Make the Referrer-Policy tests allow further truncated referrers #29434
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
foolip
reviewed
Jun 18, 2021
There was a problem hiding this comment.
This makes sense to me, but I'd like review from @domfarolino (in META.yml) or @hiroshige-g who has touched this directory a lot.
This allows UAs to take advantage of the spec's allowance to be more aggressive than otherwise: > The user agent MAY alter referrerURL or referrerOrigin at this point > to enforce arbitrary policy considerations in the interests of > minimizing data leakage.
gsnedders
force-pushed
the
referrer-policy-loosen
branch
from
986c7f0
to
9afd5bc
Compare
foolip
approved these changes
Jul 14, 2021
chromium-wpt-export-bot
pushed a commit
that referenced
this pull request
Aug 26, 2021
Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used, but using `no-referrer` (or more strict policies than expected in general) unexpectedly is allowed as UA-specific policies. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used Bug: 1235205, #29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1
chromium-wpt-export-bot
pushed a commit
that referenced
this pull request
Sep 4, 2021
Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because #29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, #29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1
chromium-wpt-export-bot
pushed a commit
that referenced
this pull request
Sep 7, 2021
Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because #29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, #29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3123715 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#918861}
chromium-wpt-export-bot
pushed a commit
that referenced
this pull request
Sep 7, 2021
Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because #29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, #29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3123715 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#918861}
pull bot
pushed a commit
to jamlee-t/chromium
that referenced
this pull request
Sep 8, 2021
Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because web-platform-tests/wpt#29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, web-platform-tests/wpt#29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3123715 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#918861}
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Sep 22, 2021
…"another policy", a=testonly Automatic update from web-platform-tests [WPT/referrer-policy] Use unsafe-url as "another policy" Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because web-platform-tests/wpt#29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, web-platform-tests/wpt#29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3123715 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#918861} -- wpt-commits: 56b450b126e7dc860ae69ce33bcee73bd3e33bd9 wpt-pr: 30202
aosmond
pushed a commit
to aosmond/gecko
that referenced
this pull request
Sep 24, 2021
…"another policy", a=testonly Automatic update from web-platform-tests [WPT/referrer-policy] Use unsafe-url as "another policy" Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because web-platform-tests/wpt#29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, web-platform-tests/wpt#29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3123715 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#918861} -- wpt-commits: 56b450b126e7dc860ae69ce33bcee73bd3e33bd9 wpt-pr: 30202
Gabisampaio
pushed a commit
to Gabisampaio/wpt
that referenced
this pull request
Nov 18, 2021
Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because web-platform-tests#29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, web-platform-tests#29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3123715 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#918861}
mjfroman
pushed a commit
to mjfroman/moz-libwebrtc-third-party
that referenced
this pull request
Oct 14, 2022
Previously, `no-referrer` was used as the Document's referrer policy that shouldn't be used. But using the Document's referrer policy unexpectedly didn't cause test failures, because web-platform-tests/wpt#29434 made the tests to allow UA-specific policies more strict than expected, and using `no-referrer` is always allowed. This CL uses `unsafe-url` instead as long as possible, to make tests fail if the policy is used unexpectedly. `unsafe-url` is likely to result in less strict referrers that aren't allowed as UA-specific policies. Bug: 1235205, web-platform-tests/wpt#29434 Change-Id: I7e9aa4f5e5fbd4d8ff5a984f6647845ae0d0e2f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3123715 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#918861} NOKEYCHECK=True GitOrigin-RevId: 056e52a6653bb773973e058a76f1d7843403eb2b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows UAs to take advantage of the spec's allowance to be more aggressive than otherwise:
Notably, this increases the number that Safari passes considerably, avoiding the status quo of actual failures being largely hidden behind many more false-fails.
cc @johnwilander @foolip