Skip to content

Commit

Permalink
Add WPT for referrer handling in HTTPS Upgrades
Browse files Browse the repository at this point in the history 
This WPT test checks that HTTPS Upgrading does not drop referrer
information when:
1. Referrer policy is no-referrer-when-downgrade
2. A navigation is made to an URL is HTTP
3. Navigated URL is successfully upgraded to HTTPS

In this scenario, the upgraded HTTPS URL should get the referrer
information since the connection was never downgraded to an unsafe
URL.

The current implementation of HTTPS Upgrades in Chrome doesn't pass
this test, dropping the referrer.

Bug: 1394910
Change-Id: I459e5fcdc97adc19dc42aa5ba1ca0b1617d2158d
  • Loading branch information
@meacer @chromium-wpt-export-bot
meacer authored and chromium-wpt-export-bot committed Dec 14, 2023
1 parent 9cc0bbf commit 3276e8d
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 0 deletions.
13 changes: 13 additions & 0 deletions https-upgrades/resources/pass-with-referrer.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<body>
<script>
window.onload = (event) => {
window.opener.postMessage({
'pass': true,
'referrer': document.referrer},
'*');
};
</script>
</body>
</html>
29 changes: 29 additions & 0 deletions https-upgrades/tentative/referrer.https.sub.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<!DOCTYPE html>
<html>
<head>
<title>HTTPS Upgrades: Upgrade.</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>

<meta name="referrer" content="no-referrer-when-downgrade" />

</head>
<body>
<script>
setup({ single_test: true });
// When the referrer policy is no-referrer-when-downgrade, HTTPS upgrades should not drop
// the referrer upon navigating to an HTTP URL if the upgrade is successful.

// HTTPS upgrades don't change custom ports, so this will load correctly if an HTTPS upgrade is performed,
// and will fail to load otherwise (since the port will be wrong for http).
var url = new URL("http://{{host}}:{{ports[https][0]}}/https-upgrades/resources/pass-with-referrer.html")
window.onmessage = function(event) {
if (event.data['pass'] && event.data['referrer'] == document.location.href) {
done();
}
}
win = window.open(url)
</script>
</body>
</html>

0 comments on commit 3276e8d

Please sign in to comment.