<!DOCTYPE html>
<link rel="author" title="Dominic Farolino" href="[email protected]">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<iframe id="iframe"></iframe>
<script>
async_test(t => {
const iframe = document.querySelector('iframe');
const insecure_origin = new URL(location.href).origin.replace("https", "http");
iframe.src = insecure_origin + '/referrer-policy/generic/resources/referrer.py';
addEventListener('message', t.step_func_done(msg => {
const referrer = msg.data;
assert_equals(referrer, location.href,
"The referrer header sent for the iframe request should not be redacted");
}));
}, "If an insecure iframe request is upgraded to https to be same-origin, " +
"referrer policies that consider same-origin-ness should be applied correctly");
</script>
</body>
Codebase Browser
chromium