Apply patch. rdar://problem/110471649

Identifier: 245886.915@safari-7613.4.1.0-branch

LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/no-referrer/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/same-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/strict-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/no-referrer/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/same-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/strict-origin/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:blank was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy/unsafe-url/cross-origin-http.https.html was allowed to display insecure content from http://localhost:8000/referrer-policy/resources/document.html.
 
 Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP.
 

LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt

@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: The page at about:srcdoc was allowed to display insecure content from http://localhost:8000/security/resources/post-origin-to-parent.html.
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https.html was allowed to display insecure content from http://localhost:8000/security/resources/post-origin-to-parent.html.
 
 
 

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt

@@ -1,16 +1,15 @@
-frame "<!--frame1-->" - didStartProvisionalLoadForFrame
 main frame - didFinishDocumentLoadForFrame
+frame "<!--frame1-->" - didStartProvisionalLoadForFrame
 frame "<!--frame1-->" - didCommitLoadForFrame
-frame "<!--frame2-->" - didStartProvisionalLoadForFrame
 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
-frame "<!--frame2-->" - didCommitLoadForFrame
-frame "<!--frame2-->" - didFinishDocumentLoadForFrame
-frame "<!--frame2-->" - didHandleOnloadEventsForFrame
+frame "<!--frame2-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html was not allowed to display insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
 frame "<!--frame1-->" - didHandleOnloadEventsForFrame
 main frame - didHandleOnloadEventsForFrame
-frame "<!--frame2-->" - didFinishLoadForFrame
+frame "<!--frame2-->" - didFailProvisionalLoadWithError
 frame "<!--frame1-->" - didFinishLoadForFrame
 main frame - didFinishLoadForFrame
-This test loads a secure iframe that loads an insecure iframe. We should *not* get a mixed content callback becase the main frame is HTTP and the grandchild iframe doesn't contaminate the child iframe's security origin with mixed content.
+This test loads a secure iframe that loads an insecure iframe. We should get a mixed content callback becase the secure inner frame should block mixed content.
 
 

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html

@@ -7,9 +7,7 @@
 }
 </script>
 <p>This test loads a secure iframe that loads an insecure iframe.  We should
-*not* get a mixed content callback becase the main frame is HTTP and the
-grandchild iframe doesn't contaminate the child iframe's security origin with
-mixed content.</p>
+get a mixed content callback becase the secure inner frame should block mixed content.</p>
 <iframe src="https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html";
 ></iframe>
 </body>

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt

@@ -0,0 +1,15 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--frame1-->" - didStartProvisionalLoadForFrame
+frame "<!--frame1-->" - didCommitLoadForFrame
+frame "<!--frame1-->" - didFinishDocumentLoadForFrame
+frame "<!--frame2-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html was not allowed to display insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
+frame "<!--frame1-->" - didHandleOnloadEventsForFrame
+frame "<!--frame2-->" - didFailProvisionalLoadWithError
+frame "<!--frame1-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test embeds a secure iframe which tries to open mixed content. We should block mixed content even though the parent frame is insecure because the middle frame is HTTPS.
+
+

LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+}
+</script>
+
+<p>This test embeds a secure iframe which tries to open mixed content.
+We should block mixed content even though the parent frame is insecure
+because the middle frame is HTTPS.</p>
+
+<script>
+onload = function() {
+    let ifr = document.createElement("iframe");
+    ifr.sandbox = "allow-scripts";
+
+    ifr.onload = function() {
+        if (window.testRunner)
+            testRunner.notifyDone();
+    };
+    ifr.src = "https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html";
+
+    document.body.appendChild(ifr);
+};
+</script>
+</body>

LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt

@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-data-url-frame-with-script.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+CONSOLE MESSAGE: [blocked] The page at data:text/html,<html><script src='http://127.0.0.1:8080/security/mixedContent/resources/script.js'></script></html> was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
 
 This test opens a window that loads a data: iframe that loads an insecure script, and that the script is still blocked. Although the data: frame has a separate origin, the script can still navigate top.

LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html

@@ -16,10 +16,11 @@
     finishJSTest();
 }
 
-onload = () => {
+onload = async () => {
     frame = document.createElement("iframe");
     frame.src = "resources/serve-referrer-policy-and-meta-tag.py?http_value=no-referrer&meta_value=";
     document.body.appendChild(frame);
+    await new Promise(resolve => frame.onload = resolve);
 }
 </script>
 </body>

LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html

@@ -16,10 +16,11 @@
     finishJSTest();
 }
 
-onload = () => {
+onload = async () => {
     frame = document.createElement("iframe");
     frame.src = "resources/serve-referrer-policy-and-meta-tag.py?http_value=unsafe-url&meta_value=no-referrer";
     document.body.appendChild(frame);
+    await new Promise(resolve => frame.onload = resolve);
 }
 </script>
 </body>

LayoutTests/http/tests/security/referrer-policy-header-multipart.html

@@ -10,7 +10,7 @@
 jsTestIsAsync = true;
 
 if (window.testRunner)
-    testRunner.setStatisticsShouldDowngradeReferrer(false, () => { runTests(true /* multipart */); });
+    testRunner.setStatisticsShouldDowngradeReferrer(false, async () => { await runTests(true /* multipart */); });
 </script>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-header-test.js

@@ -61,7 +61,7 @@ onmessage = (msg) => {
         printResults();
 }
 
-function runTests(isTestingMultipart)
+async function runTests(isTestingMultipart)
 {
     window.isTestingMultipart = isTestingMultipart;
     for (let i = 0; i < results.length; i++) {
@@ -72,5 +72,7 @@ function runTests(isTestingMultipart)
         frame.style = "display:none";
         frame.src = sourceOrigin + "security/resources/serve-referrer-policy-and-test.py?value=" + currentTest[0] + "&destinationOrigin=" + currentTest[2] + "&isTestingMultipart=" + (isTestingMultipart ? "1" : "0") + "&id=" + i;
         document.body.appendChild(frame);
+
+        await new Promise(resolve => frame.onload = resolve);
     }
 }

LayoutTests/http/tests/security/referrer-policy-header.html

@@ -8,9 +8,9 @@
 <script>
 description("Tests support for Referrer-Policy HTTP header.");
 jsTestIsAsync = true;
-
+runTests(false);
 if (window.testRunner)
-    testRunner.setStatisticsShouldDowngradeReferrer(false, () => { runTests(false /* multipart */); });
+    testRunner.setStatisticsShouldDowngradeReferrer(false, async () => { await runTests(false /* multipart */); });
 </script>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt

@@ -1,10 +1,5 @@
 This test checks the always referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 Referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 

LayoutTests/http/tests/security/referrer-policy-https-always.html

@@ -3,7 +3,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -14,6 +13,13 @@
 to an insecure URL. The test passes if the printed referrer is
 https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?always", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt

@@ -1,10 +1,5 @@
 This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-default.html

@@ -3,7 +3,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -13,6 +12,13 @@
 This test checks the default referrer policy when navigating from a secure URL
 to an insecure URL. The test passes if the printed referrer is empty.
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?default"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?default", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt

@@ -1,10 +1,5 @@
 This test checks the never referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-never.html

@@ -3,7 +3,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -13,6 +12,13 @@
 This test checks the never referrer policy when navigating from a secure URL to
 an insecure URL. The test passes if the printed referrer is empty.
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?never"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?never", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>

LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt

@@ -1,10 +1,5 @@
 This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt

@@ -1,10 +1,5 @@
 This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
 
-
-
---------
-Frame: '<!--frame1-->'
---------
 HTTP Referer header is empty
 Referrer is empty
 

LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html

@@ -4,7 +4,6 @@
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
     testRunner.waitUntilDone();
 }
 </script>
@@ -14,6 +13,13 @@
 This test checks the default referrer policy when navigating from a secure URL
 to an insecure URL. The test passes if the printed referrer is empty.
 </p>
-<iframe src="https://127.0.0.1:8443/security/resources/referrer-policy-start.html?no-referrer-when-downgrade"></iframe>
+<script>
+onmessage = (event) => {
+    document.getElementById("log").innerText = event.data;
+    testRunner.notifyDone();
+};
+window.open("https://127.0.0.1:8443/security/resources/referrer-policy-start.html?no-referrer-when-downgrade", "testPopup", "popup");
+</script>
+<div id="log"></div>
 </body>
 </html>