1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
<!DOCTYPE html>
<html>
<head>
<title>Referrer with the strict-origin referrer policy</title>
<meta name="referrer" content="strict-origin">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script type="module">
// "name" parameter is necessary for bypassing the module map in descendant import.
import { referrer as insecureImport } from "./resources/import-referrer-checker-insecure.sub.js?name=insecure_import";
import { referrer as secureImport } from "https://{{domains[www]}}:{{ports[https][0]}}/html/semantics/scripting-1/the-script-element/module/resources/import-referrer-checker-insecure.sub.js?name=secure_import";
const origin = (new URL(location.href)).origin + "/";
test(t => {
assert_equals(
insecureImport, origin,
"A document with the strict-origin referrer policy served over HTTP, " +
"imports an module script over HTTP, that imports a descendant script " +
"over HTTP. The request for the descendant script is sent with a " +
"`Referer` header with the page's origin");
assert_equals(
secureImport, "",
"A document with the strict-origin referrer policy served over HTTP, " +
"imports an module script over HTTPS, that imports a descendant script " +
"over HTTP. The request for the descendant script is sent with no " +
"`Referer` header");
}, "The strict-* referrer policies compare the trustworthiness of a " +
"request's referrer string against its URL");
</script>
</body>
</html>
|
