Cherry-pick 259548.802@safari-7615-branch (bc09b6f). https://bugs.web…

…kit.org/show_bug.cgi?id=257331

    Framed pages have ability to bypass Mixed Content restrictions
    https://bugs.webkit.org/show_bug.cgi?id=257331
    rdar://109100886

    Reviewed by Brent Fulgham.

    It is possible to bypass mixed content restrictions in pages which are
    framed. There are actually two issues here: secure frames embedded in
    insecure frames can bypass and frames which are sandboxed can bypass.

    In the former case we are only checking the for mixed content in the
    frame making the request as well as the top frame. So if an insecure frame
    embeds a secure frame, that secure frame could then embed an insecure frame and
    make mixed content requests without being blocked since the middle frame
    is not checked against the URL for mixed content.

    For the latter case we check whether or not the security origin
    of the requestor has an "https" protocol. The problem is sandboxed iframes
    are given an opaque origin which does not have the "https" protocol (or
    any protocol for that matter) and so we were skipping the mixed content check.

    This patch cleans up the MixedContentChecker implementation and fixes
    these two methods of bypass. This is accomplished by 1) checking the entire
    ancestor frame path from the requestor up to the top frame and 2) considering
    what the protocol of the security origin for the frame making the
    request would have been if it were not opaque. We special case a main resource
    load in the DocumentLoader by checking for mixed content starting from the parent frame.
    Otherwise we would block an insecure main frame from navigating a secure
    iframe to an insecure URL which is allowed by other browser engines.

    LayoutTests/http/tests/security:
        Rewrote some tests to no longer use HTTP iframes in HTTPS frames
        which is now blocked. These changes also include new console output
        for mixed content blocking messages.

    * LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt: Removed.
    * LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html: Removed.
        This test is no longer needed. We now block loading a HTTP iframe
        in a middle HTTPS frame so the innermost frame would never have a
        chance to load a worker anyway.

    * LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt:

    LayoutTests/platform:
        Updated platform-specific expectations.

    * Source/WebCore/Modules/websockets/WebSocket.cpp:
    (WebCore::WebSocket::connect):
    * Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
    (WebCore::WorkerThreadableWebSocketChannel::Bridge::connect):
    * Source/WebCore/html/HTMLFormElement.cpp:
    (WebCore::HTMLFormElement::parseAttribute):
    * Source/WebCore/loader/DocumentLoader.cpp:
    (WebCore::DocumentLoader::willSendRequest):
    * Source/WebCore/loader/DocumentThreadableLoader.cpp:
    (WebCore::DocumentThreadableLoader::loadRequest):

    Source/WebCore/loader/MixedContentChecker:
        Refactor the MixedContentChecker to expose a more clear API.
        isMixedContent was never called by client code and canDisplay and
        canShow functions should be more clear that they will be checking
        the entire frame ancestor hierarchy so clients don't try to do that
        themselves. Move helpers to be static functions in the .cpp file.

    * Source/WebCore/loader/MixedContentChecker.cpp:
    (WebCore::isMixedContent):
    (WebCore::foundMixedContentInFrameTree):
    (WebCore::MixedContentChecker::frameAndAncestorsCanDisplayInsecureContent):
    (WebCore::MixedContentChecker::frameAndAncestorsCanRunInsecureContent):
    (WebCore::MixedContentChecker::checkFormForMixedContent):
    (WebCore::MixedContentChecker::checkForMixedContentInFrameTree): Deleted.
    (WebCore::MixedContentChecker::isMixedContent): Deleted.
    (WebCore::MixedContentChecker::canDisplayInsecureContent): Deleted.
    (WebCore::MixedContentChecker::canRunInsecureContent): Deleted.
    * Source/WebCore/loader/MixedContentChecker.h:

    * Source/WebCore/loader/SubframeLoader.cpp:
    (WebCore::FrameLoader::SubframeLoader::pluginIsLoadable):
    * Source/WebCore/loader/cache/CachedResourceLoader.cpp:
    (WebCore::CachedResourceLoader::checkInsecureContent const):

    Canonical link: https://commits.webkit.org/259548.802@safari-7615-branch

LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/no-referrer/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/same-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/strict-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/no-referrer/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/same-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/strict-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/unsafe-url/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:srcdoc was allowed to display insecure content from http://localhost:8000/security/resources/post-origin-to-parent.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https.html was allowed to display insecure content from http://localhost:8000/security/resources/post-origin-to-parent.html.
 
 
 

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt

@@ -1,16 +1,15 @@
-frame "<!--frame1-->" - didStartProvisionalLoadForFrame
 main frame - didFinishDocumentLoadForFrame
+frame "<!--frame1-->" - didStartProvisionalLoadForFrame
 frame "<!--frame1-->" - didCommitLoadForFrame
-frame "<!--frame2-->" - didStartProvisionalLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
-frame "<!--frame2-->" - didCommitLoadForFrame
-frame "<!--frame2-->" - didFinishDocumentLoadForFrame
-frame "<!--frame2-->" - didHandleOnloadEventsForFrame
+frame "<!--frame2-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html was not allowed to display insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
 frame "<!--frame1-->" - didHandleOnloadEventsForFrame
 main frame - didHandleOnloadEventsForFrame
-frame "<!--frame2-->" - didFinishLoadForFrame
+frame "<!--frame2-->" - didFailProvisionalLoadWithError
 frame "<!--frame1-->" - didFinishLoadForFrame
 main frame - didFinishLoadForFrame
-This test loads a secure iframe that loads an insecure iframe. We should *not* get a mixed content callback becase the main frame is HTTP and the grandchild iframe doesn't contaminate the child iframe's security origin with mixed content.
+This test loads a secure iframe that loads an insecure iframe. We should get a mixed content callback becase the secure inner frame should block mixed content.
 
 

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html

@@ -7,9 +7,7 @@
 }
 </script>
 <p>This test loads a secure iframe that loads an insecure iframe.  We should
-*not* get a mixed content callback becase the main frame is HTTP and the
-grandchild iframe doesn't contaminate the child iframe's security origin with
-mixed content.</p>
+get a mixed content callback becase the secure inner frame should block mixed content.</p>
 <iframe src="https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html";
 ></iframe>
 </body>

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt

@@ -0,0 +1,15 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--frame1-->" - didStartProvisionalLoadForFrame
+frame "<!--frame1-->" - didCommitLoadForFrame
+frame "<!--frame1-->" - didFinishDocumentLoadForFrame
+frame "<!--frame2-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html was not allowed to display insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
+frame "<!--frame1-->" - didHandleOnloadEventsForFrame
+frame "<!--frame2-->" - didFailProvisionalLoadWithError
+frame "<!--frame1-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test embeds a secure iframe which tries to open mixed content. We should block mixed content even though the parent frame is insecure because the middle frame is HTTPS.
+
+

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+}
+</script>
+
+<p>This test embeds a secure iframe which tries to open mixed content.
+We should block mixed content even though the parent frame is insecure
+because the middle frame is HTTPS.</p>
+
+<script>
+onload = function() {
+    let ifr = document.createElement("iframe");
+    ifr.sandbox = "allow-scripts";
+
+    ifr.onload = function() {
+        if (window.testRunner)
+            testRunner.notifyDone();
+    };
+    ifr.src = "https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html";
+
+    document.body.appendChild(ifr);
+};
+</script>
+</body>

LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt

@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-data-url-frame-with-script.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+CONSOLE MESSAGE: [blocked] The page at data:text/html,<html><script src='http://127.0.0.1:8080/security/mixedContent/resources/script.js'></script></html> was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
 
 This test opens a window that loads a data: iframe that loads an insecure script, and that the script is still blocked. Although the data: frame has a separate origin, the script can still navigate top.

LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html

@@ -16,10 +16,11 @@
     finishJSTest();
 }
 
-onload = () => {
+onload = async () => {
     frame = document.createElement("iframe");
     frame.src = "resources/serve-referrer-policy-and-meta-tag.py?http_value=no-referrer&meta_value=";
     document.body.appendChild(frame);
+    await new Promise(resolve => frame.onload = resolve);
 }
 </script>
 </body>

LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html

@@ -16,10 +16,11 @@
     finishJSTest();
 }
 
-onload = () => {
+onload = async () => {
     frame = document.createElement("iframe");
     frame.src = "resources/serve-referrer-policy-and-meta-tag.py?http_value=unsafe-url&meta_value=no-referrer";
     document.body.appendChild(frame);
+    await new Promise(resolve => frame.onload = resolve);
 }
 </script>
 </body>

LayoutTests/http/tests/security/referrer-policy-header-multipart.html

@@ -10,7 +10,7 @@
 jsTestIsAsync = true;
 
 if (window.testRunner)
-    testRunner.setStatisticsShouldDowngradeReferrer(false, () => { runTests(true /* multipart */); });
+    testRunner.setStatisticsShouldDowngradeReferrer(false, async () => { await runTests(true /* multipart */); });
 </script>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-header-test.js

@@ -61,7 +61,7 @@ onmessage = (msg) => {
         printResults();
 }
 
-function runTests(isTestingMultipart)
+async function runTests(isTestingMultipart)
 {
     window.isTestingMultipart = isTestingMultipart;
     for (let i = 0; i < results.length; i++) {
@@ -72,5 +72,7 @@ function runTests(isTestingMultipart)
         frame.style = "display:none";
         frame.src = sourceOrigin + "security/resources/serve-referrer-policy-and-test.py?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0") + "&id=" + i;
         document.body.appendChild(frame);
+
+        await new Promise(resolve => frame.onload = resolve);
     }
 }

LayoutTests/http/tests/security/referrer-policy-header.html

@@ -8,9 +8,9 @@
 <script>
 description("Tests support for Referrer-Policy HTTP header.");
 jsTestIsAsync = true;
-
+runTests(false);
 if (window.testRunner)
-    testRunner.setStatisticsShouldDowngradeReferrer(false, () => { runTests(false /* multipart */); });
+    testRunner.setStatisticsShouldDowngradeReferrer(false, async () => { await runTests(false /* multipart */); });
 </script>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt

@@ -1,10 +1,5 @@
 This test checks the always referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 Referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 

LayoutTests/http/tests/security/referrer-policy-https-always.html

@@ -3,7 +3,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -14,6 +13,13 @@
 to an insecure URL. The test passes if the printed referrer is
 https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt

@@ -1,10 +1,5 @@
 This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-default.html

@@ -3,7 +3,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -13,6 +12,13 @@
 This test checks the default referrer policy when navigating from a secure URL
 to an insecure URL. The test passes if the printed referrer is empty.
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?default"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?default", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt

@@ -1,10 +1,5 @@
 This test checks the never referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-never.html

@@ -3,7 +3,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -13,6 +12,13 @@
 This test checks the never referrer policy when navigating from a secure URL to
 an insecure URL. The test passes if the printed referrer is empty.
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?never"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?never", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt

@@ -1,10 +1,5 @@
 This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt

@@ -1,10 +1,5 @@
 This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html

@@ -4,7 +4,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -14,6 +13,13 @@
 This test checks the default referrer policy when navigating from a secure URL
 to an insecure URL. The test passes if the printed referrer is empty.
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?no-referrer-when-downgrade"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?no-referrer-when-downgrade", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>