[WPT/common/security-features] Update spec.src.json for iframe-blank

Follow-up of https://chromium-review.googlesource.com/c/chromium/src/+/1788876. The spec validator requires `source_context_schema` to contain all supported source contexts, so this CL adds entries for `iframe-blank`, so that generators/validators successfully run. This CL keeps generated test files unchanged. Bug: 1001422 Change-Id: Ic49379a57503cd716badeb4655d64e2985e8916e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1889477Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/master@{#710691}

[WPT/common/security-features] Update spec.src.json for iframe-blank
Follow-up of https://chromium-review.googlesource.com/c/chromium/src/+/1788876. The spec validator requires `source_context_schema` to contain all supported source contexts, so this CL adds entries for `iframe-blank`, so that generators/validators successfully run. This CL keeps generated test files unchanged. Bug: 1001422 Change-Id: Ic49379a57503cd716badeb4655d64e2985e8916e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1889477Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/master@{#710691}
07819324 · Hiroshige Hayashizaki · Commit Bot · 8a59abfb · 07819324 · 07819324
Commit 07819324 authored Oct 30, 2019 by Hiroshige Hayashizaki Committed by Commit Bot Oct 30, 2019
4 changed files
--- a/third_party/blink/web_tests/external/wpt/mixed-content/spec.src.json
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/spec.src.json
@@ -240,6 +240,9 @@
        "http-rp",
        "meta"
      ],
+      "iframe-blank": [
+        "meta"
+      ],
      "srcdoc": [
        "meta"
      ],
@@ -255,6 +258,7 @@
    "supported_subresource": {
      "top": "*",
      "iframe": "*",
+      "iframe-blank": "*",
      "srcdoc": "*",
      "worker-classic": [
        "xhr",

--- a/third_party/blink/web_tests/external/wpt/mixed-content/spec_json.js
+++ b/third_party/blink/web_tests/external/wpt/mixed-content/spec_json.js
-var SPEC_JSON = {"subresource_schema": {"supported_delivery_type": {"picture-tag": [], "worklet-layout": [], "worklet-paint": [], "img-tag": [], "a-tag": [], "worklet-layout-import-data": [], "worklet-audio-import-data": [], "worklet-animation": [], "websocket": [], "worklet-paint-import-data": [], "video-tag": [], "object-tag": [], "worklet-audio": [], "beacon": [], "worker-module": [], "worker-import-data": [], "script-tag": [], "worklet-animation-import-data": [], "link-css-tag": [], "xhr": [], "worker-classic": [], "link-prefetch-tag": [], "audio-tag": [], "fetch": []}}, "excluded_tests": [{"delivery_value": null, "origin": "*", "delivery_type": "http-rp", "name": "Skip-redundant-no-opt-in", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "Redundant-subresources", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag"], "optionally-blockable": []}}, {"delivery_value": "*", "origin": ["same-https", "same-http", "cross-https", "cross-http"], "delivery_type": "*", "name": "Skip-origins-not-applicable-to-websockets", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": ["websocket"], "optionally-blockable": []}}, {"delivery_value": "opt-in", "origin": "*", "delivery_type": "meta", "name": "Skip-redundant-for-opt-in-method", "expectation": "*", "expansion": "*", "redirection": ["keep-scheme", "swap-scheme"], "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}], "specification": [{"test_expansion": [{"delivery_value": "opt-in", "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "opt-in-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"delivery_value": null, "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "no-opt-in-allows", "expectation": "allowed", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"delivery_value": "opt-in", "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "opt-in-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"delivery_value": null, "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "no-opt-in-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"delivery_value": "*", "origin": ["cross-ws", "same-ws"], "delivery_type": "*", "name": "ws-downgrade-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "websocket", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"delivery_value": "*", "origin": ["same-https"], "delivery_type": "*", "name": "allowed", "expectation": "allowed", "expansion": "default", "redirection": ["no-redirect", "keep-scheme"], "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"delivery_value": "*", "origin": ["same-wss"], "delivery_type": "*", "name": "websocket-allowed", "expectation": "allowed", "expansion": "default", "redirection": ["no-redirect", "keep-scheme"], "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "websocket", "optionally-blockable": []}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "test_expansion_schema": {"delivery_value": [null, "opt-in"], "origin": ["same-https", "same-http", "cross-https", "cross-http", "same-wss", "same-ws", "cross-wss", "cross-ws"], "delivery_type": ["http-rp", "meta"], "subresource": {"blockable": ["script-tag", "link-css-tag", "xhr", "worker-classic", "worker-module", "worker-import-data", "worklet-animation", "worklet-audio", "worklet-layout", "worklet-paint", "worklet-animation-import-data", "worklet-audio-import-data", "worklet-layout-import-data", "worklet-paint-import-data", "fetch", "a-tag", "object-tag", "picture-tag", "websocket", "link-prefetch-tag", "beacon"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag"]}, "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme", "swap-scheme"], "source_context_list": ["top", "worker-classic-data", "worker-module-data"], "source_scheme": ["http", "https"]}, "source_context_list_schema": {"worker-classic-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}]}, "top": {"subresourcePolicyDeliveries": [], "description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}]}, "worker-module-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}]}}, "delivery_key": "mixedContent", "source_context_schema": {"supported_delivery_type": {"iframe": ["http-rp", "meta"], "worker-module-data": [], "worker-classic-data": [], "top": ["http-rp", "meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "srcdoc": ["meta"]}, "supported_subresource": {"iframe": "*", "worker-module-data": ["xhr", "fetch", "websocket"], "worker-classic-data": ["xhr", "fetch", "websocket"], "top": "*", "worker-classic": ["xhr", "fetch", "websocket"], "worker-module": ["xhr", "fetch", "websocket"], "srcdoc": "*"}}};
+var SPEC_JSON = {"subresource_schema": {"supported_delivery_type": {"picture-tag": [], "worklet-layout": [], "worklet-paint": [], "img-tag": [], "a-tag": [], "worklet-layout-import-data": [], "worklet-audio-import-data": [], "worklet-animation": [], "websocket": [], "worklet-paint-import-data": [], "video-tag": [], "object-tag": [], "worklet-audio": [], "beacon": [], "worker-module": [], "worker-import-data": [], "script-tag": [], "worklet-animation-import-data": [], "link-css-tag": [], "xhr": [], "worker-classic": [], "link-prefetch-tag": [], "audio-tag": [], "fetch": []}}, "excluded_tests": [{"delivery_value": null, "origin": "*", "delivery_type": "http-rp", "name": "Skip-redundant-no-opt-in", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "Redundant-subresources", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag"], "optionally-blockable": []}}, {"delivery_value": "*", "origin": ["same-https", "same-http", "cross-https", "cross-http"], "delivery_type": "*", "name": "Skip-origins-not-applicable-to-websockets", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": ["websocket"], "optionally-blockable": []}}, {"delivery_value": "opt-in", "origin": "*", "delivery_type": "meta", "name": "Skip-redundant-for-opt-in-method", "expectation": "*", "expansion": "*", "redirection": ["keep-scheme", "swap-scheme"], "source_context_list": "*", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}], "specification": [{"test_expansion": [{"delivery_value": "opt-in", "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "opt-in-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"delivery_value": null, "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "no-opt-in-allows", "expectation": "allowed", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"delivery_value": "opt-in", "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "opt-in-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"delivery_value": null, "origin": ["cross-http", "same-http"], "delivery_type": "*", "name": "no-opt-in-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"delivery_value": "*", "origin": ["cross-ws", "same-ws"], "delivery_type": "*", "name": "ws-downgrade-blocks", "expectation": "blocked", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "websocket", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"delivery_value": "*", "origin": ["same-https"], "delivery_type": "*", "name": "allowed", "expectation": "allowed", "expansion": "default", "redirection": ["no-redirect", "keep-scheme"], "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"delivery_value": "*", "origin": ["same-wss"], "delivery_type": "*", "name": "websocket-allowed", "expectation": "allowed", "expansion": "default", "redirection": ["no-redirect", "keep-scheme"], "source_context_list": "*", "source_scheme": "https", "subresource": {"blockable": "websocket", "optionally-blockable": []}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "test_expansion_schema": {"delivery_value": [null, "opt-in"], "origin": ["same-https", "same-http", "cross-https", "cross-http", "same-wss", "same-ws", "cross-wss", "cross-ws"], "delivery_type": ["http-rp", "meta"], "subresource": {"blockable": ["script-tag", "link-css-tag", "xhr", "worker-classic", "worker-module", "worker-import-data", "worklet-animation", "worklet-audio", "worklet-layout", "worklet-paint", "worklet-animation-import-data", "worklet-audio-import-data", "worklet-layout-import-data", "worklet-paint-import-data", "fetch", "a-tag", "object-tag", "picture-tag", "websocket", "link-prefetch-tag", "beacon"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag"]}, "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme", "swap-scheme"], "source_context_list": ["top", "worker-classic-data", "worker-module-data"], "source_scheme": ["http", "https"]}, "source_context_list_schema": {"worker-classic-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}]}, "top": {"subresourcePolicyDeliveries": [], "description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}]}, "worker-module-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}]}}, "delivery_key": "mixedContent", "source_context_schema": {"supported_delivery_type": {"iframe": ["http-rp", "meta"], "worker-module-data": [], "worker-classic-data": [], "top": ["http-rp", "meta"], "worker-classic": ["http-rp"], "iframe-blank": ["meta"], "worker-module": ["http-rp"], "srcdoc": ["meta"]}, "supported_subresource": {"iframe": "*", "worker-module-data": ["xhr", "fetch", "websocket"], "worker-classic-data": ["xhr", "fetch", "websocket"], "top": "*", "worker-classic": ["xhr", "fetch", "websocket"], "iframe-blank": "*", "worker-module": ["xhr", "fetch", "websocket"], "srcdoc": "*"}}};
--- a/third_party/blink/web_tests/external/wpt/referrer-policy/spec.src.json
+++ b/third_party/blink/web_tests/external/wpt/referrer-policy/spec.src.json
@@ -668,6 +668,9 @@
        "meta",
        "http-rp"
      ],
+      "iframe-blank": [
+        "meta"
+      ],
      "srcdoc": [
        "meta"
      ],
@@ -683,6 +686,7 @@
    "supported_subresource": {
      "top": "*",
      "iframe": "*",
+      "iframe-blank": "*",
      "srcdoc": "*",
      "worker-classic": [
        "xhr",

--- a/third_party/blink/web_tests/external/wpt/referrer-policy/spec_json.js
+++ b/third_party/blink/web_tests/external/wpt/referrer-policy/spec_json.js
-var SPEC_JSON = {"subresource_schema": {"supported_delivery_type": {"img-tag": ["attr"], "sharedworker-classic": [], "xhr": [], "a-tag": ["attr", "rel-noref"], "area-tag": ["attr"], "iframe-tag": ["attr"], "worker-module": [], "script-tag": ["attr"], "fetch": [], "worker-classic": []}}, "excluded_tests": [{"delivery_value": "*", "origin": ["cross-http", "cross-https"], "delivery_type": "*", "name": "cross-origin-workers", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic"]}, {"delivery_value": "*", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgraded-protocol-workers", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": ["worker-classic", "worker-module", "sharedworker-classic"]}, {"delivery_value": "*", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "mixed-content-insecure-subresources", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "area-tag", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "area-tag"}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "worker-requests-with-swap-origin-redirect", "expectation": "*", "expansion": "*", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic"]}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "overhead-for-redirection", "expectation": "*", "expansion": "*", "redirection": ["keep-origin", "swap-origin"], "source_context_list": "*", "source_scheme": "*", "subresource": ["a-tag", "area-tag"]}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "source-https-unsupported-by-web-platform-tests-runners", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": [null, "no-referrer-when-downgrade", "same-origin", "origin", "origin-when-cross-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url"], "origin": "*", "delivery_type": "rel-noref", "name": "<link rel=noreferrer>'s delivery_value should be no-referrer", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "specification": [{"test_expansion": [{"delivery_value": null, "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "insecure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": null, "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": null, "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": null, "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "secure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policies", "name": "unset-referrer-policy", "title": "Referrer Policy is not explicitly defined"}, {"test_expansion": [{"delivery_value": "no-referrer", "origin": "*", "delivery_type": "*", "name": "generic", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that sub-resource never gets the referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer", "name": "no-referrer", "title": "Referrer Policy is set to 'no-referrer'"}, {"test_expansion": [{"delivery_value": "no-referrer-when-downgrade", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "insecure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "no-referrer-when-downgrade", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "no-referrer-when-downgrade", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "no-referrer-when-downgrade", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "secure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade", "name": "no-referrer-when-downgrade", "title": "Referrer Policy is set to 'no-referrer-when-downgrade'"}, {"test_expansion": [{"delivery_value": "origin", "origin": "*", "delivery_type": "*", "name": "generic", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that all subresources in all casses get only the origin portion of the referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin", "name": "origin", "title": "Referrer Policy is set to 'origin'"}, {"test_expansion": [{"delivery_value": "same-origin", "origin": "same-http", "delivery_type": "*", "name": "same-origin-insecure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "same-origin", "origin": "same-https", "delivery_type": "*", "name": "same-origin-secure-default", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "same-origin", "origin": ["same-http", "same-https"], "delivery_type": "*", "name": "same-origin-insecure", "expectation": "omitted", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}, {"delivery_value": "same-origin", "origin": ["cross-http", "cross-https"], "delivery_type": "*", "name": "cross-origin", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin", "name": "same-origin", "title": "Referrer Policy is set to 'same-origin'"}, {"test_expansion": [{"delivery_value": "origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-origin-insecure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-origin-secure-default", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-origin-upgrade", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-origin-downgrade", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": ["same-http", "same-https"], "delivery_type": "*", "name": "same-origin-insecure", "expectation": "origin", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": ["cross-http", "cross-https"], "delivery_type": "*", "name": "cross-origin", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin", "name": "origin-when-cross-origin", "title": "Referrer Policy is set to 'origin-when-cross-origin'"}, {"test_expansion": [{"delivery_value": "strict-origin", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "insecure-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "secure-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin", "name": "strict-origin", "title": "Referrer Policy is set to 'strict-origin'"}, {"test_expansion": [{"delivery_value": "strict-origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-insecure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-insecure", "expectation": "origin", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "cross-http", "delivery_type": "*", "name": "cross-insecure", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-secure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-secure", "expectation": "origin", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "cross-https", "delivery_type": "*", "name": "cross-secure", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin", "name": "strict-origin-when-cross-origin", "title": "Referrer Policy is set to 'strict-origin-when-cross-origin'"}, {"test_expansion": [{"delivery_value": "unsafe-url", "origin": "*", "delivery_type": "*", "name": "generic", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that all sub-resources get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url", "name": "unsafe-url", "title": "Referrer Policy is set to 'unsafe-url'"}], "test_expansion_schema": {"delivery_value": [null, "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "origin-when-cross-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url"], "origin": ["same-http", "same-https", "cross-http", "cross-https"], "delivery_type": ["attr", "rel-noref", "http-rp", "meta"], "subresource": ["iframe-tag", "img-tag", "script-tag", "a-tag", "area-tag", "xhr", "worker-classic", "worker-module", "sharedworker-classic", "fetch"], "expectation": ["omitted", "origin", "stripped-referrer"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-origin", "swap-origin"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "worker-classic", "worker-classic-data", "worker-module", "worker-module-data"], "source_scheme": ["http", "https"]}, "source_context_list_schema": {"srcdoc-inherit": {"subresourcePolicyDeliveries": [], "description": "srcdoc iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}]}, "worker-module": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}]}, "worker-module-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": ["policy"]}]}, "worker-classic-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": ["policy"]}]}, "top": {"subresourcePolicyDeliveries": [], "description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}]}, "req": {"subresourcePolicyDeliveries": ["nonNullPolicy"], "description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}]}, "worker-classic": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}]}, "iframe": {"subresourcePolicyDeliveries": [], "description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}]}, "srcdoc": {"subresourcePolicyDeliveries": [], "description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}]}}, "delivery_key": "referrerPolicy", "source_context_schema": {"supported_delivery_type": {"iframe": ["meta", "http-rp"], "worker-module-data": [], "worker-classic-data": [], "top": ["meta", "http-rp"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "srcdoc": ["meta"]}, "supported_subresource": {"iframe": "*", "worker-module-data": ["xhr", "fetch"], "worker-classic-data": ["xhr", "fetch"], "top": "*", "worker-classic": ["xhr", "fetch", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "worker-classic", "worker-module"], "srcdoc": "*"}}};
+var SPEC_JSON = {"subresource_schema": {"supported_delivery_type": {"img-tag": ["attr"], "sharedworker-classic": [], "xhr": [], "a-tag": ["attr", "rel-noref"], "area-tag": ["attr"], "iframe-tag": ["attr"], "worker-module": [], "script-tag": ["attr"], "fetch": [], "worker-classic": []}}, "excluded_tests": [{"delivery_value": "*", "origin": ["cross-http", "cross-https"], "delivery_type": "*", "name": "cross-origin-workers", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic"]}, {"delivery_value": "*", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgraded-protocol-workers", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": ["worker-classic", "worker-module", "sharedworker-classic"]}, {"delivery_value": "*", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "mixed-content-insecure-subresources", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "area-tag", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "area-tag"}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "worker-requests-with-swap-origin-redirect", "expectation": "*", "expansion": "*", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic"]}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "overhead-for-redirection", "expectation": "*", "expansion": "*", "redirection": ["keep-origin", "swap-origin"], "source_context_list": "*", "source_scheme": "*", "subresource": ["a-tag", "area-tag"]}, {"delivery_value": "*", "origin": "*", "delivery_type": "*", "name": "source-https-unsupported-by-web-platform-tests-runners", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": [null, "no-referrer-when-downgrade", "same-origin", "origin", "origin-when-cross-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url"], "origin": "*", "delivery_type": "rel-noref", "name": "<link rel=noreferrer>'s delivery_value should be no-referrer", "expectation": "*", "expansion": "*", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "specification": [{"test_expansion": [{"delivery_value": null, "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "insecure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": null, "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": null, "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": null, "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "secure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policies", "name": "unset-referrer-policy", "title": "Referrer Policy is not explicitly defined"}, {"test_expansion": [{"delivery_value": "no-referrer", "origin": "*", "delivery_type": "*", "name": "generic", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that sub-resource never gets the referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer", "name": "no-referrer", "title": "Referrer Policy is set to 'no-referrer'"}, {"test_expansion": [{"delivery_value": "no-referrer-when-downgrade", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "insecure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "no-referrer-when-downgrade", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "no-referrer-when-downgrade", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "no-referrer-when-downgrade", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "secure-protocol", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade", "name": "no-referrer-when-downgrade", "title": "Referrer Policy is set to 'no-referrer-when-downgrade'"}, {"test_expansion": [{"delivery_value": "origin", "origin": "*", "delivery_type": "*", "name": "generic", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that all subresources in all casses get only the origin portion of the referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin", "name": "origin", "title": "Referrer Policy is set to 'origin'"}, {"test_expansion": [{"delivery_value": "same-origin", "origin": "same-http", "delivery_type": "*", "name": "same-origin-insecure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "same-origin", "origin": "same-https", "delivery_type": "*", "name": "same-origin-secure-default", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "same-origin", "origin": ["same-http", "same-https"], "delivery_type": "*", "name": "same-origin-insecure", "expectation": "omitted", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}, {"delivery_value": "same-origin", "origin": ["cross-http", "cross-https"], "delivery_type": "*", "name": "cross-origin", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin", "name": "same-origin", "title": "Referrer Policy is set to 'same-origin'"}, {"test_expansion": [{"delivery_value": "origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-origin-insecure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-origin-secure-default", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-origin-upgrade", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-origin-downgrade", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": ["same-http", "same-https"], "delivery_type": "*", "name": "same-origin-insecure", "expectation": "origin", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}, {"delivery_value": "origin-when-cross-origin", "origin": ["cross-http", "cross-https"], "delivery_type": "*", "name": "cross-origin", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin", "name": "origin-when-cross-origin", "title": "Referrer Policy is set to 'origin-when-cross-origin'"}, {"test_expansion": [{"delivery_value": "strict-origin", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "insecure-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "secure-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin", "name": "strict-origin", "title": "Referrer Policy is set to 'strict-origin'"}, {"test_expansion": [{"delivery_value": "strict-origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-insecure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "same-http", "delivery_type": "*", "name": "same-insecure", "expectation": "origin", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "cross-http", "delivery_type": "*", "name": "cross-insecure", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": ["same-https", "cross-https"], "delivery_type": "*", "name": "upgrade-protocol", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "http", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": ["same-http", "cross-http"], "delivery_type": "*", "name": "downgrade-protocol", "expectation": "omitted", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-secure", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "same-https", "delivery_type": "*", "name": "same-secure", "expectation": "origin", "expansion": "override", "redirection": "swap-origin", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}, {"delivery_value": "strict-origin-when-cross-origin", "origin": "cross-https", "delivery_type": "*", "name": "cross-secure", "expectation": "origin", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "https", "subresource": "*"}], "description": "Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin", "name": "strict-origin-when-cross-origin", "title": "Referrer Policy is set to 'strict-origin-when-cross-origin'"}, {"test_expansion": [{"delivery_value": "unsafe-url", "origin": "*", "delivery_type": "*", "name": "generic", "expectation": "stripped-referrer", "expansion": "default", "redirection": "*", "source_context_list": "*", "source_scheme": "*", "subresource": "*"}], "description": "Check that all sub-resources get the stripped referrer URL.", "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url", "name": "unsafe-url", "title": "Referrer Policy is set to 'unsafe-url'"}], "test_expansion_schema": {"delivery_value": [null, "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "origin-when-cross-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url"], "origin": ["same-http", "same-https", "cross-http", "cross-https"], "delivery_type": ["attr", "rel-noref", "http-rp", "meta"], "subresource": ["iframe-tag", "img-tag", "script-tag", "a-tag", "area-tag", "xhr", "worker-classic", "worker-module", "sharedworker-classic", "fetch"], "expectation": ["omitted", "origin", "stripped-referrer"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-origin", "swap-origin"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "worker-classic", "worker-classic-data", "worker-module", "worker-module-data"], "source_scheme": ["http", "https"]}, "source_context_list_schema": {"srcdoc-inherit": {"subresourcePolicyDeliveries": [], "description": "srcdoc iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}]}, "worker-module": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}]}, "worker-module-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": ["policy"]}]}, "worker-classic-data": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": ["policy"]}]}, "top": {"subresourcePolicyDeliveries": [], "description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}]}, "req": {"subresourcePolicyDeliveries": ["nonNullPolicy"], "description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}]}, "worker-classic": {"subresourcePolicyDeliveries": [], "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}]}, "iframe": {"subresourcePolicyDeliveries": [], "description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}]}, "srcdoc": {"subresourcePolicyDeliveries": [], "description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}]}}, "delivery_key": "referrerPolicy", "source_context_schema": {"supported_delivery_type": {"iframe": ["meta", "http-rp"], "worker-module-data": [], "worker-classic-data": [], "top": ["meta", "http-rp"], "worker-classic": ["http-rp"], "iframe-blank": ["meta"], "worker-module": ["http-rp"], "srcdoc": ["meta"]}, "supported_subresource": {"iframe": "*", "worker-module-data": ["xhr", "fetch"], "worker-classic-data": ["xhr", "fetch"], "top": "*", "worker-classic": ["xhr", "fetch", "worker-classic", "worker-module"], "iframe-blank": "*", "worker-module": ["xhr", "fetch", "worker-classic", "worker-module"], "srcdoc": "*"}}};