Enforce referrer policy restriction for prerendering

A previous CL implemented the list of sufficiently strict speculative navigation referrer policies, but only applied it to prefetch. We now apply it to all speculation rule actions. We also fix some existing prerender referrer policy tests. referrer-policy-mismatch.html incorrectly hyphenated the policy. referrer-policy-origin.html used the origin policy which is not one of the sufficiently-strict referrer policies. We switch to using the strict version. Bug: 1176054, 1355146 Change-Id: I5b3c89d92ce80dc6b37ddb429786cf1d6d4a806b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3957475 Commit-Queue: Kevin McNee <[email protected]> Reviewed-by: Jeremy Roman <[email protected]> Reviewed-by: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#1060751}
web-platform-tests · Oct 19, 2022 · bc528db · bc528db
1 parent c733de5
commit bc528db
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 12 deletions.
diff --git a/speculation-rules/prerender/referrer-policy-mismatch.html b/speculation-rules/prerender/referrer-policy-mismatch.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <title>Referrer policy mismatches must be allowed between prerendering and activation</title>
 <meta name="timeout" content="long">
-<meta name="referrer" content="strict-origin-when-crossorigin">
+<meta name="referrer" content="strict-origin-when-cross-origin">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
@@ -15,7 +15,7 @@
 promise_test(async t => {
   const rcHelper = new RemoteContextHelper();
   const referrerRC = await rcHelper.addWindow(undefined, { features: "noopener" });
-  await setReferrerPolicy(referrerRC, "strict-origin-when-crossorigin");
+  await setReferrerPolicy(referrerRC, "strict-origin-when-cross-origin");
   const prerenderedRC = await addPrerenderRC(referrerRC);
 
   const referrerURL = await referrerRC.executeScript(() => location.href);
@@ -32,12 +32,12 @@
 
   assert_equals(await prerenderedRC.executeScript(() => document.prerendering), false);
   assert_equals(await prerenderedRC.executeScript(() => document.referrer), referrerURL);
-}, 'prerendered with "strict-origin-when-crossorigin", activated with "no-referrer"');
+}, 'prerendered with "strict-origin-when-cross-origin", activated with "no-referrer"');
 
 promise_test(async t => {
   const rcHelper = new RemoteContextHelper();
   const referrerRC = await rcHelper.addWindow(undefined, { features: "noopener" });
-  await setReferrerPolicy(referrerRC, "strict-origin-when-crossorigin");
+  await setReferrerPolicy(referrerRC, "strict-origin-when-cross-origin");
   const prerenderedRC = await addPrerenderRC(referrerRC);
 
   const referrerURL = await referrerRC.executeScript(() => location.href);
@@ -54,7 +54,7 @@
 
   assert_equals(await prerenderedRC.executeScript(() => document.prerendering), false);
   assert_equals(await prerenderedRC.executeScript(() => document.referrer), referrerURL);
-}, 'prerendered with "strict-origin-when-crossorigin", activated with "strict-origin"');
+}, 'prerendered with "strict-origin-when-cross-origin", activated with "strict-origin"');
 
 promise_test(async t => {
   const rcHelper = new RemoteContextHelper();

diff --git a/speculation-rules/prerender/referrer-policy-not-accepted.html b/speculation-rules/prerender/referrer-policy-not-accepted.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<meta name="timeout" content="long">
+<title>Referrer policy must be sufficiently strict to allow prerendering</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/html/browsers/browsing-the-web/remote-context-helper/resources/remote-context-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<script>
+setup(() => assertSpeculationRulesIsSupported());
+
+promise_test(async t => {
+  const {exec, tryToActivate} =
+      await create_prerendered_page(t, {}, {referrer_policy: 'unsafe-url'});
+  const result = await tryToActivate();
+  assert_equals(result, 'discarded');
+}, 'do not prerender with "unsafe-url"');
+
+</script>
diff --git a/...les/prerender/referrer-policy-origin.html → ...render/referrer-policy-strict-origin.html b/...les/prerender/referrer-policy-origin.html → ...render/referrer-policy-strict-origin.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
-<meta name="referrer" content="origin">
+<meta name="referrer" content="strict-origin">
 <meta name="timeout" content="long">
-<title>Test origin referrer</title>
+<title>Test strict-origin referrer</title>
 <script src="/common/utils.js"></script>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
@@ -12,11 +12,11 @@
 setup(() => assertSpeculationRulesIsSupported());
 
 // Tests that the referrer on the prerendering navigation request is the
-// triggering page's origin when the referrer policy is set to origin.
+// triggering page's origin when the referrer policy is set to strict-origin.
 promise_test(async t => {
   const expected = new URL('', window.origin).href;
   await referrer_test(expected, token());
-}, 'origin referrer');
+}, 'strict-origin referrer');
 
 </script>
 </body>
diff --git a/speculation-rules/prerender/resources/exec.html b/speculation-rules/prerender/resources/exec.html
@@ -6,6 +6,13 @@
       const params = new URLSearchParams(window.location.search);
       const uuid = params.get('uuid');
       const discard_uuid = params.get('discard_uuid') || uuid;
+      const referrer_policy = params.get('referrer_policy');
+      if (referrer_policy) {
+        const meta = document.createElement('meta');
+        meta.name = 'referrer';
+        meta.content = referrer_policy;
+        document.head.append(meta);
+      }
       new Executor(document.prerendering ? uuid : discard_uuid).execute();
   </script>
-</head>
+</head>
diff --git a/speculation-rules/prerender/resources/utils.js b/speculation-rules/prerender/resources/utils.js
@@ -183,15 +183,21 @@ function createFrame(url) {
     });
 }
 
-async function create_prerendered_page(t, opt = {}) {
+async function create_prerendered_page(t, opt = {}, init_opt = {}) {
   const baseUrl = '/speculation-rules/prerender/resources/exec.py';
   const init_uuid = token();
   const prerender_uuid = token();
   const discard_uuid = token();
   const init_remote = new RemoteContext(init_uuid);
   const prerender_remote = new RemoteContext(prerender_uuid);
   const discard_remote = new RemoteContext(discard_uuid);
-  window.open(`${baseUrl}?uuid=${init_uuid}&init`, '_blank', 'noopener');
+
+  const init_params = new URLSearchParams(baseUrl.search);
+  init_params.set('uuid', init_uuid);
+  for (const p in init_opt)
+    init_params.set(p, init_opt[p]);
+  window.open(`${baseUrl}?${init_params.toString()}&init`, '_blank', 'noopener');
+
   const params = new URLSearchParams(baseUrl.search);
   params.set('uuid', prerender_uuid);
   params.set('discard_uuid', discard_uuid);