Add WPT for referrer handling in HTTPS Upgrades

This WPT test checks that HTTPS Upgrading does not drop referrer information when: 1. Referrer policy is no-referrer-when-downgrade 2. A navigation is made to an URL is HTTP 3. Navigated URL is successfully upgraded to HTTPS In this scenario, the upgraded HTTPS URL should get the referrer information since the connection was never downgraded to an unsafe URL. The current implementation of HTTPS Upgrades in Chrome doesn't pass this test, dropping the referrer. Bug: 1394910 Change-Id: I459e5fcdc97adc19dc42aa5ba1ca0b1617d2158d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5122096 Reviewed-by: Carlos IL <carlosil@chromium.org> Commit-Queue: Mustafa Emre Acer <meacer@chromium.org> Cr-Commit-Position: refs/heads/main@{#1237834}
web-platform-tests · Dec 15, 2023 · 49df45f · 49df45f
1 parent 0bd1bde
commit 49df45f
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 0 deletions.
diff --git a/https-upgrades/resources/pass-with-referrer.html b/https-upgrades/resources/pass-with-referrer.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <body>
+    <script>
+      window.onload = (event) => {
+          window.opener.postMessage({
+              'pass': true,
+              'referrer': document.referrer},
+            '*');
+      };
+    </script>
+  </body>
+</html>
diff --git a/https-upgrades/tentative/referrer.https.sub.html b/https-upgrades/tentative/referrer.https.sub.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>HTTPS Upgrades: Upgrade.</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+
+    <meta name="referrer" content="no-referrer-when-downgrade" />
+
+  </head>
+  <body>
+    <script>
+      setup({ single_test: true });
+      // When the referrer policy is no-referrer-when-downgrade, HTTPS upgrades should not drop
+      // the referrer upon navigating to an HTTP URL if the upgrade is successful.
+
+      // HTTPS upgrades don't change custom ports, so this will load correctly if an HTTPS upgrade is performed,
+      // and will fail to load otherwise (since the port will be wrong for http).
+      var url = new URL("http://{{host}}:{{ports[https][0]}}/https-upgrades/resources/pass-with-referrer.html")
+      window.onmessage = function(event) {
+          if (event.data['pass'] && event.data['referrer'] == document.location.href) {
+              done();
+          }
+      }
+      win = window.open(url)
+    </script>
+  </body>
+</html>