Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

Handle HTTP Refresh header (#36393)

Browse source 
Move parsing of Refresh values to Document.
Send Refresh header to Document and have meta tags reuse the logic.

I transplanted the existing Regex and made some updates so that it
passed all the existing parser tests.
I added the comments that made sense but it is not very clean to add
many comments within the regex.

Testing: There are existing WPT tests

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
Sebastian C 2025-04-11 02:25:37 -05:00 committed by GitHub
parent 80a6ba5e42
commit 2c7aeca404
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 147 additions and 373 deletions
Download patch file Download diff file Expand all files Collapse all files

114
components/script/dom/document.rs
View file

@ -12,6 +12,7 @@ use std::f64::consts::PI;
use std::mem;
use std::rc::Rc;
use std::slice::from_ref;
use std::str::FromStr;
use std::sync::{LazyLock, Mutex};
use std::time::{Duration, Instant};
@ -20,7 +21,9 @@ use base::id::WebViewId;
use canvas_traits::canvas::CanvasId;
use canvas_traits::webgl::{self, WebGLContextId, WebGLMsg};
use chrono::Local;
use constellation_traits::{AnimationTickType, ScriptToConstellationMessage};
use constellation_traits::{
AnimationTickType, NavigationHistoryBehavior, ScriptToConstellationMessage,
};
use content_security_policy::{self as csp, CspList, PolicyDisposition};
use cookie::Cookie;
use cssparser::match_ignore_ascii_case;
@ -51,6 +54,7 @@ use num_traits::ToPrimitive;
use percent_encoding::percent_decode;
use profile_traits::ipc as profile_ipc;
use profile_traits::time::TimerMetadataFrameType;
use regex::bytes::Regex;
use script_bindings::interfaces::DocumentHelpers;
use script_layout_interface::{PendingRestyle, TrustedNodeAddress};
use script_traits::{ConstellationInputEvent, DocumentActivity, ProgressiveWebMetricType};
@ -151,13 +155,12 @@ use crate::dom::htmlhtmlelement::HTMLHtmlElement;
use crate::dom::htmliframeelement::HTMLIFrameElement;
use crate::dom::htmlimageelement::HTMLImageElement;
use crate::dom::htmlinputelement::HTMLInputElement;
use crate::dom::htmlmetaelement::RefreshRedirectDue;
use crate::dom::htmlscriptelement::{HTMLScriptElement, ScriptResult};
use crate::dom::htmltextareaelement::HTMLTextAreaElement;
use crate::dom::htmltitleelement::HTMLTitleElement;
use crate::dom::intersectionobserver::IntersectionObserver;
use crate::dom::keyboardevent::KeyboardEvent;
use crate::dom::location::Location;
use crate::dom::location::{Location, NavigationType};
use crate::dom::messageevent::MessageEvent;
use crate::dom::mouseevent::MouseEvent;
use crate::dom::node::{
@ -242,6 +245,24 @@ impl FireMouseEventType {
}
}
#[derive(JSTraceable, MallocSizeOf)]
pub(crate) struct RefreshRedirectDue {
#[no_trace]
pub(crate) url: ServoUrl,
#[ignore_malloc_size_of = "non-owning"]
pub(crate) window: DomRoot<Window>,
}
impl RefreshRedirectDue {
pub(crate) fn invoke(self, can_gc: CanGc) {
self.window.Location().navigate(
self.url.clone(),
NavigationHistoryBehavior::Replace,
NavigationType::DeclarativeRefresh,
can_gc,
);
}
}
#[derive(Clone, Copy, Debug, JSTraceable, MallocSizeOf, PartialEq)]
pub(crate) enum IsHTMLDocument {
HTMLDocument,
@ -4743,6 +4764,93 @@ impl Document {
self.image_animation_manager.borrow_mut()
}
/// <https://html.spec.whatwg.org/multipage/#shared-declarative-refresh-steps>
pub(crate) fn shared_declarative_refresh_steps(&self, content: &[u8]) {
// 1. If document's will declaratively refresh is true, then return.
if self.will_declaratively_refresh() {
return;
}
// 2-11 Parsing
static REFRESH_REGEX: LazyLock<Regex> = LazyLock::new(|| {
// s flag is used to match . on newlines since the only places we use . in the
// regex is to go "to end of the string"
// (?s-u:.) is used to consume invalid unicode bytes
Regex::new(
r#"(?xs)
^
\s* # 3
((?<time>[0-9]+)|\.) # 5-6
[0-9.]* # 8
(
(
(\s*;|\s*,|\s) # 10.3
\s* # 10.4
)
(
(
(U|u)(R|r)(L|l) # 11.2-11.4
\s*=\s* # 11.5-11.7
)?
('(?<url1>[^']*)'(?s-u:.)*|"(?<url2>[^"]*)"(?s-u:.)*|['"]?(?<url3>(?s-u:.)*)) # 11.8 - 11.10
|
(?<url4>(?s-u:.)*)
)
)?
$
"#,
)
.unwrap()
});
// 9. Let urlRecord be document's URL.
let mut url_record = self.url();
let captures = if let Some(captures) = REFRESH_REGEX.captures(content) {
captures
} else {
return;
};
let time = if let Some(time_string) = captures.name("time") {
u64::from_str(&String::from_utf8_lossy(time_string.as_bytes())).unwrap_or(0)
} else {
0
};
let captured_url = captures.name("url1").or(captures
.name("url2")
.or(captures.name("url3").or(captures.name("url4"))));
// 11.11 Parse: Set urlRecord to the result of encoding-parsing a URL given urlString, relative to document.
if let Some(url_match) = captured_url {
url_record = if let Ok(url) = ServoUrl::parse_with_base(
Some(&url_record),
&String::from_utf8_lossy(url_match.as_bytes()),
) {
info!("Refresh to {}", url.debug_compact());
url
} else {
// 11.12 If urlRecord is failure, then return.
return;
}
}
// 12. Set document's will declaratively refresh to true.
if self.completely_loaded() {
// TODO: handle active sandboxing flag
self.window.as_global_scope().schedule_callback(
OneshotTimerCallback::RefreshRedirectDue(RefreshRedirectDue {
window: DomRoot::from_ref(self.window()),
url: url_record,
}),
Duration::from_secs(time),
);
self.set_declarative_refresh(DeclarativeRefresh::CreatedAfterLoad);
} else {
self.set_declarative_refresh(DeclarativeRefresh::PendingLoad {
url: url_record,
time,
});
}
}
pub(crate) fn will_declaratively_refresh(&self) -> bool {
self.declarative_refresh.borrow().is_some()
}

118
components/script/dom/htmlmetaelement.rs
View file

@ -2,59 +2,30 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
use std::str::FromStr;
use std::sync::LazyLock;
use std::time::Duration;
use constellation_traits::NavigationHistoryBehavior;
use dom_struct::dom_struct;
use html5ever::{LocalName, Prefix, local_name, namespace_url, ns};
use js::rust::HandleObject;
use regex::bytes::Regex;
use servo_url::ServoUrl;
use style::str::HTML_SPACE_CHARACTERS;
use crate::dom::attr::Attr;
use crate::dom::bindings::codegen::Bindings::HTMLMetaElementBinding::HTMLMetaElementMethods;
use crate::dom::bindings::codegen::Bindings::NodeBinding::NodeMethods;
use crate::dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
use crate::dom::bindings::inheritance::Castable;
use crate::dom::bindings::root::DomRoot;
use crate::dom::bindings::str::DOMString;
use crate::dom::document::{DeclarativeRefresh, Document, determine_policy_for_token};
use crate::dom::document::{Document, determine_policy_for_token};
use crate::dom::element::{AttributeMutation, Element};
use crate::dom::htmlelement::HTMLElement;
use crate::dom::htmlheadelement::HTMLHeadElement;
use crate::dom::location::NavigationType;
use crate::dom::node::{BindContext, Node, NodeTraits, UnbindContext};
use crate::dom::virtualmethods::VirtualMethods;
use crate::dom::window::Window;
use crate::script_runtime::CanGc;
use crate::timers::OneshotTimerCallback;
#[dom_struct]
pub(crate) struct HTMLMetaElement {
htmlelement: HTMLElement,
}
#[derive(JSTraceable, MallocSizeOf)]
pub(crate) struct RefreshRedirectDue {
#[no_trace]
pub(crate) url: ServoUrl,
#[ignore_malloc_size_of = "non-owning"]
pub(crate) window: DomRoot<Window>,
}
impl RefreshRedirectDue {
pub(crate) fn invoke(self, can_gc: CanGc) {
self.window.Location().navigate(
self.url.clone(),
NavigationHistoryBehavior::Replace,
NavigationType::DeclarativeRefresh,
can_gc,
);
}
}
impl HTMLMetaElement {
fn new_inherited(
local_name: LocalName,
@ -155,92 +126,17 @@ impl HTMLMetaElement {
/// <https://html.spec.whatwg.org/multipage/#shared-declarative-refresh-steps>
fn declarative_refresh(&self) {
if !self.upcast::<Node>().is_in_a_document_tree() {
return;
}
// 2
let content = self.Content();
// 1
if !content.is_empty() {
// 3
self.shared_declarative_refresh_steps(content);
}
}
/// <https://html.spec.whatwg.org/multipage/#shared-declarative-refresh-steps>
fn shared_declarative_refresh_steps(&self, content: DOMString) {
// 1
let document = self.owner_document();
if document.will_declaratively_refresh() {
return;
}
// 2-11
static REFRESH_REGEX: LazyLock<Regex> = LazyLock::new(|| {
Regex::new(
r#"(?x)
^
\s* # 3
((?<time>\d+)\.?|\.) # 5-6
[0-9.]* # 8
(
(;|,| ) # 10.1
\s* # 10.2
(;|,)? # 10.3
\s* # 10.4
(
(U|u)(R|r)(L|l) # 11.2-11.4
\s*=\s* # 11.5-11.7
('(?<url1>.*?)'?|"(?<url2>.*?)"?|(?<url3>[^'"].*)) # 11.8 - 11.10
|
(?<url4>.*)
)?
)?
$
"#,
)
.unwrap()
});
let mut url_record = document.url();
let captures = if let Some(captures) = REFRESH_REGEX.captures(content.as_bytes()) {
captures
} else {
return;
};
let time = if let Some(time_string) = captures.name("time") {
u64::from_str(&String::from_utf8_lossy(time_string.as_bytes())).unwrap_or(0)
} else {
0
};
let captured_url = captures.name("url1").or(captures
.name("url2")
.or(captures.name("url3").or(captures.name("url4"))));
if let Some(url_match) = captured_url {
url_record = if let Ok(url) = ServoUrl::parse_with_base(
Some(&url_record),
&String::from_utf8_lossy(url_match.as_bytes()),
) {
url
} else {
return;
}
}
// 12-13
if document.completely_loaded() {
// TODO: handle active sandboxing flag
let window = self.owner_window();
window.as_global_scope().schedule_callback(
OneshotTimerCallback::RefreshRedirectDue(RefreshRedirectDue {
window: window.clone(),
url: url_record,
}),
Duration::from_secs(time),
);
document.set_declarative_refresh(DeclarativeRefresh::CreatedAfterLoad);
} else {
document.set_declarative_refresh(DeclarativeRefresh::PendingLoad {
url: url_record,
time,
});
self.owner_document()
.shared_declarative_refresh_steps(content.as_bytes());
}
}
}

9
components/script/script_thread.rs
View file

@ -55,6 +55,7 @@ use euclid::default::Rect;
use fonts::{FontContext, SystemFontServiceProxy};
use headers::{HeaderMapExt, LastModified, ReferrerPolicy as ReferrerPolicyHeader};
use html5ever::{local_name, namespace_url, ns};
use http::header::REFRESH;
use hyper_serde::Serde;
use ipc_channel::ipc;
use ipc_channel::router::ROUTER;
@ -3205,8 +3206,14 @@ impl ScriptThread {
.as_deref()
.and_then(|h| h.typed_get::<ReferrerPolicyHeader>())
.into();
document.set_referrer_policy(referrer_policy);
let refresh_header = metadata.headers.as_deref().and_then(|h| h.get(REFRESH));
if let Some(refresh_val) = refresh_header {
// There are tests that this header handles Unicode code points
document.shared_declarative_refresh_steps(refresh_val.as_bytes());
}
document.set_ready_state(DocumentReadyState::Loading, can_gc);
self.documents

3
components/script/timers.rs
View file

@ -24,10 +24,9 @@ use crate::dom::bindings::refcounted::Trusted;
use crate::dom::bindings::reflector::{DomGlobal, DomObject};
use crate::dom::bindings::root::Dom;
use crate::dom::bindings::str::DOMString;
use crate::dom::document::FakeRequestAnimationFrameCallback;
use crate::dom::document::{FakeRequestAnimationFrameCallback, RefreshRedirectDue};
use crate::dom::eventsource::EventSourceTimeoutCallback;
use crate::dom::globalscope::GlobalScope;
use crate::dom::htmlmetaelement::RefreshRedirectDue;
use crate::dom::testbinding::TestBindingCallback;
use crate::dom::types::{Window, WorkerGlobalScope};
use crate::dom::xmlhttprequest::XHRTimeoutCallback;

8
tests/wpt/include.ini vendored
View file

@ -158,14 +158,6 @@ skip: true
skip: true
[semantics]
skip: false
[document-metadata]
skip: false
[the-meta-element]
skip: false
[pragma-directives]
skip: false
[attr-meta-http-equiv-refresh]
skip: true
[embedded-content]
skip: false
[media-elements]

50
tests/wpt/meta/fetch/metadata/generated/header-refresh.https.optional.sub.html.ini vendored
View file

@ -1,61 +1,33 @@
[header-refresh.https.optional.sub.html]
expected: TIMEOUT
[sec-fetch-site - Same origin]
expected: TIMEOUT
[sec-fetch-site - Cross-site]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Same site]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect]
expected: NOTRUN
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site]
expected: NOTRUN
[sec-fetch-site - Same-Origin -> Same Origin]
expected: NOTRUN
[sec-fetch-site - Same-Origin -> Same-Site]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site]
expected: NOTRUN
[sec-fetch-site - Same-Site -> Same Origin]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: NOTRUN
[sec-fetch-mode]
expected: NOTRUN
[sec-fetch-dest]
expected: NOTRUN
expected: FAIL
[sec-fetch-user]
expected: NOTRUN
[sec-fetch-storage-access - Cross-site]
expected: NOTRUN
[sec-fetch-storage-access - Same site]
expected: NOTRUN
expected: FAIL

52
tests/wpt/meta/fetch/metadata/generated/header-refresh.optional.sub.html.ini vendored
View file

@ -1,55 +1,9 @@
[header-refresh.optional.sub.html]
expected: TIMEOUT
[sec-fetch-site - Not sent to non-trustworthy same-origin destination]
expected: TIMEOUT
[sec-fetch-site - Not sent to non-trustworthy same-site destination]
expected: NOTRUN
[sec-fetch-site - Not sent to non-trustworthy cross-site destination]
expected: NOTRUN
[sec-fetch-mode - Not sent to non-trustworthy same-origin destination]
expected: NOTRUN
[sec-fetch-mode - Not sent to non-trustworthy same-site destination]
expected: NOTRUN
[sec-fetch-mode - Not sent to non-trustworthy cross-site destination]
expected: NOTRUN
[sec-fetch-dest - Not sent to non-trustworthy same-origin destination]
expected: NOTRUN
[sec-fetch-dest - Not sent to non-trustworthy same-site destination]
expected: NOTRUN
[sec-fetch-dest - Not sent to non-trustworthy cross-site destination]
expected: NOTRUN
[sec-fetch-user - Not sent to non-trustworthy same-origin destination]
expected: NOTRUN
[sec-fetch-user - Not sent to non-trustworthy same-site destination]
expected: NOTRUN
[sec-fetch-user - Not sent to non-trustworthy cross-site destination]
expected: NOTRUN
[sec-fetch-site - HTTPS downgrade (header not sent)]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - HTTPS upgrade]
expected: NOTRUN
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: NOTRUN
[sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination]
expected: NOTRUN
[sec-fetch-storage-access - Not sent to non-trustworthy same-site destination]
expected: NOTRUN
[sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination]
expected: NOTRUN
expected: FAIL

4
tests/wpt/meta/html/browsers/browsing-the-web/navigating-across-documents/refresh/navigate.window.js.ini vendored
View file

@ -1,7 +1,3 @@
[navigate.window.html]
expected: TIMEOUT
[When navigating the Refresh header needs to be followed]
expected: TIMEOUT
[When there's both a Refresh header and <meta> the Refresh header wins]
expected: FAIL

3
tests/wpt/meta/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/allow-scripts-flag-changing-1.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[allow-scripts-flag-changing-1.html]
[Meta refresh is blocked by the allow-scripts sandbox flag at its creation time, not when refresh comes due]
expected: FAIL

3
tests/wpt/meta/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/allow-scripts-flag-changing-2.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[allow-scripts-flag-changing-2.html]
[Meta refresh of the original iframe is not blocked if moved into a sandboxed iframe]
expected: FAIL

52
tests/wpt/meta/referrer-policy/generic/refresh-cross-origin.sub.html.ini vendored
View file

@ -1,52 +0,0 @@
[refresh-cross-origin.sub.html]
expected: TIMEOUT
[cross-origin header refresh with referrer policy "no-referrer" refreshes with the empty string as referrer]
expected: TIMEOUT
[cross-origin meta refresh with referrer policy "no-referrer-when-downgrade" refreshes with full url as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "no-referrer-when-downgrade" refreshes with full url as referrer]
expected: NOTRUN
[cross-origin meta refresh with referrer policy "origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin meta refresh with referrer policy "origin-when-cross-origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "origin-when-cross-origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin meta refresh with referrer policy "same-origin" refreshes with the empty string as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "same-origin" refreshes with the empty string as referrer]
expected: NOTRUN
[cross-origin meta refresh with referrer policy "strict-origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "strict-origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin meta refresh with referrer policy "strict-origin-when-cross-origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "strict-origin-when-cross-origin" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin meta refresh with referrer policy "unsafe-url" refreshes with full url as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "unsafe-url" refreshes with full url as referrer]
expected: NOTRUN
[cross-origin meta refresh with referrer policy "" refreshes with origin as referrer]
expected: NOTRUN
[cross-origin header refresh with referrer policy "" refreshes with origin as referrer]
expected: NOTRUN

52
tests/wpt/meta/referrer-policy/generic/refresh-same-origin.html.ini vendored
View file

@ -1,52 +0,0 @@
[refresh-same-origin.html]
expected: TIMEOUT
[same-origin header refresh with referrer policy "no-referrer" refreshes with the empty string as referrer]
expected: TIMEOUT
[same-origin meta refresh with referrer policy "no-referrer-when-downgrade" refreshes with full url as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "no-referrer-when-downgrade" refreshes with full url as referrer]
expected: NOTRUN
[same-origin meta refresh with referrer policy "origin" refreshes with origin as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "origin" refreshes with origin as referrer]
expected: NOTRUN
[same-origin meta refresh with referrer policy "origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-origin meta refresh with referrer policy "same-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "same-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-origin meta refresh with referrer policy "strict-origin" refreshes with origin as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "strict-origin" refreshes with origin as referrer]
expected: NOTRUN
[same-origin meta refresh with referrer policy "strict-origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "strict-origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-origin meta refresh with referrer policy "unsafe-url" refreshes with full url as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "unsafe-url" refreshes with full url as referrer]
expected: NOTRUN
[same-origin meta refresh with referrer policy "" refreshes with full url as referrer]
expected: NOTRUN
[same-origin header refresh with referrer policy "" refreshes with full url as referrer]
expected: NOTRUN

52
tests/wpt/meta/referrer-policy/generic/refresh-same-url.html.ini vendored
View file

@ -1,52 +0,0 @@
[refresh-same-url.html]
expected: TIMEOUT
[same-URL header refresh with referrer policy "no-referrer" refreshes with the empty string as referrer]
expected: TIMEOUT
[same-URL meta refresh with referrer policy "no-referrer-when-downgrade" refreshes with full url as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "no-referrer-when-downgrade" refreshes with full url as referrer]
expected: NOTRUN
[same-URL meta refresh with referrer policy "origin" refreshes with origin as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "origin" refreshes with origin as referrer]
expected: NOTRUN
[same-URL meta refresh with referrer policy "origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-URL meta refresh with referrer policy "same-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "same-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-URL meta refresh with referrer policy "strict-origin" refreshes with origin as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "strict-origin" refreshes with origin as referrer]
expected: NOTRUN
[same-URL meta refresh with referrer policy "strict-origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "strict-origin-when-cross-origin" refreshes with full url as referrer]
expected: NOTRUN
[same-URL meta refresh with referrer policy "unsafe-url" refreshes with full url as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "unsafe-url" refreshes with full url as referrer]
expected: NOTRUN
[same-URL meta refresh with referrer policy "" refreshes with full url as referrer]
expected: NOTRUN
[same-URL header refresh with referrer policy "" refreshes with full url as referrer]
expected: NOTRUN