Don't reject same site prefetches with no-referrer

The referring URL as computed by the referrer policy for the prefetch request was incorrectly being used to determine whether a prefetch was cross site. This value is only meant to be used for the prefetch request. The omission of the URL made it look like a cross site prefetch, so the cookie eligibility check was applied. We now use the initiating origin to determine whether a prefetch is cross site. Bug: 1524338 Change-Id: Id154effae55c539fff7cd733327fc9029c53b03a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5263133 Commit-Queue: Kevin McNee <[email protected]> Reviewed-by: Liviu Tinta <[email protected]> Cr-Commit-Position: refs/heads/main@{#1256905}
web-platform-tests · Feb 6, 2024 · 1120ba9 · 1120ba9
1 parent aeff916
commit 1120ba9
Showing 1 changed file with 36 additions and 1 deletion.
diff --git a/speculation-rules/prefetch/same-origin-cookies.https.html b/speculation-rules/prefetch/same-origin-cookies.https.html
@@ -5,13 +5,19 @@
 <script src="/resources/testdriver.js"></script>
 <script src='/resources/testdriver-vendor.js'></script>
 <script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/subset-tests.js"></script>
 <script src="/common/utils.js"></script>
 <script src="../resources/utils.js"></script>
 <script src="resources/utils.sub.js"></script>
+
+<!--Split test cases due to the use of timeouts in speculation rules test utilities.-->
+<meta name="variant" content="?1-1">
+<meta name="variant" content="?2-last">
+
 <script>
   setup(() => assertSpeculationRulesIsSupported());
 
-  promise_test(async t => {
+  subsetTest(promise_test, async t => {
     await test_driver.delete_all_cookies();
 
     let executor = 'cookies.py';
@@ -36,4 +42,33 @@
 
     assert_prefetched(await agent.getRequestHeaders());
   }, "speculation rules based prefetch should use cookies for same origin urls.");
+
+  // Regression test for https://crbug.com/1524338
+  subsetTest(promise_test, async t => {
+    await test_driver.delete_all_cookies();
+
+    let executor = 'cookies.py';
+    let agent = await spawnWindow(t, { executor });
+    let response_cookies = await agent.getResponseCookies();
+    let request_cookies = await agent.getRequestCookies();
+    assert_equals(request_cookies["count"], undefined);
+    assert_equals(request_cookies["type"], undefined);
+    assert_equals(response_cookies["count"], "1");
+    assert_equals(response_cookies["type"], "navigate");
+
+    await agent.setReferrerPolicy("no-referrer");
+
+    let nextUrl = agent.getExecutorURL({ executor, page: 2 });
+    await agent.forceSinglePrefetch(nextUrl);
+    await agent.navigate(nextUrl);
+
+    response_cookies = await agent.getResponseCookies();
+    request_cookies = await agent.getRequestCookies();
+    assert_equals(request_cookies["count"], "1");
+    assert_equals(request_cookies["type"], "navigate");
+    assert_equals(response_cookies["count"], "2");
+    assert_equals(response_cookies["type"], "prefetch");
+
+    assert_prefetched(await agent.getRequestHeaders());
+  }, "same origin prefetch with no referrer works when cookies are present.");
 </script>