net: Add "origin" and "same-origin" referrer policies, replacing "origin-only".

components/msg/constellation_msg.rs

@@ -333,7 +333,8 @@ pub enum FrameType {
 pub enum ReferrerPolicy {
     NoReferrer,
     NoRefWhenDowngrade,
-    OriginOnly,
+    Origin,
+    SameOrigin,
     OriginWhenCrossOrigin,
     UnsafeUrl,
 }

components/net/http_loader.rs

@@ -458,7 +458,8 @@ pub fn determine_request_referrer(headers: &mut Headers,
         let cross_origin = ref_url.origin() != url.origin();
         return match referrer_policy {
             Some(ReferrerPolicy::NoReferrer) => None,
-            Some(ReferrerPolicy::OriginOnly) => strip_url(ref_url, true),
+            Some(ReferrerPolicy::Origin) => strip_url(ref_url, true),
+            Some(ReferrerPolicy::SameOrigin) => if cross_origin { None } else { strip_url(ref_url, false) },
             Some(ReferrerPolicy::UnsafeUrl) => strip_url(ref_url, false),
             Some(ReferrerPolicy::OriginWhenCrossOrigin) => strip_url(ref_url, cross_origin),
             Some(ReferrerPolicy::NoRefWhenDowngrade) | None => no_ref_when_downgrade_header(ref_url, url),

components/script/dom/document.rs

@@ -2818,7 +2818,8 @@ pub fn determine_policy_for_token(token: &str) -> Option<ReferrerPolicy> {
     return match lower.as_ref() {
         "never" | "no-referrer" => Some(ReferrerPolicy::NoReferrer),
         "default" | "no-referrer-when-downgrade" => Some(ReferrerPolicy::NoRefWhenDowngrade),
-        "origin" => Some(ReferrerPolicy::OriginOnly),
+        "origin" => Some(ReferrerPolicy::Origin),
+        "same-origin" => Some(ReferrerPolicy::SameOrigin),
         "origin-when-cross-origin" => Some(ReferrerPolicy::OriginWhenCrossOrigin),
         "always" | "unsafe-url" => Some(ReferrerPolicy::UnsafeUrl),
         "" => Some(ReferrerPolicy::NoReferrer),

tests/unit/net/http_loader.rs

@@ -1626,10 +1626,10 @@ fn assert_referer_header_not_included(origin_info: &LoadOrigin, request_url: &st
 }
 
 #[test]
-fn test_referer_set_to_origin_with_originonly_policy() {
+fn test_referer_set_to_origin_with_origin_policy() {
     let request_url = "http://mozilla.com";
     let referrer_url = "http://username:password@someurl.com/some/path#fragment";
-    let referrer_policy = Some(ReferrerPolicy::OriginOnly);
+    let referrer_policy = Some(ReferrerPolicy::Origin);
     let expected_referrer = "http://someurl.com/";
 
     let origin_info = LoadOriginInfo {
@@ -1640,6 +1640,35 @@ fn test_referer_set_to_origin_with_originonly_policy() {
     assert_referer_header_matches(&origin_info, request_url, expected_referrer);
 }
 
+#[test]
+fn test_referer_set_to_ref_url_with_sameorigin_policy_same_orig() {
+    let request_url = "http://mozilla.com";
+    let referrer_url = "http://username:password@mozilla.com/some/path#fragment";
+    let referrer_policy = Some(ReferrerPolicy::SameOrigin);
+    let expected_referrer = "http://mozilla.com/some/path";
+
+    let origin_info = LoadOriginInfo {
+        referrer_url: referrer_url,
+        referrer_policy: referrer_policy
+    };
+
+    assert_referer_header_matches(&origin_info, request_url, expected_referrer);
+}
+
+#[test]
+fn test_no_referer_set_with_sameorigin_policy_cross_orig() {
+    let request_url = "http://mozilla.com";
+    let referrer_url = "http://username:password@someurl.com/some/path#fragment";
+    let referrer_policy = Some(ReferrerPolicy::SameOrigin);
+
+    let origin_info = LoadOriginInfo {
+        referrer_url: referrer_url,
+        referrer_policy: referrer_policy
+    };
+
+    assert_referer_header_not_included(&origin_info, request_url);
+}
+
 #[test]
 fn test_referer_set_to_stripped_url_with_unsafeurl_policy() {
     let request_url = "http://mozilla.com";

tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.ini

@@ -1,5 +0,0 @@
-[cross-origin.keep-origin-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with keep-origin-redirect and when\n                                 the target request is cross-origin.]
-    expected: FAIL
-

tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.ini

@@ -1,5 +0,0 @@
-[cross-origin.no-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with no-redirect and when\n                                 the target request is cross-origin.]
-    expected: FAIL
-

tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.ini

@@ -1,5 +0,0 @@
-[cross-origin.swap-origin-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with swap-origin-redirect and when\n                                 the target request is cross-origin.]
-    expected: FAIL
-

tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.ini

@@ -1,5 +0,0 @@
-[same-origin-insecure.swap-origin-redirect.http.html]
-  type: testharness
-  [The referrer URL is omitted when a\n                                 document served over http requires an http\n                                 sub-resource via xhr-request using the meta-referrer\n                                 delivery method with swap-origin-redirect and when\n                                 the target request is same-origin.]
-    expected: FAIL
-