Update web-platform-tests to revision 075802c1d3387d07e31cd5887459d539b1297c8d.

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/fetch-request/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/xhr-request/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/fetch-request/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-csp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: CSP delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-csp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-csp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers

@@ -0,0 +1,2 @@
+Content-Security-Policy: referrer unsafe-url
+Access-Control-Allow-Origin: *