1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
8 #include "base/command_line.h"
9 #include "base/strings/string_number_conversions.h"
10 #include "base/strings/stringprintf.h"
11 #include "base/strings/utf_string_conversions.h"
12 #include "base/synchronization/lock.h"
13 #include "base/thread_annotations.h"
14 #include "chrome/app/chrome_command_ids.h"
15 #include "chrome/browser/browser_process.h"
16 #include "chrome/browser/chrome_notification_types.h"
17 #include "chrome/browser/net/system_network_context_manager.h"
18 #include "chrome/browser/renderer_context_menu/render_view_context_menu.h"
19 #include "chrome/browser/renderer_context_menu/render_view_context_menu_browsertest_util.h"
20 #include "chrome/browser/ui/browser.h"
21 #include "chrome/browser/ui/browser_commands.h"
22 #include "chrome/browser/ui/tabs/tab_strip_model.h"
23 #include "chrome/common/chrome_features.h"
24 #include "chrome/common/pref_names.h"
25 #include "chrome/test/base/in_process_browser_test.h"
26 #include "chrome/test/base/ui_test_utils.h"
27 #include "components/prefs/pref_service.h"
28 #include "content/public/browser/browser_thread.h"
29 #include "content/public/browser/navigation_controller.h"
30 #include "content/public/browser/navigation_entry.h"
31 #include "content/public/browser/notification_service.h"
32 #include "content/public/browser/render_view_host.h"
33 #include "content/public/browser/render_widget_host.h"
34 #include "content/public/browser/storage_partition.h"
35 #include "content/public/browser/web_contents.h"
36 #include "content/public/common/content_features.h"
37 #include "content/public/test/browser_test.h"
38 #include "content/public/test/browser_test_utils.h"
39 #include "net/base/features.h"
40 #include "net/test/embedded_test_server/http_request.h"
41 #include "services/network/public/mojom/referrer_policy.mojom-shared.h"
42 #include "third_party/blink/public/common/features.h"
43 #include "third_party/blink/public/common/input/web_input_event.h"
44 #include "third_party/blink/public/common/input/web_mouse_event.h"
45 #include "third_party/blink/public/common/loader/referrer_utils.h"
46 #include "third_party/blink/public/common/switches.h"
47 #include "ui/base/page_transition_types.h"
48 #include "ui/base/window_open_disposition.h"
50 class ReferrerPolicyTest : public InProcessBrowserTest {
52 ReferrerPolicyTest() : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
53 // Subclasses might want to verify the requests that arrive at servers;
54 // register a default no-op handler that subclasses may override.
55 embedded_test_server()->RegisterRequestMonitor(base::BindRepeating(
56 &ReferrerPolicyTest::OnServerIncomingRequest, base::Unretained(this)));
57 https_server_.RegisterRequestMonitor(base::BindRepeating(
58 &ReferrerPolicyTest::OnServerIncomingRequest, base::Unretained(this)));
60 https_server_.AddDefaultHandlers(GetChromeTestDataDir());
61 EXPECT_TRUE(embedded_test_server()->Start());
62 EXPECT_TRUE(https_server_.Start());
64 ~ReferrerPolicyTest() override = default;
66 enum ExpectedReferrer {
67 EXPECT_EMPTY_REFERRER,
69 EXPECT_ORIGIN_AS_REFERRER
72 void SetUpCommandLine(base::CommandLine* command_line) override {
73 // Some builders are flaky due to slower loading interacting
74 // with deferred commits.
75 command_line->AppendSwitch(blink::switches::kAllowPreCommitInput);
79 // Callback to verify that HTTP requests have the correct headers;
80 // currently, (See the comment on RequestCheck, below.)
81 virtual void OnServerIncomingRequest(
82 const net::test_server::HttpRequest& request) {
83 base::AutoLock lock(check_on_requests_lock_);
84 if (!check_on_requests_)
87 if (request.relative_url != check_on_requests_->destination_url_to_match)
90 auto it = request.headers.find("Referer");
92 if (check_on_requests_->expected_spec.empty()) {
93 EXPECT_TRUE(it == request.headers.end()) << it->second;
95 EXPECT_TRUE(it != request.headers.end());
96 if (it != request.headers.end())
97 EXPECT_EQ(it->second, check_on_requests_->expected_spec);
101 // Returns the expected title for the tab with the given (full) referrer and
102 // the expected modification of it.
103 std::u16string GetExpectedTitle(const GURL& url,
104 ExpectedReferrer expected_referrer) {
105 std::string referrer;
106 switch (expected_referrer) {
107 case EXPECT_EMPTY_REFERRER:
108 referrer = "Referrer is empty";
110 case EXPECT_FULL_REFERRER:
111 referrer = "Referrer is " + url.spec();
113 case EXPECT_ORIGIN_AS_REFERRER:
114 referrer = "Referrer is " + url.GetWithEmptyPath().spec();
117 return base::ASCIIToUTF16(referrer);
120 // Adds all possible titles to the TitleWatcher, so we don't time out
121 // waiting for the title if the test fails.
122 void AddAllPossibleTitles(const GURL& url,
123 content::TitleWatcher* title_watcher) {
124 title_watcher->AlsoWaitForTitle(
125 GetExpectedTitle(url, EXPECT_EMPTY_REFERRER));
126 title_watcher->AlsoWaitForTitle(
127 GetExpectedTitle(url, EXPECT_FULL_REFERRER));
128 title_watcher->AlsoWaitForTitle(
129 GetExpectedTitle(url, EXPECT_ORIGIN_AS_REFERRER));
132 enum StartOnProtocol { START_ON_HTTP, START_ON_HTTPS, };
134 enum LinkType { REGULAR_LINK, LINK_WITH_TARGET_BLANK, };
137 NO_REDIRECT, // direct navigation via HTTP
138 HTTPS_NO_REDIRECT, // direct navigation via HTTPS
139 SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
140 SERVER_REDIRECT_FROM_HTTP_TO_HTTP,
141 SERVER_REDIRECT_FROM_HTTP_TO_HTTPS
144 enum RendererOrBrowserInitiated { RENDERER_INITIATED, BROWSER_INITIATED };
146 // Navigates from a page with a given |referrer_policy| and checks that the
147 // reported referrer matches the expectation.
149 // referrer_policy: The referrer policy to test.
150 // start_protocol: The protocol the test should start on.
151 // link_type: The link type that is used to trigger the navigation.
152 // redirect: Whether the link target should redirect and how.
153 // disposition: The disposition for the navigation.
154 // button: If not WebMouseEvent::Button::NoButton, click on the
155 // link with the specified mouse button.
156 // expected_referrer: The kind of referrer to expect.
157 // expected_referrer_policy: The expected referrer policy of the activity.
158 // renderer_or_browser_initiated: If BROWSER_INITIATED, uses Navigate() to
159 // load in the current WebContents and disregards the value of |button|.
162 // The URL of the first page navigated to.
163 GURL RunReferrerTest(const network::mojom::ReferrerPolicy referrer_policy,
164 StartOnProtocol start_protocol,
166 RedirectType redirect,
167 WindowOpenDisposition disposition,
168 blink::WebMouseEvent::Button button,
169 ExpectedReferrer expected_referrer,
170 network::mojom::ReferrerPolicy expected_referrer_policy,
171 RendererOrBrowserInitiated
172 renderer_or_browser_initiated = RENDERER_INITIATED) {
176 redirect_url = embedded_test_server()->GetURL(
177 "/referrer_policy/referrer-policy-log.html");
179 case HTTPS_NO_REDIRECT:
181 https_server_.GetURL("/referrer_policy/referrer-policy-log.html");
183 case SERVER_REDIRECT_FROM_HTTPS_TO_HTTP:
184 redirect_url = https_server_.GetURL(
185 std::string("/server-redirect?") +
186 embedded_test_server()
187 ->GetURL("/referrer_policy/referrer-policy-log.html")
190 case SERVER_REDIRECT_FROM_HTTP_TO_HTTP:
191 redirect_url = embedded_test_server()->GetURL(
192 std::string("/server-redirect?") +
193 embedded_test_server()
194 ->GetURL("/referrer_policy/referrer-policy-log.html")
197 case SERVER_REDIRECT_FROM_HTTP_TO_HTTPS:
198 redirect_url = embedded_test_server()->GetURL(
199 std::string("/server-redirect?") +
200 https_server_.GetURL("/referrer_policy/referrer-policy-log.html")
205 std::string relative_url =
206 std::string("/referrer_policy/referrer-policy-start.html?") +
207 "policy=" + content::ReferrerPolicyToString(referrer_policy) +
208 "&redirect=" + redirect_url.spec() + "&link=" +
209 ((button == blink::WebMouseEvent::Button::kNoButton &&
210 renderer_or_browser_initiated == RENDERER_INITIATED)
213 "&target=" + (link_type == LINK_WITH_TARGET_BLANK ? "_blank" : "");
215 auto* start_test_server = start_protocol == START_ON_HTTPS
217 : embedded_test_server();
218 const GURL start_url = start_test_server->GetURL(relative_url);
220 ui_test_utils::AllBrowserTabAddedWaiter add_tab;
222 std::u16string expected_title =
223 GetExpectedTitle(start_url, expected_referrer);
224 content::WebContents* tab =
225 browser()->tab_strip_model()->GetActiveWebContents();
226 content::TitleWatcher title_watcher(tab, expected_title);
228 std::string expected_referrer_value;
229 if (expected_referrer != EXPECT_EMPTY_REFERRER) {
230 expected_referrer_value =
231 base::UTF16ToASCII(expected_title)
232 .substr(base::StringPiece("Referrer is ").size());
234 base::ReleasableAutoLock releaseable_lock(&check_on_requests_lock_);
235 check_on_requests_ = RequestCheck{
236 expected_referrer_value, "/referrer_policy/referrer-policy-log.html"};
237 releaseable_lock.Release();
239 // Watch for all possible outcomes to avoid timeouts if something breaks.
240 AddAllPossibleTitles(start_url, &title_watcher);
242 ui_test_utils::NavigateToURL(browser(), start_url);
244 if (renderer_or_browser_initiated == BROWSER_INITIATED) {
245 CHECK(disposition == WindowOpenDisposition::CURRENT_TAB);
246 NavigateParams params(browser(), redirect_url, ui::PAGE_TRANSITION_LINK);
247 params.referrer = content::Referrer(
248 tab->GetController().GetVisibleEntry()->GetURL(), referrer_policy);
249 params.source_contents = tab;
250 ui_test_utils::NavigateToURL(¶ms);
251 } else if (button != blink::WebMouseEvent::Button::kNoButton) {
252 blink::WebMouseEvent mouse_event(
253 blink::WebInputEvent::Type::kMouseDown,
254 blink::WebInputEvent::kNoModifiers,
255 blink::WebInputEvent::GetStaticTimeStampForTests());
256 mouse_event.button = button;
257 mouse_event.SetPositionInWidget(15, 15);
258 mouse_event.click_count = 1;
259 tab->GetMainFrame()->GetRenderViewHost()->GetWidget()->ForwardMouseEvent(
261 mouse_event.SetType(blink::WebInputEvent::Type::kMouseUp);
262 tab->GetMainFrame()->GetRenderViewHost()->GetWidget()->ForwardMouseEvent(
266 if (disposition == WindowOpenDisposition::CURRENT_TAB) {
267 EXPECT_EQ(expected_title, title_watcher.WaitAndGetTitle());
269 tab = add_tab.Wait();
271 content::TitleWatcher title_watcher2(tab, expected_title);
273 // Watch for all possible outcomes to avoid timeouts if something breaks.
274 AddAllPossibleTitles(start_url, &title_watcher2);
276 EXPECT_EQ(expected_title, title_watcher2.WaitAndGetTitle());
279 EXPECT_EQ(expected_referrer_policy,
280 tab->GetController().GetVisibleEntry()->GetReferrer().policy);
282 base::AutoLock lock(check_on_requests_lock_);
283 check_on_requests_.reset();
288 // Shorthand for cases where |referrer_policy| is the expected policy.
289 GURL RunReferrerTest(const network::mojom::ReferrerPolicy referrer_policy,
290 StartOnProtocol start_protocol,
292 RedirectType redirect,
293 WindowOpenDisposition disposition,
294 blink::WebMouseEvent::Button button,
295 ExpectedReferrer expected_referrer) {
296 return RunReferrerTest(referrer_policy, start_protocol, link_type, redirect,
297 disposition, button, expected_referrer,
301 net::EmbeddedTestServer https_server_;
303 // If "check_on_requests_" is set, for each HTTP request that arrives at
304 // either of the embedded test servers ("embedded_test_server()" and
305 // "https_server_"), if the relative URL equals that stored in
306 // "destination_url_to_match", OnServerIncomingRequest will assert
307 // that the provided Referer header's value equals the value of
309 struct RequestCheck {
310 std::string expected_spec;
311 std::string destination_url_to_match;
314 base::Lock check_on_requests_lock_;
315 absl::optional<RequestCheck> check_on_requests_
316 GUARDED_BY(check_on_requests_lock_);
319 // The basic behavior of referrer policies is covered by layout tests in
320 // http/tests/security/referrer-policy-*. These tests cover (hopefully) all
321 // code paths chrome uses to navigate. To keep the number of combinations down,
322 // we only test the "origin" policy here.
324 // Content initiated navigation, from HTTP to HTTP.
325 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, Origin) {
326 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
327 REGULAR_LINK, NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
328 blink::WebMouseEvent::Button::kNoButton,
329 EXPECT_ORIGIN_AS_REFERRER);
332 // Content initiated navigation, from HTTPS to HTTP.
333 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsDefault) {
334 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
335 REGULAR_LINK, NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
336 blink::WebMouseEvent::Button::kNoButton,
337 EXPECT_ORIGIN_AS_REFERRER);
340 // User initiated navigation, from HTTP to HTTP.
341 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, LeftClickOrigin) {
342 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
343 REGULAR_LINK, NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
344 blink::WebMouseEvent::Button::kLeft,
345 EXPECT_ORIGIN_AS_REFERRER);
348 // User initiated navigation, from HTTPS to HTTP.
349 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsLeftClickOrigin) {
350 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
351 REGULAR_LINK, NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
352 blink::WebMouseEvent::Button::kLeft,
353 EXPECT_ORIGIN_AS_REFERRER);
356 // User initiated navigation, middle click, from HTTP to HTTP.
357 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickOrigin) {
359 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP, REGULAR_LINK,
360 NO_REDIRECT, WindowOpenDisposition::NEW_BACKGROUND_TAB,
361 blink::WebMouseEvent::Button::kMiddle, EXPECT_ORIGIN_AS_REFERRER);
364 // User initiated navigation, middle click, from HTTPS to HTTP.
365 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsMiddleClickOrigin) {
367 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS, REGULAR_LINK,
368 NO_REDIRECT, WindowOpenDisposition::NEW_BACKGROUND_TAB,
369 blink::WebMouseEvent::Button::kMiddle, EXPECT_ORIGIN_AS_REFERRER);
372 // User initiated navigation, target blank, from HTTP to HTTP.
373 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, TargetBlankOrigin) {
374 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
375 LINK_WITH_TARGET_BLANK, NO_REDIRECT,
376 WindowOpenDisposition::NEW_FOREGROUND_TAB,
377 blink::WebMouseEvent::Button::kLeft,
378 EXPECT_ORIGIN_AS_REFERRER);
381 // User initiated navigation, target blank, from HTTPS to HTTP.
382 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsTargetBlankOrigin) {
383 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
384 LINK_WITH_TARGET_BLANK, NO_REDIRECT,
385 WindowOpenDisposition::NEW_FOREGROUND_TAB,
386 blink::WebMouseEvent::Button::kLeft,
387 EXPECT_ORIGIN_AS_REFERRER);
390 // User initiated navigation, middle click, target blank, from HTTP to HTTP.
391 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickTargetBlankOrigin) {
392 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
393 LINK_WITH_TARGET_BLANK, NO_REDIRECT,
394 WindowOpenDisposition::NEW_FOREGROUND_TAB,
395 blink::WebMouseEvent::Button::kMiddle,
396 EXPECT_ORIGIN_AS_REFERRER);
399 // User initiated navigation, middle click, target blank, from HTTPS to HTTP.
400 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsMiddleClickTargetBlankOrigin) {
401 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
402 LINK_WITH_TARGET_BLANK, NO_REDIRECT,
403 WindowOpenDisposition::NEW_FOREGROUND_TAB,
404 blink::WebMouseEvent::Button::kMiddle,
405 EXPECT_ORIGIN_AS_REFERRER);
408 // Context menu, from HTTP to HTTP.
409 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, ContextMenuOrigin) {
410 ContextMenuNotificationObserver context_menu_observer(
411 IDC_CONTENT_CONTEXT_OPENLINKNEWTAB);
413 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP, REGULAR_LINK,
414 NO_REDIRECT, WindowOpenDisposition::NEW_FOREGROUND_TAB,
415 blink::WebMouseEvent::Button::kRight, EXPECT_ORIGIN_AS_REFERRER);
418 // Context menu, from HTTPS to HTTP.
419 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsContextMenuOrigin) {
420 ContextMenuNotificationObserver context_menu_observer(
421 IDC_CONTENT_CONTEXT_OPENLINKNEWTAB);
423 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS, REGULAR_LINK,
424 NO_REDIRECT, WindowOpenDisposition::NEW_FOREGROUND_TAB,
425 blink::WebMouseEvent::Button::kRight, EXPECT_ORIGIN_AS_REFERRER);
428 // Content initiated navigation, from HTTP to HTTP via server redirect.
429 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, Redirect) {
431 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP, REGULAR_LINK,
432 SERVER_REDIRECT_FROM_HTTPS_TO_HTTP, WindowOpenDisposition::CURRENT_TAB,
433 blink::WebMouseEvent::Button::kNoButton, EXPECT_ORIGIN_AS_REFERRER);
436 // Content initiated navigation, from HTTPS to HTTP via server redirect.
437 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsRedirect) {
439 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS, REGULAR_LINK,
440 SERVER_REDIRECT_FROM_HTTPS_TO_HTTP, WindowOpenDisposition::CURRENT_TAB,
441 blink::WebMouseEvent::Button::kNoButton, EXPECT_ORIGIN_AS_REFERRER);
444 // User initiated navigation, from HTTP to HTTP via server redirect.
445 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, LeftClickRedirect) {
447 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP, REGULAR_LINK,
448 SERVER_REDIRECT_FROM_HTTP_TO_HTTP, WindowOpenDisposition::CURRENT_TAB,
449 blink::WebMouseEvent::Button::kLeft, EXPECT_ORIGIN_AS_REFERRER);
452 // User initiated navigation, from HTTPS to HTTP via server redirect.
453 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsLeftClickRedirect) {
455 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS, REGULAR_LINK,
456 SERVER_REDIRECT_FROM_HTTPS_TO_HTTP, WindowOpenDisposition::CURRENT_TAB,
457 blink::WebMouseEvent::Button::kLeft, EXPECT_ORIGIN_AS_REFERRER);
460 // User initiated navigation, middle click, from HTTP to HTTP via server
462 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickRedirect) {
463 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
464 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
465 WindowOpenDisposition::NEW_BACKGROUND_TAB,
466 blink::WebMouseEvent::Button::kMiddle,
467 EXPECT_ORIGIN_AS_REFERRER);
470 // User initiated navigation, middle click, from HTTPS to HTTP via server
472 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsMiddleClickRedirect) {
473 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
474 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
475 WindowOpenDisposition::NEW_BACKGROUND_TAB,
476 blink::WebMouseEvent::Button::kMiddle,
477 EXPECT_ORIGIN_AS_REFERRER);
480 // User initiated navigation, target blank, from HTTP to HTTP via server
482 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, TargetBlankRedirect) {
483 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
484 LINK_WITH_TARGET_BLANK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
485 WindowOpenDisposition::NEW_FOREGROUND_TAB,
486 blink::WebMouseEvent::Button::kLeft,
487 EXPECT_ORIGIN_AS_REFERRER);
490 // User initiated navigation, target blank, from HTTPS to HTTP via server
492 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsTargetBlankRedirect) {
493 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
494 LINK_WITH_TARGET_BLANK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
495 WindowOpenDisposition::NEW_FOREGROUND_TAB,
496 blink::WebMouseEvent::Button::kLeft,
497 EXPECT_ORIGIN_AS_REFERRER);
500 // User initiated navigation, middle click, target blank, from HTTP to HTTP via
502 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickTargetBlankRedirect) {
503 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
504 LINK_WITH_TARGET_BLANK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
505 WindowOpenDisposition::NEW_FOREGROUND_TAB,
506 blink::WebMouseEvent::Button::kMiddle,
507 EXPECT_ORIGIN_AS_REFERRER);
510 // User initiated navigation, middle click, target blank, from HTTPS to HTTP
511 // via server redirect.
512 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
513 HttpsMiddleClickTargetBlankRedirect) {
514 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
515 LINK_WITH_TARGET_BLANK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
516 WindowOpenDisposition::NEW_FOREGROUND_TAB,
517 blink::WebMouseEvent::Button::kMiddle,
518 EXPECT_ORIGIN_AS_REFERRER);
521 // Context menu, from HTTP to HTTP via server redirect.
522 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, ContextMenuRedirect) {
523 ContextMenuNotificationObserver context_menu_observer(
524 IDC_CONTENT_CONTEXT_OPENLINKNEWTAB);
525 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTP,
526 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
527 WindowOpenDisposition::NEW_FOREGROUND_TAB,
528 blink::WebMouseEvent::Button::kRight,
529 EXPECT_ORIGIN_AS_REFERRER);
532 // Context menu, from HTTPS to HTTP via server redirect.
533 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsContextMenuRedirect) {
534 ContextMenuNotificationObserver context_menu_observer(
535 IDC_CONTENT_CONTEXT_OPENLINKNEWTAB);
536 RunReferrerTest(network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS,
537 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
538 WindowOpenDisposition::NEW_FOREGROUND_TAB,
539 blink::WebMouseEvent::Button::kRight,
540 EXPECT_ORIGIN_AS_REFERRER);
543 // Tests history navigation actions: Navigate from A to B with a referrer
544 // policy, then navigate to C, back to B, and reload.
545 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, History) {
546 // Navigate from A to B.
547 GURL start_url = RunReferrerTest(
548 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS, REGULAR_LINK,
549 SERVER_REDIRECT_FROM_HTTPS_TO_HTTP, WindowOpenDisposition::CURRENT_TAB,
550 blink::WebMouseEvent::Button::kLeft, EXPECT_ORIGIN_AS_REFERRER);
553 ui_test_utils::NavigateToURL(browser(),
554 embedded_test_server()->GetURL("/title1.html"));
556 std::u16string expected_title =
557 GetExpectedTitle(start_url, EXPECT_ORIGIN_AS_REFERRER);
558 content::WebContents* tab =
559 browser()->tab_strip_model()->GetActiveWebContents();
560 std::unique_ptr<content::TitleWatcher> title_watcher(
561 new content::TitleWatcher(tab, expected_title));
563 // Watch for all possible outcomes to avoid timeouts if something breaks.
564 AddAllPossibleTitles(start_url, title_watcher.get());
567 chrome::GoBack(browser(), WindowOpenDisposition::CURRENT_TAB);
568 EXPECT_EQ(expected_title, title_watcher->WaitAndGetTitle());
570 title_watcher = std::make_unique<content::TitleWatcher>(tab, expected_title);
571 AddAllPossibleTitles(start_url, title_watcher.get());
574 chrome::Reload(browser(), WindowOpenDisposition::CURRENT_TAB);
575 EXPECT_EQ(expected_title, title_watcher->WaitAndGetTitle());
577 title_watcher = std::make_unique<content::TitleWatcher>(tab, expected_title);
578 AddAllPossibleTitles(start_url, title_watcher.get());
580 // Shift-reload to B.
581 chrome::ReloadBypassingCache(browser(), WindowOpenDisposition::CURRENT_TAB);
582 EXPECT_EQ(expected_title, title_watcher->WaitAndGetTitle());
585 // Tests that reloading a site for "request tablet version" correctly clears
587 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, RequestTabletSite) {
588 GURL start_url = RunReferrerTest(
589 network::mojom::ReferrerPolicy::kOrigin, START_ON_HTTPS, REGULAR_LINK,
590 SERVER_REDIRECT_FROM_HTTP_TO_HTTP, WindowOpenDisposition::CURRENT_TAB,
591 blink::WebMouseEvent::Button::kLeft, EXPECT_ORIGIN_AS_REFERRER);
593 std::u16string expected_title =
594 GetExpectedTitle(start_url, EXPECT_EMPTY_REFERRER);
595 content::WebContents* tab =
596 browser()->tab_strip_model()->GetActiveWebContents();
597 content::TitleWatcher title_watcher(tab, expected_title);
599 // Watch for all possible outcomes to avoid timeouts if something breaks.
600 AddAllPossibleTitles(start_url, &title_watcher);
602 // Erase the current title in the NavigationEntry.
604 // TitleWatcher overrides WebContentObserver's TitleWasSet() but also
605 // DidStopLoading(). The page that is being reloaded sets its title after load
606 // is complete, so the title change is missed because the title is checked on
607 // load. Clearing the title ensures that TitleWatcher will wait for the actual
609 tab->GetController().GetVisibleEntry()->SetTitle(std::u16string());
611 // Request tablet version.
612 chrome::ToggleRequestTabletSite(browser());
613 EXPECT_EQ(expected_title, title_watcher.WaitAndGetTitle());
616 // Test that an iframes gets the parent frames referrer and referrer policy if
617 // the load was triggered by the parent, or from the iframe itself, if the
618 // navigations was started by the iframe.
619 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, IFrame) {
620 browser()->profile()->GetPrefs()->SetBoolean(
621 prefs::kWebKitAllowRunningInsecureContent, true);
622 content::WebContents* tab =
623 browser()->tab_strip_model()->GetActiveWebContents();
624 std::u16string expected_title(u"loaded");
625 std::unique_ptr<content::TitleWatcher> title_watcher(
626 new content::TitleWatcher(tab, expected_title));
628 // Load a page that loads an iframe.
629 ui_test_utils::NavigateToURL(
631 https_server_.GetURL("/referrer_policy/referrer-policy-iframe.html"));
632 EXPECT_TRUE(content::ExecuteScript(
634 std::string("var frame = document.createElement('iframe');frame.src ='") +
635 embedded_test_server()
636 ->GetURL("/referrer_policy/referrer-policy-log.html")
638 "';frame.onload = function() { document.title = 'loaded'; };" +
639 "document.body.appendChild(frame)"));
640 EXPECT_EQ(expected_title, title_watcher->WaitAndGetTitle());
642 // Verify that the referrer policy was honored and the main page's origin was
644 content::RenderFrameHost* frame = content::FrameMatchingPredicate(
645 tab->GetPrimaryPage(),
646 base::BindRepeating(&content::FrameIsChildOfMainFrame));
648 EXPECT_TRUE(content::ExecuteScriptAndExtractString(
650 "window.domAutomationController.send(document.title)",
652 EXPECT_EQ("Referrer is " + https_server_.GetURL("/").spec(), title);
654 // Reload the iframe.
655 expected_title = u"reset";
656 title_watcher = std::make_unique<content::TitleWatcher>(tab, expected_title);
657 EXPECT_TRUE(content::ExecuteScript(tab, "document.title = 'reset'"));
658 EXPECT_EQ(expected_title, title_watcher->WaitAndGetTitle());
660 expected_title = u"loaded";
661 title_watcher = std::make_unique<content::TitleWatcher>(tab, expected_title);
662 EXPECT_TRUE(content::ExecuteScript(frame, "location.reload()"));
663 EXPECT_EQ(expected_title, title_watcher->WaitAndGetTitle());
665 // Verify that the full url of the iframe was used as referrer.
666 EXPECT_TRUE(content::ExecuteScriptAndExtractString(
668 "window.domAutomationController.send(document.title)",
671 "Referrer is " + embedded_test_server()
672 ->GetURL("/referrer_policy/referrer-policy-log.html")
677 // Origin When Cross-Origin
679 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
680 HttpLeftClickHTTPSRedirectToHTTPOriginWhenCrossOrigin) {
682 network::mojom::ReferrerPolicy::kOriginWhenCrossOrigin, START_ON_HTTPS,
683 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
684 WindowOpenDisposition::CURRENT_TAB, blink::WebMouseEvent::Button::kLeft,
685 EXPECT_ORIGIN_AS_REFERRER);
688 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
689 HttpLeftClickRedirectToHTTPSOriginWhenCrossOrigin) {
691 network::mojom::ReferrerPolicy::kOriginWhenCrossOrigin, START_ON_HTTP,
692 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTP_TO_HTTPS,
693 WindowOpenDisposition::CURRENT_TAB, blink::WebMouseEvent::Button::kLeft,
694 EXPECT_ORIGIN_AS_REFERRER);
697 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
698 HttpLeftClickRedirectToHTTPOriginWhenCrossOrigin) {
699 RunReferrerTest(network::mojom::ReferrerPolicy::kOriginWhenCrossOrigin,
700 START_ON_HTTP, REGULAR_LINK,
701 SERVER_REDIRECT_FROM_HTTP_TO_HTTP,
702 WindowOpenDisposition::CURRENT_TAB,
703 blink::WebMouseEvent::Button::kLeft, EXPECT_FULL_REFERRER);
708 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
709 HttpLeftClickHTTPRedirectToHTTPSameOrigin) {
710 RunReferrerTest(network::mojom::ReferrerPolicy::kSameOrigin, START_ON_HTTP,
711 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTP_TO_HTTP,
712 WindowOpenDisposition::CURRENT_TAB,
713 blink::WebMouseEvent::Button::kLeft, EXPECT_FULL_REFERRER);
716 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
717 HttpLeftClickHTTPRedirectToHTTPSSameOrigin) {
718 RunReferrerTest(network::mojom::ReferrerPolicy::kSameOrigin, START_ON_HTTPS,
719 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
720 WindowOpenDisposition::CURRENT_TAB,
721 blink::WebMouseEvent::Button::kLeft, EXPECT_EMPTY_REFERRER);
726 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
727 HttpLeftClickHTTPRedirectToHTTPStrictOrigin) {
728 RunReferrerTest(network::mojom::ReferrerPolicy::kStrictOrigin, START_ON_HTTP,
729 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTP_TO_HTTP,
730 WindowOpenDisposition::CURRENT_TAB,
731 blink::WebMouseEvent::Button::kLeft,
732 EXPECT_ORIGIN_AS_REFERRER);
735 IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest,
736 HttpLeftClickHTTPSRedirectToHTTPStrictOrigin) {
737 RunReferrerTest(network::mojom::ReferrerPolicy::kStrictOrigin, START_ON_HTTPS,
738 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
739 WindowOpenDisposition::CURRENT_TAB,
740 blink::WebMouseEvent::Button::kLeft, EXPECT_EMPTY_REFERRER);
743 // Parameters for testing functionality imposing ad-hoc restrictions
744 // on the behavior of referrers, for instance absolute caps like
745 // "never send referrers" (as of writing, features::kNoReferrers)
746 // or "on cross-origin requests, never send more than the initiator's
747 // origin" (features::kCapReferrerToOriginOnCrossOrigin).
749 // These tests assume a default policy of no-referrer-when-downgrade.
750 struct ReferrerOverrideParams {
751 absl::optional<base::Feature> feature_to_enable;
752 network::mojom::ReferrerPolicy baseline_policy;
753 network::mojom::ReferrerPolicy expected_policy;
755 ReferrerPolicyTest::ExpectedReferrer same_origin_nav, // HTTP -> HTTP
756 cross_origin_nav, // HTTP -> HTTP
757 cross_origin_downgrade_nav, // HTTPS -> HTTP, cross-origin
758 same_origin_to_cross_origin_redirect,
759 cross_origin_to_same_origin_redirect, same_origin_subresource,
760 same_origin_to_cross_origin_subresource_redirect;
761 } kReferrerOverrideParams[] = {
762 {.feature_to_enable = features::kNoReferrers,
763 .baseline_policy = network::mojom::ReferrerPolicy::kAlways,
764 // The renderer's "have we completely disabled referrers?"
765 // implementation resets requests' referrer policies to kNever when
766 // it excises their referrers.
767 .expected_policy = network::mojom::ReferrerPolicy::kNever,
768 .same_origin_nav = ReferrerPolicyTest::EXPECT_EMPTY_REFERRER,
769 .cross_origin_nav = ReferrerPolicyTest::EXPECT_EMPTY_REFERRER,
770 .cross_origin_downgrade_nav = ReferrerPolicyTest::EXPECT_EMPTY_REFERRER,
771 .same_origin_to_cross_origin_redirect =
772 ReferrerPolicyTest::EXPECT_EMPTY_REFERRER,
773 .cross_origin_to_same_origin_redirect =
774 ReferrerPolicyTest::EXPECT_EMPTY_REFERRER,
775 .same_origin_subresource = ReferrerPolicyTest::EXPECT_EMPTY_REFERRER,
776 .same_origin_to_cross_origin_subresource_redirect =
777 ReferrerPolicyTest::EXPECT_EMPTY_REFERRER},
779 .feature_to_enable = net::features::kCapReferrerToOriginOnCrossOrigin,
780 .baseline_policy = network::mojom::ReferrerPolicy::kAlways,
781 // Applying the cap doesn't change the "referrer policy"
782 // attribute of a request
783 .expected_policy = network::mojom::ReferrerPolicy::kAlways,
784 .same_origin_nav = ReferrerPolicyTest::EXPECT_FULL_REFERRER,
785 .cross_origin_nav = ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
786 .cross_origin_downgrade_nav =
787 ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
788 .same_origin_to_cross_origin_redirect =
789 ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
790 // Referrer policies get applied to whatever the current referrer is:
791 // in the case of a cross-origin -> same-origin redirect, we already
792 // will have truncated the referrer to the initiating origin
793 .cross_origin_to_same_origin_redirect =
794 ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
795 .same_origin_subresource = ReferrerPolicyTest::EXPECT_FULL_REFERRER,
796 .same_origin_to_cross_origin_subresource_redirect =
797 ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
800 .baseline_policy = network::mojom::ReferrerPolicy::kDefault,
801 // kDefault gets resolved into a concrete policy when making requests
803 network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin,
804 .same_origin_nav = ReferrerPolicyTest::EXPECT_FULL_REFERRER,
805 .cross_origin_nav = ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
806 .cross_origin_downgrade_nav = ReferrerPolicyTest::EXPECT_EMPTY_REFERRER,
807 .same_origin_to_cross_origin_redirect =
808 ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
809 .cross_origin_to_same_origin_redirect =
810 ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
811 .same_origin_subresource = ReferrerPolicyTest::EXPECT_FULL_REFERRER,
812 .same_origin_to_cross_origin_subresource_redirect =
813 ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER,
816 class ReferrerOverrideTest
817 : public ReferrerPolicyTest,
818 public ::testing::WithParamInterface<ReferrerOverrideParams> {
820 ReferrerOverrideTest() {
821 if (GetParam().feature_to_enable)
822 scoped_feature_list_.InitAndEnableFeature(*GetParam().feature_to_enable);
826 // Test that the correct referrer is sent along with
827 // a subresource request.
828 // Parameter semantics are the same as for
829 // ReferrerPolicyTest::RunReferrerTest.
830 void RunSubresourceTest(StartOnProtocol start_protocol,
831 RedirectType redirect,
832 network::mojom::ReferrerPolicy baseline_policy,
833 ExpectedReferrer expectation) {
837 image_url = embedded_test_server()->GetURL("/referrer_policy/logo.gif");
839 case HTTPS_NO_REDIRECT:
840 image_url = https_server_.GetURL("/referrer_policy/logo.gif");
842 case SERVER_REDIRECT_FROM_HTTPS_TO_HTTP:
843 image_url = https_server_.GetURL(
844 std::string("/server-redirect?") +
845 embedded_test_server()->GetURL("/referrer_policy/logo.gif").spec());
847 case SERVER_REDIRECT_FROM_HTTP_TO_HTTP:
848 image_url = embedded_test_server()->GetURL(
849 std::string("/server-redirect?") +
850 embedded_test_server()->GetURL("/referrer_policy/logo.gif").spec());
852 case SERVER_REDIRECT_FROM_HTTP_TO_HTTPS:
853 image_url = embedded_test_server()->GetURL(
854 std::string("/server-redirect?") +
855 https_server_.GetURL("/referrer_policy/logo.gif").spec());
859 std::string relative_url =
860 std::string("/referrer_policy/referrer-policy-subresource.html?") +
861 "policy=" + content::ReferrerPolicyToString(baseline_policy) +
862 "&redirect=" + image_url.spec();
864 auto* start_server = start_protocol == START_ON_HTTPS
866 : embedded_test_server();
867 const GURL start_url = start_server->GetURL(relative_url);
869 content::WebContents* tab =
870 browser()->tab_strip_model()->GetActiveWebContents();
872 base::ReleasableAutoLock lock(&check_on_requests_lock_);
873 check_on_requests_ = RequestCheck{"", "/referrer_policy/logo.gif"};
874 switch (expectation) {
875 case ReferrerPolicyTest::EXPECT_EMPTY_REFERRER:
876 check_on_requests_->expected_spec = "";
878 case ReferrerPolicyTest::EXPECT_FULL_REFERRER:
879 check_on_requests_->expected_spec = start_url.spec();
881 case ReferrerPolicyTest::EXPECT_ORIGIN_AS_REFERRER:
882 check_on_requests_->expected_spec = start_url.GetWithEmptyPath().spec();
887 // set by referrer-policy-subresource.html JS after the embedded image loads
888 std::u16string expected_title(u"loaded");
889 std::unique_ptr<content::TitleWatcher> title_watcher(
890 new content::TitleWatcher(tab, expected_title));
891 ui_test_utils::NavigateToURL(browser(), start_url);
893 // Wait for the page to load; during the load, since check_on_requests_ is
894 // nonempty, OnServerIncomingRequest will validate the referrers.
895 EXPECT_EQ(expected_title, title_watcher->WaitAndGetTitle());
899 base::test::ScopedFeatureList scoped_feature_list_;
902 INSTANTIATE_TEST_SUITE_P(
904 ReferrerOverrideTest,
905 ::testing::ValuesIn(kReferrerOverrideParams),
906 [](const ::testing::TestParamInfo<ReferrerOverrideParams>& info)
908 if (info.param.feature_to_enable)
909 return base::StringPrintf("Param%s",
910 info.param.feature_to_enable->name);
914 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, SameOriginNavigation) {
915 RunReferrerTest(GetParam().baseline_policy, START_ON_HTTP, REGULAR_LINK,
916 NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
917 blink::WebMouseEvent::Button::kNoButton,
918 GetParam().same_origin_nav, GetParam().expected_policy);
921 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginNavigation) {
922 RunReferrerTest(GetParam().baseline_policy, START_ON_HTTP, REGULAR_LINK,
923 HTTPS_NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
924 blink::WebMouseEvent::Button::kNoButton,
925 GetParam().cross_origin_nav, GetParam().expected_policy);
928 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest,
929 CrossOriginNavigationBrowserInitiated) {
930 RunReferrerTest(GetParam().baseline_policy, START_ON_HTTP, REGULAR_LINK,
931 HTTPS_NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
932 blink::WebMouseEvent::Button::kLeft,
933 GetParam().cross_origin_nav, GetParam().expected_policy,
937 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginDowngradeNavigation) {
938 RunReferrerTest(GetParam().baseline_policy, START_ON_HTTPS, REGULAR_LINK,
939 NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
940 blink::WebMouseEvent::Button::kNoButton,
941 GetParam().cross_origin_downgrade_nav,
942 GetParam().expected_policy);
945 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginRedirect) {
946 RunReferrerTest(GetParam().baseline_policy, START_ON_HTTP, REGULAR_LINK,
947 SERVER_REDIRECT_FROM_HTTP_TO_HTTPS,
948 WindowOpenDisposition::CURRENT_TAB,
949 blink::WebMouseEvent::Button::kNoButton,
950 GetParam().same_origin_to_cross_origin_redirect,
951 GetParam().expected_policy);
954 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginToSameOriginRedirect) {
955 RunReferrerTest(GetParam().baseline_policy, START_ON_HTTP, REGULAR_LINK,
956 SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
957 WindowOpenDisposition::CURRENT_TAB,
958 blink::WebMouseEvent::Button::kNoButton,
959 GetParam().cross_origin_to_same_origin_redirect,
960 GetParam().expected_policy);
963 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, SameOriginSubresource) {
964 RunSubresourceTest(START_ON_HTTP, NO_REDIRECT, GetParam().baseline_policy,
965 GetParam().same_origin_subresource);
968 IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest,
969 SameOriginToCrossOriginSubresourceRedirect) {
971 START_ON_HTTP, SERVER_REDIRECT_FROM_HTTP_TO_HTTPS,
972 GetParam().baseline_policy,
973 GetParam().same_origin_to_cross_origin_subresource_redirect);
976 // Most of the functionality of the referrer-cap flag is covered by
977 // ReferrerOverrideTest; these couple additional tests test the flag's
978 // interaction with other referrer policies
979 class ReferrerPolicyCapReferrerToOriginOnCrossOriginTest
980 : public ReferrerPolicyTest {
982 ReferrerPolicyCapReferrerToOriginOnCrossOriginTest() {
983 scoped_feature_list_.InitAndEnableFeature(
984 net::features::kCapReferrerToOriginOnCrossOrigin);
988 base::test::ScopedFeatureList scoped_feature_list_;
991 // Test that capping referrer granularity at origin on cross-origin requests
992 // correctly defers to a more restrictive referrer policy on a
993 // cross-origin navigation.
994 IN_PROC_BROWSER_TEST_F(ReferrerPolicyCapReferrerToOriginOnCrossOriginTest,
995 HonorsMoreRestrictivePolicyOnNavigation) {
996 RunReferrerTest(network::mojom::ReferrerPolicy::kSameOrigin, START_ON_HTTPS,
997 REGULAR_LINK, NO_REDIRECT /*direct navigation x-origin*/,
998 WindowOpenDisposition::CURRENT_TAB,
999 blink::WebMouseEvent::Button::kLeft, EXPECT_EMPTY_REFERRER);
1002 // Test that capping referrer granularity at origin on cross-origin requests
1003 // correctly defers to a more restrictive referrer policy on a
1004 // cross-origin redirect.
1005 IN_PROC_BROWSER_TEST_F(ReferrerPolicyCapReferrerToOriginOnCrossOriginTest,
1006 HonorsMoreRestrictivePolicyOnRedirect) {
1007 RunReferrerTest(network::mojom::ReferrerPolicy::kStrictOrigin, START_ON_HTTPS,
1008 REGULAR_LINK, SERVER_REDIRECT_FROM_HTTPS_TO_HTTP,
1009 WindowOpenDisposition::CURRENT_TAB,
1010 blink::WebMouseEvent::Button::kLeft, EXPECT_EMPTY_REFERRER);
1013 // Test that, when the cross-origin referrer cap is on but we also have the
1014 // "no referrers at all" pref set, we send no referrer at all on cross-origin
1016 IN_PROC_BROWSER_TEST_F(ReferrerPolicyCapReferrerToOriginOnCrossOriginTest,
1017 RespectsNoReferrerPref) {
1018 browser()->profile()->GetPrefs()->SetBoolean(prefs::kEnableReferrers, false);
1021 ->GetDefaultStoragePartition()
1022 ->FlushNetworkInterfaceForTesting();
1023 RunReferrerTest(network::mojom::ReferrerPolicy::kAlways, START_ON_HTTPS,
1024 REGULAR_LINK, NO_REDIRECT, WindowOpenDisposition::CURRENT_TAB,
1025 blink::WebMouseEvent::Button::kLeft, EXPECT_EMPTY_REFERRER,
1026 // when the pref is set, the renderer sets the referrer policy
1027 // to the kNever on outgoing requests at the same time
1028 // it removes referrers
1029 network::mojom::ReferrerPolicy::kNever);