diff --git a/lib/web/fetch/util.js b/lib/web/fetch/util.js index b77be74f5d4..d79a0b601d4 100644 --- a/lib/web/fetch/util.js +++ b/lib/web/fetch/util.js @@ -481,7 +481,7 @@ function determineRequestsReferrer (request) { case 'same-origin': // 1. If the origin of referrerURL and the origin of request’s current // URL are the same, then return referrerURL. - if (sameOrigin(request, referrerURL)) { + if (sameOrigin(referrerURL, requestCurrentURL(request))) { return referrerURL } // 2. Return no referrer. @@ -489,7 +489,7 @@ function determineRequestsReferrer (request) { case 'origin-when-cross-origin': // 1. If the origin of referrerURL and the origin of request’s current // URL are the same, then return referrerURL. - if (sameOrigin(request, referrerURL)) { + if (sameOrigin(referrerURL, requestCurrentURL(request))) { return referrerURL } // 2. Return referrerOrigin. diff --git a/test/fetch/util.js b/test/fetch/util.js index f5f23cb305b..3cb48672c75 100644 --- a/test/fetch/util.js +++ b/test/fetch/util.js @@ -310,3 +310,50 @@ describe('isOriginIPPotentiallyTrustworthy()', () => { }) }) }) + +describe('determineRequestsReferrer', () => { + const referrer = new URL('https://example.com/page?secret=1#frag') + const sameOriginURL = new URL('https://example.com/target') + const crossOriginURL = new URL('https://other.example/target') + + function makeRequest (referrerPolicy, currentURL) { + return { + referrerPolicy, + referrer, + urlList: [currentURL], + origin: currentURL.origin + } + } + + test('same-origin returns the referrer URL for a same-origin request', (t) => { + t.plan(1) + + const result = util.determineRequestsReferrer(makeRequest('same-origin', sameOriginURL)) + + t.assert.strictEqual(result.toString(), 'https://example.com/page?secret=1') + }) + + test('same-origin returns no referrer for a cross-origin request', (t) => { + t.plan(1) + + const result = util.determineRequestsReferrer(makeRequest('same-origin', crossOriginURL)) + + t.assert.strictEqual(result, 'no-referrer') + }) + + test('origin-when-cross-origin returns the referrer URL for a same-origin request', (t) => { + t.plan(1) + + const result = util.determineRequestsReferrer(makeRequest('origin-when-cross-origin', sameOriginURL)) + + t.assert.strictEqual(result.toString(), 'https://example.com/page?secret=1') + }) + + test('origin-when-cross-origin returns the referrer origin for a cross-origin request', (t) => { + t.plan(1) + + const result = util.determineRequestsReferrer(makeRequest('origin-when-cross-origin', crossOriginURL)) + + t.assert.strictEqual(result.toString(), 'https://example.com/') + }) +})