mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1685570 Backed out changeset 92d71744323a r=necko-reviewers,kershaw 

Differential Revision: https://phabricator.services.mozilla.com/D107670
This commit is contained in:
Sebastian Streich 2021-03-10 15:15:24 +00:00
Родитель d81ec85207
Коммит 239f9451dc
10 изменённых файлов: 89 добавлений и 210 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
browser/components/search/test/browser/mozsearch.sjs
Просмотреть файл

@ -2,8 +2,8 @@
* http://creativecommons.org/publicdomain/zero/1.0/ */ * http://creativecommons.org/publicdomain/zero/1.0/ */
function handleRequest(req, resp) { function handleRequest(req, resp) {
resp.setHeader("Content-Type", "text/html; charset=UTF-8", false); resp.setHeader("Content-Type", "text/html", false);
if (req.hasHeader("Origin") && req.getHeader("Origin") != "null") { if (req.hasHeader("Origin")) {
resp.write("error"); resp.write("error");
return; return;
} }

1
dom/fetch/FetchDriver.cpp
Просмотреть файл

@ -1569,6 +1569,7 @@ void FetchDriver::SetRequestHeaders(nsIHttpChannel* aChannel,
MOZ_ASSERT(NS_SUCCEEDED(rv)); MOZ_ASSERT(NS_SUCCEEDED(rv));
} }
} }
nsAutoCString method; nsAutoCString method;
mRequest->GetMethod(method); mRequest->GetMethod(method);
if (!method.EqualsLiteral("GET") && !method.EqualsLiteral("HEAD")) { if (!method.EqualsLiteral("GET") && !method.EqualsLiteral("HEAD")) {

66
dom/security/ReferrerInfo.cpp
Просмотреть файл

@ -52,42 +52,6 @@ NS_IMPL_ISUPPORTS_CI(ReferrerInfo, nsIReferrerInfo, nsISerializable)
#define MIN_CROSS_ORIGIN_SENDING_POLICY 0 #define MIN_CROSS_ORIGIN_SENDING_POLICY 0
#define MIN_TRIMMING_POLICY 0 #define MIN_TRIMMING_POLICY 0
/*
* Default referrer policy to use
*/
enum DefaultReferrerPolicy : uint32_t {
eDefaultPolicyNoReferrer = 0,
eDefaultPolicySameOrgin = 1,
eDefaultPolicyStrictWhenXorigin = 2,
eDefaultPolicyNoReferrerWhenDownGrade = 3,
};
static uint32_t GetDefaultFirstPartyReferrerPolicyPref(bool privateBrowsing) {
return privateBrowsing
? StaticPrefs::network_http_referer_defaultPolicy_pbmode()
: StaticPrefs::network_http_referer_defaultPolicy();
}
static uint32_t GetDefaultThirdPartyReferrerPolicyPref(bool privateBrowsing) {
return privateBrowsing
? StaticPrefs::network_http_referer_defaultPolicy_trackers_pbmode()
: StaticPrefs::network_http_referer_defaultPolicy_trackers();
}
static ReferrerPolicy DefaultReferrerPolicyToReferrerPolicy(
uint32_t defaultToUse) {
switch (defaultToUse) {
case DefaultReferrerPolicy::eDefaultPolicyNoReferrer:
return ReferrerPolicy::No_referrer;
case DefaultReferrerPolicy::eDefaultPolicySameOrgin:
return ReferrerPolicy::Same_origin;
case DefaultReferrerPolicy::eDefaultPolicyNoReferrerWhenDownGrade:
return ReferrerPolicy::No_referrer_when_downgrade;
}
return ReferrerPolicy::Strict_origin_when_cross_origin;
}
struct LegacyReferrerPolicyTokenMap { struct LegacyReferrerPolicyTokenMap {
const char* mToken; const char* mToken;
ReferrerPolicy mPolicy; ReferrerPolicy mPolicy;
@ -253,10 +217,32 @@ ReferrerPolicy ReferrerInfo::GetDefaultReferrerPolicy(nsIHttpChannel* aChannel,
} }
} }
return DefaultReferrerPolicyToReferrerPolicy( uint32_t defaultToUse;
thirdPartyTrackerIsolated if (thirdPartyTrackerIsolated) {
? GetDefaultThirdPartyReferrerPolicyPref(privateBrowsing) if (privateBrowsing) {
: GetDefaultFirstPartyReferrerPolicyPref(privateBrowsing)); defaultToUse =
StaticPrefs::network_http_referer_defaultPolicy_trackers_pbmode();
} else {
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy_trackers();
}
} else {
if (privateBrowsing) {
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy_pbmode();
} else {
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy();
}
}
switch (defaultToUse) {
case DefaultReferrerPolicy::eDefaultPolicyNoReferrer:
return ReferrerPolicy::No_referrer;
case DefaultReferrerPolicy::eDefaultPolicySameOrgin:
return ReferrerPolicy::Same_origin;
case DefaultReferrerPolicy::eDefaultPolicyStrictWhenXorigin:
return ReferrerPolicy::Strict_origin_when_cross_origin;
}
return ReferrerPolicy::No_referrer_when_downgrade;
} }
/* static */ /* static */

21
dom/security/ReferrerInfo.h
Просмотреть файл

@ -219,16 +219,7 @@ class ReferrerInfo : public nsIReferrerInfo {
*/ */
static ReferrerPolicyEnum GetDefaultReferrerPolicy( static ReferrerPolicyEnum GetDefaultReferrerPolicy(
nsIHttpChannel* aChannel = nullptr, nsIURI* aURI = nullptr, nsIHttpChannel* aChannel = nullptr, nsIURI* aURI = nullptr,
bool aPrivateBrowsing = false); bool privateBrowsing = false);
/**
* Return default referrer policy for third party which is controlled by user
* prefs:
* network.http.referer.defaultPolicy.trackers for regular mode
* network.http.referer.defaultPolicy.trackers.pbmode for private mode
*/
static ReferrerPolicyEnum GetDefaultThirdPartyReferrerPolicy(
bool aPrivateBrowsing = false);
/* /*
* Helper function to parse ReferrerPolicy from meta tag referrer content. * Helper function to parse ReferrerPolicy from meta tag referrer content.
@ -284,6 +275,16 @@ class ReferrerInfo : public nsIReferrerInfo {
ReferrerInfo(const ReferrerInfo& rhs); ReferrerInfo(const ReferrerInfo& rhs);
/*
* Default referrer policy to use
*/
enum DefaultReferrerPolicy : uint32_t {
eDefaultPolicyNoReferrer = 0,
eDefaultPolicySameOrgin = 1,
eDefaultPolicyStrictWhenXorigin = 2,
eDefaultPolicyNoReferrerWhenDownGrade = 3,
};
/* /*
* Trimming policy when compute referrer, indicate how much information in the * Trimming policy when compute referrer, indicate how much information in the
* referrer will be sent. Order matters here. * referrer will be sent. Order matters here.

37
netwerk/protocol/http/HttpBaseChannel.cpp
Просмотреть файл

@ -4290,9 +4290,6 @@ nsresult HttpBaseChannel::SetupReplacementChannel(nsIURI* newURI,
CallQueryInterface(newChannel, realChannel.StartAssignment()); CallQueryInterface(newChannel, realChannel.StartAssignment());
if (realChannel) { if (realChannel) {
realChannel->SetTopWindowURI(mTopWindowURI); realChannel->SetTopWindowURI(mTopWindowURI);
realChannel->StoreTaintedOriginFlag(
ShouldTaintReplacementChannelOrigin(newURI));
} }
// update the DocumentURI indicator since we are being redirected. // update the DocumentURI indicator since we are being redirected.
@ -4375,40 +4372,6 @@ nsresult HttpBaseChannel::SetupReplacementChannel(nsIURI* newURI,
return NS_OK; return NS_OK;
} }
bool HttpBaseChannel::ShouldTaintReplacementChannelOrigin(nsIURI* aNewURI) {
if (LoadTaintedOriginFlag()) {
return true;
}
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
if (!ssm) {
return true;
}
bool isPrivateWin = mLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
nsresult rv = ssm->CheckSameOriginURI(aNewURI, mURI, false, isPrivateWin);
if (NS_SUCCEEDED(rv)) {
return false;
}
// If aNewURI <-> mURI are not same-origin we need to taint unless
// mURI <-> mOriginalURI/LoadingPrincipal are same origin.
if (mLoadInfo->GetLoadingPrincipal()) {
bool sameOrigin = false;
rv = mLoadInfo->GetLoadingPrincipal()->IsSameOrigin(mURI, isPrivateWin,
&sameOrigin);
if (NS_FAILED(rv)) {
return true;
}
return !sameOrigin;
}
if (!mOriginalURI) {
return true;
}
rv = ssm->CheckSameOriginURI(mOriginalURI, mURI, false, isPrivateWin);
return NS_FAILED(rv);
}
// Redirect Tracking // Redirect Tracking
bool HttpBaseChannel::SameOriginWithOriginalUri(nsIURI* aURI) { bool HttpBaseChannel::SameOriginWithOriginalUri(nsIURI* aURI) {
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager(); nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();

64
netwerk/protocol/http/nsHttpChannel.cpp
Просмотреть файл

@ -9379,34 +9379,16 @@ void nsHttpChannel::SetOriginHeader() {
if (mRequestHead.IsGet() || mRequestHead.IsHead()) { if (mRequestHead.IsGet() || mRequestHead.IsHead()) {
return; return;
} }
if (mLoadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
// Do not set origin header for system principal contexts:
return;
}
nsresult rv; nsresult rv;
nsAutoCString existingHeader; nsAutoCString existingHeader;
Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader); Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader);
if (!existingHeader.IsEmpty()) { if (!existingHeader.IsEmpty()) {
LOG(("nsHttpChannel::SetOriginHeader Origin header already present")); LOG(("nsHttpChannel::SetOriginHeader Origin header already present"));
// In case we already have an Origin header, check with referrerInfo nsCOMPtr<nsIURI> uri;
// if we should "null" it. rv = NS_NewURI(getter_AddRefs(uri), existingHeader);
Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader); if (NS_SUCCEEDED(rv) &&
auto const shouldNullifyOriginHeader = ReferrerInfo::ShouldSetNullOriginHeader(this, uri)) {
[&existingHeader](nsHttpChannel* self) {
if (self->LoadTaintedOriginFlag()) {
return true;
}
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), existingHeader);
if (NS_FAILED(rv)) {
return false;
}
return ReferrerInfo::ShouldSetNullOriginHeader(self, uri);
};
if (shouldNullifyOriginHeader(this)) {
LOG(("nsHttpChannel::SetOriginHeader null Origin by Referrer-Policy")); LOG(("nsHttpChannel::SetOriginHeader null Origin by Referrer-Policy"));
rv = mRequestHead.SetHeader(nsHttp::Origin, "null"_ns, false /* merge */); rv = mRequestHead.SetHeader(nsHttp::Origin, "null"_ns, false /* merge */);
MOZ_ASSERT(NS_SUCCEEDED(rv)); MOZ_ASSERT(NS_SUCCEEDED(rv));
@ -9414,32 +9396,35 @@ void nsHttpChannel::SetOriginHeader() {
return; return;
} }
if (StaticPrefs::network_http_sendOriginHeader() == 0) {
// Origin header suppressed by user setting
return;
}
nsCOMPtr<nsIURI> referrer; nsCOMPtr<nsIURI> referrer;
auto* basePrin = BasePrincipal::Cast(mLoadInfo->TriggeringPrincipal()); auto* basePrin = BasePrincipal::Cast(mLoadInfo->TriggeringPrincipal());
rv = basePrin->GetURI(getter_AddRefs(referrer)); basePrin->GetURI(getter_AddRefs(referrer));
if (NS_FAILED(rv)) { if (!referrer || !dom::ReferrerInfo::IsReferrerSchemeAllowed(referrer)) {
return; return;
} }
nsAutoCString origin("null"); nsAutoCString origin("null");
nsContentUtils::GetASCIIOrigin(referrer, origin);
if (StaticPrefs::network_http_sendOriginHeader() != 0 && referrer && // Restrict Origin to same-origin loads if requested by user
ReferrerInfo::IsReferrerSchemeAllowed(referrer) && if (StaticPrefs::network_http_sendOriginHeader() == 1) {
!ReferrerInfo::ShouldSetNullOriginHeader(this, referrer) && nsAutoCString currentOrigin;
!LoadTaintedOriginFlag()) { nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
nsContentUtils::GetASCIIOrigin(referrer, origin); if (!origin.EqualsIgnoreCase(currentOrigin.get())) {
// Origin header suppressed by user setting
// Restrict Origin to same-origin loads if requested by user return;
if (StaticPrefs::network_http_sendOriginHeader() == 1) {
nsAutoCString currentOrigin;
nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
if (!origin.EqualsIgnoreCase(currentOrigin.get())) {
// Origin header suppressed by user setting
origin.AssignLiteral("null");
}
} }
} }
if (ReferrerInfo::ShouldSetNullOriginHeader(this, referrer)) {
origin.AssignLiteral("null");
}
rv = mRequestHead.SetHeader(nsHttp::Origin, origin, false /* merge */); rv = mRequestHead.SetHeader(nsHttp::Origin, origin, false /* merge */);
MOZ_ASSERT(NS_SUCCEEDED(rv)); MOZ_ASSERT(NS_SUCCEEDED(rv));
} }
@ -10059,8 +10044,7 @@ void nsHttpChannel::ReEvaluateReferrerAfterTrackingStatusIsKnown() {
ReferrerInfo::GetDefaultReferrerPolicy(nullptr, nullptr, ReferrerInfo::GetDefaultReferrerPolicy(nullptr, nullptr,
isPrivate)) { isPrivate)) {
nsCOMPtr<nsIReferrerInfo> newReferrerInfo = nsCOMPtr<nsIReferrerInfo> newReferrerInfo =
referrerInfo->CloneWithNewPolicy( referrerInfo->CloneWithNewPolicy(ReferrerPolicy::_empty);
ReferrerInfo::GetDefaultReferrerPolicy(this, mURI, isPrivate));
// The arguments passed to SetReferrerInfoInternal here should mirror // The arguments passed to SetReferrerInfoInternal here should mirror
// the arguments passed in // the arguments passed in
// HttpChannelChild::RecvOverrideReferrerInfoDuringBeginConnect(). // HttpChannelChild::RecvOverrideReferrerInfoDuringBeginConnect().

1
netwerk/test/mochitests/mochitest.ini
Просмотреть файл

@ -16,7 +16,6 @@ support-files =
redirect_idn.html redirect_idn.html
empty.html empty.html
redirect.sjs redirect.sjs
redirect_to.sjs
origin_header.sjs origin_header.sjs
origin_header_form_post.html origin_header_form_post.html
origin_header_form_post_xorigin.html origin_header_form_post_xorigin.html

4
netwerk/test/mochitests/redirect_to.sjs
Просмотреть файл

@ -1,4 +0,0 @@
function handleRequest(request, response) {
response.setStatusLine(request.httpVersion, 308, "Permanent Redirect");
response.setHeader("Location", request.queryString);
}

95
netwerk/test/mochitests/test_origin_header.html
Просмотреть файл

@ -23,18 +23,15 @@ let testsToRun = [
["network.http.sendOriginHeader", 0], ["network.http.sendOriginHeader", 0],
], ],
results: { results: {
framePost: "Origin: null", framePost: EMPTY_ORIGIN,
framePostXOrigin: "Origin: null", framePostXOrigin: EMPTY_ORIGIN,
frameGet: EMPTY_ORIGIN, frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: null", framePostNonSandboxed: EMPTY_ORIGIN,
framePostNonSandboxedXOrigin: "Origin: null", framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
framePostSandboxed: "Origin: null", framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: null", framePostSrcDoc: EMPTY_ORIGIN,
framePostSrcDocXOrigin: "Origin: null", framePostSrcDocXOrigin: EMPTY_ORIGIN,
framePostDataURI: "Origin: null", framePostDataURI: EMPTY_ORIGIN,
framePostSameOriginToXOrigin: "Origin: null",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: null",
}, },
}, },
{ {
@ -44,17 +41,14 @@ let testsToRun = [
], ],
results: { results: {
framePost: "Origin: http://mochi.test:8888", framePost: "Origin: http://mochi.test:8888",
framePostXOrigin: "Origin: null", framePostXOrigin: EMPTY_ORIGIN,
frameGet: EMPTY_ORIGIN, frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: http://mochi.test:8888", framePostNonSandboxed: "Origin: http://mochi.test:8888",
framePostNonSandboxedXOrigin: "Origin: null", framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
framePostSandboxed: "Origin: null", framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: http://mochi.test:8888", framePostSrcDoc: "Origin: http://mochi.test:8888",
framePostSrcDocXOrigin: "Origin: null", framePostSrcDocXOrigin: EMPTY_ORIGIN,
framePostDataURI: "Origin: null", framePostDataURI: EMPTY_ORIGIN,
framePostSameOriginToXOrigin: "Origin: null",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: null",
}, },
}, },
{ {
@ -68,13 +62,10 @@ let testsToRun = [
frameGet: EMPTY_ORIGIN, frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: http://mochi.test:8888", framePostNonSandboxed: "Origin: http://mochi.test:8888",
framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888", framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
framePostSandboxed: "Origin: null", framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: http://mochi.test:8888", framePostSrcDoc: "Origin: http://mochi.test:8888",
framePostSrcDocXOrigin: "Origin: http://mochi.test:8888", framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
framePostDataURI: "Origin: null", framePostDataURI: EMPTY_ORIGIN,
framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
}, },
}, },
{ {
@ -88,13 +79,10 @@ let testsToRun = [
frameGet: EMPTY_ORIGIN, frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: http://mochi.test:8888", framePostNonSandboxed: "Origin: http://mochi.test:8888",
framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888", framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
framePostSandboxed: "Origin: null", framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: http://mochi.test:8888", framePostSrcDoc: "Origin: http://mochi.test:8888",
framePostSrcDocXOrigin: "Origin: http://mochi.test:8888", framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
framePostDataURI: "Origin: null", framePostDataURI: EMPTY_ORIGIN,
framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
}, },
}, },
{ {
@ -109,13 +97,10 @@ let testsToRun = [
frameGet: EMPTY_ORIGIN, frameGet: EMPTY_ORIGIN,
framePostNonSandboxed: "Origin: null", framePostNonSandboxed: "Origin: null",
framePostNonSandboxedXOrigin: "Origin: null", framePostNonSandboxedXOrigin: "Origin: null",
framePostSandboxed: "Origin: null", framePostSandboxed: EMPTY_ORIGIN,
framePostSrcDoc: "Origin: null", framePostSrcDoc: "Origin: null",
framePostSrcDocXOrigin: "Origin: null", framePostSrcDocXOrigin: "Origin: null",
framePostDataURI: "Origin: null", framePostDataURI: EMPTY_ORIGIN,
framePostSameOriginToXOrigin: "Origin: null",
framePostXOriginToSameOrigin: "Origin: null",
framePostXOriginToXOrigin: "Origin: null",
}, },
}, },
]; ];
@ -166,21 +151,6 @@ let checksToRun = [
frameID: "framePostDataURI", frameID: "framePostDataURI",
dataURI: "origin_header_form_post.html", dataURI: "origin_header_form_post.html",
}, },
{
name: "same-origin POST redirected to cross-origin",
frameID: "framePostSameOriginToXOrigin",
formID: "formPostSameOriginToXOrigin",
},
{
name: "cross-origin POST redirected to same-origin",
frameID: "framePostXOriginToSameOrigin",
formID: "formPostXOriginToSameOrigin",
},
{
name: "cross-origin POST redirected to cross-origin",
frameID: "framePostXOriginToXOrigin",
formID: "formPostXOriginToXOrigin",
},
]; ];
function frameLoaded(test, check) function frameLoaded(test, check)
@ -336,33 +306,6 @@ addLoadEvent(runTests);
<input type="submit" value="Submit GET"> <input type="submit" value="Submit GET">
</form> </form>
</td> </td>
<td>
<iframe src="about:blank" name="framePostSameOriginToXOrigin" id="framePostSameOriginToXOrigin"></iframe>
<form action="redirect_to.sjs?http://test1.mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
method="POST"
id="formPostSameOriginToXOrigin"
target="framePostSameOriginToXOrigin">
<input type="Submit" value="Submit SameOrigin POST redirected to XOrigin">
</form>
</td>
<td>
<iframe src="about:blank" name="framePostXOriginToSameOrigin" id="framePostXOriginToSameOrigin"></iframe>
<form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
method="POST"
id="formPostXOriginToSameOrigin"
target="framePostXOriginToSameOrigin">
<input type="Submit" value="Submit XOrigin POST redirected to SameOrigin">
</form>
</td>
<td>
<iframe src="about:blank" name="framePostXOriginToXOrigin" id="framePostXOriginToXOrigin"></iframe>
<form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?/tests/netwerk/test/mochitests/origin_header.sjs"
method="POST"
id="formPostXOriginToXOrigin"
target="framePostXOriginToXOrigin">
<input type="Submit" value="Submit XOrigin POST redirected to XOrigin">
</form>
</td>
</tr> </tr>
<tr> <tr>
<td> <td>

6
testing/web-platform/meta/fetch/origin/assorted.window.js.ini
Просмотреть файл

@ -1,4 +1,10 @@
[assorted.window.html] [assorted.window.html]
[Origin header and 308 redirect]
expected: FAIL
[Origin header and POST navigation]
expected: FAIL
[Origin header and POST same-origin fetch cors mode with Referrer-Policy no-referrer] [Origin header and POST same-origin fetch cors mode with Referrer-Policy no-referrer]
expected: FAIL expected: FAIL