Add referrerpolicy attribute support for anchors
https://bugs.webkit.org/show_bug.cgi?id=208424
Patch by Rob Buis <rbuis@igalia.com> on 2020-03-02
Reviewed by Darin Adler.
LayoutTests/imported/w3c:
Update improved test results.
* web-platform-tests/html/dom/idlharness.https-expected.txt:
* web-platform-tests/html/dom/reflection-text-expected.txt:
Source/WebCore:
This patch adds 'referrerpolicy' attribute support for anchor elements.
If set, the value is restricted to the ReferrerPolicy enum, and
if valid it is used for the script fetch.
If not set or invalid, the current behavior is kept.
Tests: http/tests/referrer-policy-anchor/no-referrer-when-downgrade/cross-origin-http-http.html
http/tests/referrer-policy-anchor/no-referrer-when-downgrade/cross-origin-http.https.html
http/tests/referrer-policy-anchor/no-referrer-when-downgrade/same-origin.html
http/tests/referrer-policy-anchor/no-referrer/cross-origin-http-http.html
http/tests/referrer-policy-anchor/no-referrer/cross-origin-http.https.html
http/tests/referrer-policy-anchor/no-referrer/same-origin.html
http/tests/referrer-policy-anchor/origin-when-cross-origin/cross-origin-http-http.html
http/tests/referrer-policy-anchor/origin-when-cross-origin/cross-origin-http.https.html
http/tests/referrer-policy-anchor/origin-when-cross-origin/same-origin.html
http/tests/referrer-policy-anchor/origin/cross-origin-http-http.html
http/tests/referrer-policy-anchor/origin/cross-origin-http.https.html
http/tests/referrer-policy-anchor/origin/same-origin.html
http/tests/referrer-policy-anchor/same-origin/cross-origin-http-http.html
http/tests/referrer-policy-anchor/same-origin/cross-origin-http.https.html
http/tests/referrer-policy-anchor/same-origin/same-origin.html
http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/cross-origin-http-http.html
http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/cross-origin-http.https.html
http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/same-origin.html
http/tests/referrer-policy-anchor/strict-origin/cross-origin-http-http.html
http/tests/referrer-policy-anchor/strict-origin/cross-origin-http.https.html
http/tests/referrer-policy-anchor/strict-origin/same-origin.html
http/tests/referrer-policy-anchor/unsafe-url/cross-origin-http-http.html
http/tests/referrer-policy-anchor/unsafe-url/cross-origin-http.https.html
http/tests/referrer-policy-anchor/unsafe-url/same-origin.html
* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::handleClick):
(WebCore::HTMLAnchorElement::setReferrerPolicyForBindings):
(WebCore::HTMLAnchorElement::referrerPolicyForBindings const):
(WebCore::HTMLAnchorElement::referrerPolicy const):
* html/HTMLAnchorElement.h:
* html/HTMLAnchorElement.idl:
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::handleClick):
* inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorFrontendClientLocal::openInNewTab):
* inspector/agents/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::navigate):
* loader/FrameLoadRequest.cpp:
(WebCore::FrameLoadRequest::FrameLoadRequest):
* loader/FrameLoadRequest.h:
(WebCore::FrameLoadRequest::FrameLoadRequest):
(WebCore::FrameLoadRequest::referrerPolicy const):
(WebCore::FrameLoadRequest::shouldSendReferrer const): Deleted.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::urlSelected):
(WebCore::FrameLoader::loadURLIntoChildFrame):
(WebCore::FrameLoader::loadFrameRequest):
* loader/FrameLoader.h:
* loader/FrameLoaderTypes.h:
* loader/NavigationScheduler.cpp:
(WebCore::NavigationScheduler::scheduleLocationChange):
* mathml/MathMLElement.cpp:
(WebCore::MathMLElement::defaultEventHandler):
* page/ContextMenuController.cpp:
(WebCore::openNewWindow):
(WebCore::ContextMenuController::contextMenuItemSelected):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::createWindow):
* svg/SVGAElement.cpp:
(WebCore::SVGAElement::defaultEventHandler):
Source/WebKit:
Adjust to FrameLoadRequest API change.
* WebProcess/Inspector/WebInspector.cpp:
(WebKit::WebInspector::openInNewTab):
* WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::clickedLink):
* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::loadURL):
* WebProcess/WebCoreSupport/WebContextMenuClient.cpp:
(WebKit::WebContextMenuClient::searchWithGoogle):
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchCreatePage):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::navigateToPDFLinkWithSimulatedClick):
Source/WebKitLegacy/ios:
Adjust to FrameLoadRequest API change.
* WebView/WebPDFViewPlaceholder.mm:
(-[WebPDFViewPlaceholder simulateClickOnLinkToURL:]):
Source/WebKitLegacy/mac:
Adjust to FrameLoadRequest API change.
* WebView/WebPDFView.mm:
(-[WebPDFView PDFViewWillClickOnLink:withURL:]):
Source/WebKitLegacy/win:
Adjust to FrameLoadRequest API change.
* Plugins/PluginView.cpp:
(WebCore::PluginView::start):
(WebCore::PluginView::getURLNotify):
(WebCore::PluginView::getURL):
(WebCore::PluginView::handlePost):
* WebCoreSupport/WebContextMenuClient.cpp:
(WebContextMenuClient::searchWithGoogle):
LayoutTests:
Add tests for anchors with various referrerpolicy attribute values and
update improved test results.
* http/tests/referrer-policy-anchor/no-referrer-when-downgrade/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/no-referrer-when-downgrade/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/no-referrer-when-downgrade/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/no-referrer-when-downgrade/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/no-referrer-when-downgrade/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/no-referrer-when-downgrade/same-origin.html: Added.
* http/tests/referrer-policy-anchor/no-referrer/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/no-referrer/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/no-referrer/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/no-referrer/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/no-referrer/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/no-referrer/same-origin.html: Added.
* http/tests/referrer-policy-anchor/origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/origin-when-cross-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/origin-when-cross-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/origin-when-cross-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/origin-when-cross-origin/same-origin.html: Added.
* http/tests/referrer-policy-anchor/origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/origin/same-origin.html: Added.
* http/tests/referrer-policy-anchor/same-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/same-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/same-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/same-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/same-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/same-origin/same-origin.html: Added.
* http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/strict-origin-when-cross-origin/same-origin.html: Added.
* http/tests/referrer-policy-anchor/strict-origin/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/strict-origin/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/strict-origin/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/strict-origin/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/strict-origin/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/strict-origin/same-origin.html: Added.
* http/tests/referrer-policy-anchor/unsafe-url/cross-origin-http-http-expected.txt: Added.
* http/tests/referrer-policy-anchor/unsafe-url/cross-origin-http-http.html: Added.
* http/tests/referrer-policy-anchor/unsafe-url/cross-origin-http.https-expected.txt: Added.
* http/tests/referrer-policy-anchor/unsafe-url/cross-origin-http.https.html: Added.
* http/tests/referrer-policy-anchor/unsafe-url/same-origin-expected.txt: Added.
* http/tests/referrer-policy-anchor/unsafe-url/same-origin.html: Added.
* http/tests/referrer-policy/resources/check-referrer.php: Added.
* js/dom/dom-static-property-for-in-iteration-expected.txt:
* platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/gtk/js/dom/dom-static-property-for-in-iteration-expected.txt:
* platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/ios-wk2/js/dom/dom-static-property-for-in-iteration-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/mac-wk2/js/dom/dom-static-property-for-in-iteration-expected.txt:
* platform/win/TestExpectations:
* platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/wpe/js/dom/dom-static-property-for-in-iteration-expected.txt:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@257707 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
index 0b8b520..9c18d76 100644
--- a/Source/WebCore/loader/FrameLoader.cpp
+++ b/Source/WebCore/loader/FrameLoader.cpp
@@ -421,13 +421,13 @@
urlSelected(WTFMove(request), nullptr);
}
-void FrameLoader::urlSelected(const URL& url, const String& passedTarget, Event* triggeringEvent, LockHistory lockHistory, LockBackForwardList lockBackForwardList, ShouldSendReferrer shouldSendReferrer, ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy, Optional<NewFrameOpenerPolicy> openerPolicy, const AtomString& downloadAttribute, const SystemPreviewInfo& systemPreviewInfo, Optional<AdClickAttribution>&& adClickAttribution)
+void FrameLoader::urlSelected(const URL& url, const String& passedTarget, Event* triggeringEvent, LockHistory lockHistory, LockBackForwardList lockBackForwardList, const ReferrerPolicy& referrerPolicy, ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy, Optional<NewFrameOpenerPolicy> openerPolicy, const AtomString& downloadAttribute, const SystemPreviewInfo& systemPreviewInfo, Optional<AdClickAttribution>&& adClickAttribution)
{
auto* frame = lexicalFrameFromCommonVM();
auto initiatedByMainFrame = frame && frame->isMainFrame() ? InitiatedByMainFrame::Yes : InitiatedByMainFrame::Unknown;
- NewFrameOpenerPolicy newFrameOpenerPolicy = openerPolicy.valueOr(shouldSendReferrer == NeverSendReferrer ? NewFrameOpenerPolicy::Suppress : NewFrameOpenerPolicy::Allow);
- urlSelected(FrameLoadRequest(*m_frame.document(), m_frame.document()->securityOrigin(), { url }, passedTarget, lockHistory, lockBackForwardList, shouldSendReferrer, AllowNavigationToInvalidURL::Yes, newFrameOpenerPolicy, shouldOpenExternalURLsPolicy, initiatedByMainFrame, DoNotReplaceDocumentIfJavaScriptURL, downloadAttribute, systemPreviewInfo), triggeringEvent, WTFMove(adClickAttribution));
+ NewFrameOpenerPolicy newFrameOpenerPolicy = openerPolicy.valueOr(referrerPolicy == ReferrerPolicy::NoReferrer ? NewFrameOpenerPolicy::Suppress : NewFrameOpenerPolicy::Allow);
+ urlSelected(FrameLoadRequest(*m_frame.document(), m_frame.document()->securityOrigin(), { url }, passedTarget, lockHistory, lockBackForwardList, referrerPolicy, AllowNavigationToInvalidURL::Yes, newFrameOpenerPolicy, shouldOpenExternalURLsPolicy, initiatedByMainFrame, DoNotReplaceDocumentIfJavaScriptURL, downloadAttribute, systemPreviewInfo), triggeringEvent, WTFMove(adClickAttribution));
}
void FrameLoader::urlSelected(FrameLoadRequest&& frameRequest, Event* triggeringEvent, Optional<AdClickAttribution>&& adClickAttribution)
@@ -993,7 +993,7 @@
auto* lexicalFrame = lexicalFrameFromCommonVM();
auto initiatedByMainFrame = lexicalFrame && lexicalFrame->isMainFrame() ? InitiatedByMainFrame::Yes : InitiatedByMainFrame::Unknown;
- FrameLoadRequest frameLoadRequest { *m_frame.document(), m_frame.document()->securityOrigin(), { url }, "_self"_s, LockHistory::No, LockBackForwardList::Yes, ShouldSendReferrer::MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress, ShouldOpenExternalURLsPolicy::ShouldNotAllow, initiatedByMainFrame };
+ FrameLoadRequest frameLoadRequest { *m_frame.document(), m_frame.document()->securityOrigin(), { url }, "_self"_s, LockHistory::No, LockBackForwardList::Yes, ReferrerPolicy::EmptyString, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress, ShouldOpenExternalURLsPolicy::ShouldNotAllow, initiatedByMainFrame };
childFrame->loader().loadURL(WTFMove(frameLoadRequest), referer, FrameLoadType::RedirectWithLockedBackForwardList, nullptr, { }, WTF::nullopt, [] { });
}
@@ -1270,9 +1270,10 @@
if (argsReferrer.isEmpty())
argsReferrer = outgoingReferrer();
- String referrer = SecurityPolicy::generateReferrerHeader(m_frame.document()->referrerPolicy(), url, argsReferrer);
- if (request.shouldSendReferrer() == NeverSendReferrer)
- referrer = String();
+ ReferrerPolicy referrerPolicy = request.referrerPolicy();
+ if (referrerPolicy == ReferrerPolicy::EmptyString)
+ referrerPolicy = m_frame.document()->referrerPolicy();
+ String referrer = SecurityPolicy::generateReferrerHeader(referrerPolicy, url, argsReferrer);
FrameLoadType loadType;
if (request.resourceRequest().cachePolicy() == ResourceRequestCachePolicy::ReloadIgnoringCacheData)
