Allow appHistory entries that are cross-site-instance, censor the url of entries that are noreferrer

natechapin · chromium-wpt-export-bot · commit 5aefe7251d1f · 2021-12-16T14:37:06.000-08:00
While this allows appHistory entries (including URLs) to be sent across renderer processes on a BrowsingContextGroup switch, it still omits the URL in cases where a page has expressed that the URL may be sensitive and shouldn't be exposed (via ReferrerPolicy). This follows WICG/navigation-api#71 Fixed: 1280010 Change-Id: I07e7ff1376dd9eca34b4493a06a658f1b72da027
diff --git a/app-history/app-history-entry/entry-after-detach.html b/app-history/app-history-entry/entry-after-detach.html
@@ -7,12 +7,12 @@
   window.onload = t.step_func_done(() => {
     let i_entry = i.contentWindow.appHistory.current;
     assert_true(i_entry.sameDocument);
-    assert_not_equals(i_entry.url, "");
+    assert_not_equals(i_entry.url, null);
     assert_not_equals(i_entry.key, "");
     assert_not_equals(i_entry.id, "");
     i.remove();
     assert_false(i_entry.sameDocument);
-    assert_equals(i_entry.url, "");
+    assert_equals(i_entry.url, null);
     assert_equals(i_entry.key, "");
     assert_equals(i_entry.id, "");
   });
diff --git a/app-history/app-history-entry/no-referrer-dynamic-url-censored.html b/app-history/app-history-entry/no-referrer-dynamic-url-censored.html
@@ -0,0 +1,33 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<iframe id="i" src="/common/blank.html"></iframe>
+<script>
+promise_test(async (t) => {
+  // Wait for after the load event so that the navigation doesn't get converted
+  // into a replace navigation.
+  await new Promise(r => window.onload = () => t.step_timeout(r, 0));
+
+  // The entry for the first document has a visible url.
+  i.contentWindow.appHistory.navigate("/common/blank.html?2");
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  assert_not_equals(i.contentWindow.appHistory.entries()[0].url, null);
+
+  // Apply no-referrer, the url should now be censored when no longer on that document.
+  i.contentWindow.appHistory.back();
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  i.contentDocument.head.innerHTML = `<meta name="referrer" content="no-referrer">`;
+  assert_not_equals(i.contentWindow.appHistory.entries()[0].url, null);
+  i.contentWindow.appHistory.forward();
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  assert_equals(i.contentWindow.appHistory.entries()[0].url, null);
+
+  // Overwrite the referrer policy, the url should be visible again.
+  i.contentWindow.appHistory.back();
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  i.contentDocument.head.innerHTML = `<meta name="referrer" content="same-origin">`;
+  i.contentWindow.appHistory.forward();
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  assert_not_equals(i.contentWindow.appHistory.entries()[0].url, null);
+}, "The url of a document is censored by a no-referrer policy dynamically");
+</script>
diff --git a/app-history/app-history-entry/no-referrer-from-meta-url-censored.html b/app-history/app-history-entry/no-referrer-from-meta-url-censored.html
@@ -0,0 +1,32 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<iframe id="i" src="resources/no-referrer-meta.html"></iframe>
+<script>
+promise_test(async (t) => {
+  // Wait for after the load event so that the navigation doesn't get converted
+  // into a replace navigation.
+  await new Promise(r => window.onload = () => t.step_timeout(r, 0));
+
+  await i.contentWindow.appHistory.navigate("#hash");
+  assert_equals(i.contentWindow.appHistory.entries().length, 2);
+
+  // The entries for no-referrer.html should have the url censored.
+  i.contentWindow.appHistory.navigate("/common/blank.html");
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  assert_equals(i.contentWindow.appHistory.entries().length, 3);
+  assert_equals(i.contentWindow.appHistory.current.index, 2);
+  assert_equals(i.contentWindow.appHistory.entries()[0].url, null);
+  assert_equals(i.contentWindow.appHistory.entries()[1].url, null);
+
+  // Navigating back to no-referrer.html should uncensor the urls.
+  i.contentWindow.appHistory.back();
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  assert_equals(i.contentWindow.appHistory.entries().length, 3);
+  assert_equals(i.contentWindow.appHistory.current.index, 1);
+  assert_equals(new URL(i.contentWindow.appHistory.entries()[0].url).pathname,
+                "/app-history/app-history-entry/resources/no-referrer-meta.html");
+  assert_equals(new URL(i.contentWindow.appHistory.entries()[1].url).pathname,
+                "/app-history/app-history-entry/resources/no-referrer-meta.html");
+}, "The url of a document with no-referrer referrer meta tag is censored in AppHistoryEntry");
+</script>
diff --git a/app-history/app-history-entry/no-referrer-url-censored.html b/app-history/app-history-entry/no-referrer-url-censored.html
@@ -0,0 +1,32 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<iframe id="i" src="resources/no-referrer.html"></iframe>
+<script>
+promise_test(async (t) => {
+  // Wait for after the load event so that the navigation doesn't get converted
+  // into a replace navigation.
+  await new Promise(r => window.onload = () => t.step_timeout(r, 0));
+
+  await i.contentWindow.appHistory.navigate("#hash");
+  assert_equals(i.contentWindow.appHistory.entries().length, 2);
+
+  // The entries for no-referrer.html should have the url censored.
+  i.contentWindow.appHistory.navigate("/common/blank.html");
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  assert_equals(i.contentWindow.appHistory.entries().length, 3);
+  assert_equals(i.contentWindow.appHistory.current.index, 2);
+  assert_equals(i.contentWindow.appHistory.entries()[0].url, null);
+  assert_equals(i.contentWindow.appHistory.entries()[1].url, null);
+
+  // Navigating back to no-referrer.html should uncensor the urls.
+  i.contentWindow.appHistory.back();
+  await new Promise(r => i.onload = () => t.step_timeout(r, 0));
+  assert_equals(i.contentWindow.appHistory.entries().length, 3);
+  assert_equals(i.contentWindow.appHistory.current.index, 1);
+  assert_equals(new URL(i.contentWindow.appHistory.entries()[0].url).pathname,
+                "/app-history/app-history-entry/resources/no-referrer.html");
+  assert_equals(new URL(i.contentWindow.appHistory.entries()[1].url).pathname,
+                "/app-history/app-history-entry/resources/no-referrer.html");
+}, "The url of a document with no-referrer referrer policy is censored in AppHistoryEntry");
+</script>
diff --git a/app-history/app-history-entry/resources/no-referrer-meta.html b/app-history/app-history-entry/resources/no-referrer-meta.html
@@ -0,0 +1,2 @@
+<meta name="referrer" content="no-referrer">
+<body></body>
diff --git a/app-history/app-history-entry/resources/no-referrer.html b/app-history/app-history-entry/resources/no-referrer.html
@@ -0,0 +1 @@
+<body></body>
diff --git a/app-history/app-history-entry/resources/no-referrer.html.headers b/app-history/app-history-entry/resources/no-referrer.html.headers
@@ -0,0 +1 @@
+Referrer-Policy: no-referrer

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+<meta name="referrer" content="no-referrer">`
	`2`	`+<body></body>`