headers contain the 'origin' and 'no-referrer' tokens,
+        // and we're making a same-origin image load, so, if the image request,
+        // uses the default policy (which is what this test's verifying), we
+        // should see the full initiating URL in the referrer, rather than just
+        // the origin or an empty string.
+        return requestViaImage(urlPath, null, 'no-referrer')
+          .then(function(message) {
+              assert_equals(message.referrer, document.location.href);
+            });
+      }, "Referrer policy header parsing fails if one header is invalid");
+    </script>
+
+    <div id="log"></div>
+  </body>
+</html>