Fix module script descendant referrer tests to match spec PR #22038
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes module script descendent referrer tests that I originally added in https://crrev.com/c/1809205. The tests I added match the spec, and we were going to change Chromium's implementation accordingly, however after more discussion in w3c/webappsec-referrer-policy#123, we're aiming to change the spec to be more sane.
This PR makes the module script descendant scripts tests assert that a descendant script's referrer string is used in determining if the request is same-origin or not. Currently the spec computes same-origin-ness by comparing request's currently URL and request's origin (which can be its client's origin). It does not consider the referrer string, which may be different than its client's origin, via module scripts. Consider:
In this case, the request for A.com/x.js's referrer string is B.com/x.js, but it's client's origin is A.com. The point of the HTML Standard setting the descendant's referrer string to its parent's URL is to make the parent behave as the referrer in this case, but the Referrer Policy spec didn't respect this. w3c/webappsec-referrer-policy#123 changes the Referrer Policy spec accordingly, and this PR considers the above request to be cross-origin (the descendant request is cross-origin relative its parent).