From 156873316f0806ef387cbc2b9d702c0c04037d78 Mon Sep 17 00:00:00 2001 From: Hiroshige Hayashizaki Date: Wed, 18 Mar 2020 11:24:15 +0000 Subject: [PATCH] Bug 1622645 [wpt PR 22264] - [WPT/referrer-policy] Support subresource requests from data: URL workers, a=testonly Automatic update from web-platform-tests [WPT/referrer-policy] Support subresource requests from data: URL workers This CL makes stripUrlForUseAsReferrer() more spec-conformant, in order to support `data:` URLs as the argument, which can happen in testing subresource requests from data: URL workers (no such tests so far though). Bug: 906850 Change-Id: I3ba7b1fbf27e79624d9c09fa2c65862b45d17338 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2102302 Reviewed-by: Hiroki Nakagawa Reviewed-by: Kenichi Ishibashi Commit-Queue: Hiroshige Hayashizaki Cr-Commit-Position: refs/heads/master@{#750490} -- wpt-commits: 71baee5fc517bb9eb9ac064a387073fa5a82d061 wpt-pr: 22264 --- .../referrer-policy/generic/test-case.sub.js | 36 ++++++++++++++----- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/testing/web-platform/tests/referrer-policy/generic/test-case.sub.js b/testing/web-platform/tests/referrer-policy/generic/test-case.sub.js index a8292e57e1fe..a115837c86b3 100644 --- a/testing/web-platform/tests/referrer-policy/generic/test-case.sub.js +++ b/testing/web-platform/tests/referrer-policy/generic/test-case.sub.js @@ -1,10 +1,28 @@ -// NOTE: This method only strips the fragment and is not in accordance to the -// recommended draft specification: -// https://w3c.github.io/webappsec/specs/referrer-policy/#null -// TODO(kristijanburnik): Implement this helper as defined by spec once added -// scenarios for URLs containing username/password/etc. -function stripUrlForUseAsReferrer(url) { - return url.replace(/#.*$/, ""); +// https://w3c.github.io/webappsec-referrer-policy/#strip-url +function stripUrlForUseAsReferrer(url, originOnly) { + // Step 2. If url’s scheme is a local scheme, then return no referrer. + const parsedUrl = new URL(url); + + if (["about:", "blob:", "data:"].includes(parsedUrl.protocol)) + return undefined; + + // Step 3. Set url’s username to the empty string. + parsedUrl.username = ''; + + // Step 4. Set url’s password to null. + parsedUrl.password = ''; + + // Step 5. Set url’s fragment to null. + parsedUrl.hash = ''; + + // Step 6. If the origin-only flag is true, then: + if (originOnly) { + // Step 6.1. Set url’s path to null. + parsedUrl.pathname = ''; + // Step 6.2. Set url’s query to null. + parsedUrl.search = ''; + } + return parsedUrl.href; } function invokeScenario(scenario) { @@ -27,10 +45,10 @@ const referrerUrlResolver = { return undefined; }, "origin": function(sourceUrl) { - return new URL(sourceUrl).origin + "/"; + return stripUrlForUseAsReferrer(sourceUrl, true); }, "stripped-referrer": function(sourceUrl) { - return stripUrlForUseAsReferrer(sourceUrl); + return stripUrlForUseAsReferrer(sourceUrl, false); } };