fix: implement basic policy container (nodejs#1970)

lib/fetch/request.js

@@ -9,7 +9,8 @@ const util = require('../core/util')
 const {
   isValidHTTPToken,
   sameOrigin,
-  normalizeMethod
+  normalizeMethod,
+  makePolicyContainer
 } = require('./util')
 const {
   forbiddenMethods,
@@ -51,13 +52,14 @@ class Request {
     input = webidl.converters.RequestInfo(input)
     init = webidl.converters.RequestInit(init)
 
-    // TODO
+    // https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object
     this[kRealm] = {
       settingsObject: {
         baseUrl: getGlobalOrigin(),
         get origin () {
           return this.baseUrl?.origin
-        }
+        },
+        policyContainer: makePolicyContainer()
       }
     }
 

lib/fetch/util.js

@@ -330,22 +330,26 @@ function createOpaqueTimingInfo (timingInfo) {
 
 // https://html.spec.whatwg.org/multipage/origin.html#policy-container
 function makePolicyContainer () {
-  // TODO
-  return {}
+  // Note: the fetch spec doesn't make use of embedder policy or CSP list
+  return {
+    referrerPolicy: 'strict-origin-when-cross-origin'
+  }
 }
 
 // https://html.spec.whatwg.org/multipage/origin.html#clone-a-policy-container
-function clonePolicyContainer () {
-  // TODO
-  return {}
+function clonePolicyContainer (policyContainer) {
+  return {
+    referrerPolicy: policyContainer.referrerPolicy
+  }
 }
 
 // https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer
 function determineRequestsReferrer (request) {
   // 1. Let policy be request's referrer policy.
-  // TODO(@KhafraDev): referrerPolicy is supposed to be non-null & not an empty string.
-  // this is because we don't implement policyContainer.
-  const policy = request.referrerPolicy ?? 'strict-origin-when-cross-origin'
+  const policy = request.referrerPolicy
+
+  // Note: policy cannot (shouldn't) be null or an empty string.
+  assert(policy)
 
   // 2. Let environment be request’s client.