Do not change referrer policy on document.open

At the moment on document.open chrome sets the referrer policy of the opened document to be equal to the referrer policy of the entryDocument. This CL removes this step, keeping the previous referrer policy instead. Fixed: 1174496 Bug: 1130587,1174496 Change-Id: Ica4740bbd2baed0ca5bb6770c3c38132573eb374 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2674927 Reviewed-by: Camille Lamy <[email protected]> Reviewed-by: Dominic Farolino <[email protected]> Commit-Queue: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/master@{#855766}
AryanGitHub · Feb 19, 2021 · 043eddd · 043eddd
1 parent 131ea12
commit 043eddd
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 9 deletions.
diff --git a/third_party/blink/renderer/core/dom/document.cc b/third_party/blink/renderer/core/dom/document.cc
@@ -3359,7 +3359,6 @@ void Document::open(LocalDOMWindow* entered_window,
 
       dom_window_->GetSecurityContext().SetSecurityOrigin(
           entered_window->GetMutableSecurityOrigin());
-      dom_window_->SetReferrerPolicy(entered_window->GetReferrerPolicy());
       cookie_url_ = entered_window->document()->CookieURL();
     }
   }

diff --git a/...s/external/wpt/referrer-policy/generic/inheritance/iframe-inheritance-document-write.html b/...s/external/wpt/referrer-policy/generic/inheritance/iframe-inheritance-document-write.html
@@ -7,14 +7,28 @@
 <meta name="referrer" content="origin">
 <div id="log"></div>
 <script>
-async_test(t => {
-  window.addEventListener("message", t.step_func_done(msg => {
-    assert_equals(msg.data.referrer, self.origin + "/");
-  }));
+  let reportedReferrer = () => {
+    return new Promise(resolve => {
+      window.addEventListener("message", msg => resolve(msg.data.referrer));
+    });
+  };
 
   const iframe = document.createElement("iframe");
-  document.body.appendChild(iframe);
-  iframe.contentDocument.write(createScriptString(get_host_info().REMOTE_ORIGIN));
-  iframe.contentDocument.close();
-});
+  promise_test(async t => {
+    let referrer_of_srcdoc_iframe = reportedReferrer();
+    const script_to_fetch_cross_origin_resource =
+          createScriptString(get_host_info().REMOTE_ORIGIN, location.origin + "/custom");
+    iframe.srcdoc = `<head><meta name="referrer" content="unsafe-url"></head>`
+      + script_to_fetch_cross_origin_resource;
+    document.body.appendChild(iframe);
+    assert_equals(await referrer_of_srcdoc_iframe, self.origin + "/custom",
+                  "Srcdoc iframe setting referrer policy via meta header should use that referrer policy.");
+
+    let referrer_after_document_open = reportedReferrer();
+    iframe.contentDocument.open();
+    iframe.contentDocument.write(script_to_fetch_cross_origin_resource);
+    iframe.contentDocument.close();
+    assert_equals(await referrer_after_document_open, self.origin + "/custom",
+                  "Referrer policy should not change after document.open().");
+  }, "document.open() should not change the referrer policy of the opened document.");
 </script>