From eeccb75fc1b26cfe6b1057006e6a981c706a4b10 Mon Sep 17 00:00:00 2001
From: Aravind Gollakota <aravindprasant@gmail.com>
Date: Thu, 30 Jun 2016 19:02:12 -0700
Subject: [PATCH] net: Add "origin" and "same-origin" referrer policies,
 replacing "origin-only".

---
 components/msg/constellation_msg.rs           |  3 +-
 components/net/http_loader.rs                 |  3 +-
 components/script/dom/document.rs             |  3 +-
 tests/unit/net/http_loader.rs                 | 33 +++++++++++++++++--
 ...-origin.keep-origin-redirect.http.html.ini |  5 ---
 .../cross-origin.no-redirect.http.html.ini    |  5 ---
 ...-origin.swap-origin-redirect.http.html.ini |  5 ---
 ...nsecure.swap-origin-redirect.http.html.ini |  5 ---
 8 files changed, 37 insertions(+), 25 deletions(-)
 delete mode 100644 tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.ini
 delete mode 100644 tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.ini
 delete mode 100644 tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.ini
 delete mode 100644 tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.ini

diff --git a/components/msg/constellation_msg.rs b/components/msg/constellation_msg.rs
index b0047e6043d..be5bd924ce3 100644
--- a/components/msg/constellation_msg.rs
+++ b/components/msg/constellation_msg.rs
@@ -333,7 +333,8 @@ pub enum FrameType {
 pub enum ReferrerPolicy {
     NoReferrer,
     NoRefWhenDowngrade,
-    OriginOnly,
+    Origin,
+    SameOrigin,
     OriginWhenCrossOrigin,
     UnsafeUrl,
 }
diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
index fa768670c74..10279b79f0d 100644
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@@ -458,7 +458,8 @@ pub fn determine_request_referrer(headers: &mut Headers,
         let cross_origin = ref_url.origin() != url.origin();
         return match referrer_policy {
             Some(ReferrerPolicy::NoReferrer) => None,
-            Some(ReferrerPolicy::OriginOnly) => strip_url(ref_url, true),
+            Some(ReferrerPolicy::Origin) => strip_url(ref_url, true),
+            Some(ReferrerPolicy::SameOrigin) => if cross_origin { None } else { strip_url(ref_url, false) },
             Some(ReferrerPolicy::UnsafeUrl) => strip_url(ref_url, false),
             Some(ReferrerPolicy::OriginWhenCrossOrigin) => strip_url(ref_url, cross_origin),
             Some(ReferrerPolicy::NoRefWhenDowngrade) | None => no_ref_when_downgrade_header(ref_url, url),
diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs
index 43a4473689e..64954ae0a85 100644
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@@ -2818,7 +2818,8 @@ pub fn determine_policy_for_token(token: &str) -> Option<ReferrerPolicy> {
     return match lower.as_ref() {
         "never" | "no-referrer" => Some(ReferrerPolicy::NoReferrer),
         "default" | "no-referrer-when-downgrade" => Some(ReferrerPolicy::NoRefWhenDowngrade),
-        "origin" => Some(ReferrerPolicy::OriginOnly),
+        "origin" => Some(ReferrerPolicy::Origin),
+        "same-origin" => Some(ReferrerPolicy::SameOrigin),
         "origin-when-cross-origin" => Some(ReferrerPolicy::OriginWhenCrossOrigin),
         "always" | "unsafe-url" => Some(ReferrerPolicy::UnsafeUrl),
         "" => Some(ReferrerPolicy::NoReferrer),
diff --git a/tests/unit/net/http_loader.rs b/tests/unit/net/http_loader.rs
index a6f4bc6ef31..c78af1a524f 100644
--- a/tests/unit/net/http_loader.rs
+++ b/tests/unit/net/http_loader.rs
@@ -1626,10 +1626,10 @@ fn assert_referer_header_not_included(origin_info: &LoadOrigin, request_url: &st
 }
 
 #[test]
-fn test_referer_set_to_origin_with_originonly_policy() {
+fn test_referer_set_to_origin_with_origin_policy() {
     let request_url = "http://mozilla.com";
     let referrer_url = "http://username:password@someurl.com/some/path#fragment";
-    let referrer_policy = Some(ReferrerPolicy::OriginOnly);
+    let referrer_policy = Some(ReferrerPolicy::Origin);
     let expected_referrer = "http://someurl.com/";
 
     let origin_info = LoadOriginInfo {
@@ -1640,6 +1640,35 @@ fn test_referer_set_to_origin_with_originonly_policy() {
     assert_referer_header_matches(&origin_info, request_url, expected_referrer);
 }
 
+#[test]
+fn test_referer_set_to_ref_url_with_sameorigin_policy_same_orig() {
+    let request_url = "http://mozilla.com";
+    let referrer_url = "http://username:password@mozilla.com/some/path#fragment";
+    let referrer_policy = Some(ReferrerPolicy::SameOrigin);
+    let expected_referrer = "http://mozilla.com/some/path";
+
+    let origin_info = LoadOriginInfo {
+        referrer_url: referrer_url,
+        referrer_policy: referrer_policy
+    };
+
+    assert_referer_header_matches(&origin_info, request_url, expected_referrer);
+}
+
+#[test]
+fn test_no_referer_set_with_sameorigin_policy_cross_orig() {
+    let request_url = "http://mozilla.com";
+    let referrer_url = "http://username:password@someurl.com/some/path#fragment";
+    let referrer_policy = Some(ReferrerPolicy::SameOrigin);
+
+    let origin_info = LoadOriginInfo {
+        referrer_url: referrer_url,
+        referrer_policy: referrer_policy
+    };
+
+    assert_referer_header_not_included(&origin_info, request_url);
+}
+
 #[test]
 fn test_referer_set_to_stripped_url_with_unsafeurl_policy() {
     let request_url = "http://mozilla.com";
diff --git a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.ini b/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.ini
deleted file mode 100644
index 09982c167b9..00000000000
--- a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[cross-origin.keep-origin-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with keep-origin-redirect and when\n                                 the target request is cross-origin.]
-    expected: FAIL
-
diff --git a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.ini b/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.ini
deleted file mode 100644
index 06f86a7fee8..00000000000
--- a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[cross-origin.no-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with no-redirect and when\n                                 the target request is cross-origin.]
-    expected: FAIL
-
diff --git a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.ini b/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.ini
deleted file mode 100644
index acd189194c2..00000000000
--- a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[cross-origin.swap-origin-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with swap-origin-redirect and when\n                                 the target request is cross-origin.]
-    expected: FAIL
-
diff --git a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.ini b/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.ini
deleted file mode 100644
index 606aaca75c7..00000000000
--- a/tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[same-origin-insecure.swap-origin-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with swap-origin-redirect and when\n                                 the target request is same-origin.]
-    expected: FAIL
-