Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

<!DOCTYPE html>
<html>
<head>
<title>Referrer with the strict-origin referrer policy</title>
<meta name="referrer" content="strict-origin">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script type="module">
// "name" parameter is necessary for bypassing the module map in descendant import.
import { referrer as insecureImport } from "./resources/import-referrer-checker-insecure.sub.js?name=insecure_import";
const origin = (new URL(location.href)).origin + "/";
test(t => {
assert_equals(
insecureImport, origin,
"A document with the strict-origin referrer policy served over HTTP, " +
"imports an module script over HTTP, that imports a descendant script " +
"over HTTP. The request for the descendant script is sent with a " +
"`Referer` header with the page's origin");
assert_equals(
secureImport, "",
"A document with the strict-origin referrer policy served over HTTP, " +
"imports an module script over HTTPS, that imports a descendant script " +
"over HTTP. The request for the descendant script is sent with no " +
"`Referer` header");
}, "The strict-* referrer policies compare the trustworthiness of a " +
"request's referrer string against its URL");
</script>
</body>
</html>