Skip to content

GitLab

T
tangled
Commit 2f7c5562 authored by Yifan Luo's avatar Yifan Luo Committed by Commit Bot
Browse files
Options

Fetch Metadata: Split `sec-fetch-dest` out from other headers' tests. 

Bug: 1012190
Change-Id: Id5029e303d1fc5e171f8efdd2946ffe5eeef52bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1844823Reviewed-by: default avatarMike West <mkwst@chromium.org>
Commit-Queue: Yifan Luo <lyf@google.com>
Cr-Commit-Position: refs/heads/master@{#703642}
parent 381ce360
Hide whitespace changes
Inline Side-by-side
Showing with 1934 additions and 118 deletions
third_party/blink/web_tests/NeverFixTests
View file @ 2f7c5562
......@@ -2058,6 +2058,8 @@ external/wpt/webgpu/ [ WontFix ]
crbug.com/870173 external/wpt/fetch/metadata/appcache.tentative.https.sub.html [ WontFix ]
crbug.com/870173 external/wpt/fetch/metadata/redirect/redirect-http-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 external/wpt/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 external/wpt/resource-timing/cors-preflight.any.html [ WontFix ]
crbug.com/870173 external/wpt/resource-timing/cors-preflight.any.worker.html [ WontFix ]
crbug.com/870173 http/tests/devtools/console-xhr-logging.js [ WontFix ]
......@@ -2074,6 +2076,8 @@ crbug.com/870173 http/tests/xmlhttprequest/workers/cross-origin-unsupported-url.
crbug.com/870173 mhtml/cid_in_html_resource.html [ WontFix ]
crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/redirect/redirect-http-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 virtual/omt-worker-fetch/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html [ WontFix ]
crbug.com/870173 virtual/omt-worker-fetch/external/wpt/resource-timing/cors-preflight.any.html [ WontFix ]
crbug.com/870173 virtual/omt-worker-fetch/external/wpt/resource-timing/cors-preflight.any.worker.html [ WontFix ]
crbug.com/870173 virtual/omt-worker-fetch/http/tests/workers/worker-redirect.html [ WontFix ]
third_party/blink/web_tests/external/wpt/fetch/metadata/appcache.tentative.https.sub.html
View file @ 2f7c5562
......@@ -12,7 +12,6 @@
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=appcache-manifest{{$id}}")
.then(t.step_func(response => response.text()))
.then(t.step_func_done(text => assert_header_equals(text, {
"dest": "",
"site": "same-origin",
"user": "",
"mode": "no-cors"
......
third_party/blink/web_tests/external/wpt/fetch/metadata/embed.tentative.https.sub.html
View file @ 2f7c5562
......@@ -16,7 +16,7 @@
let e = document.createElement('embed');
e.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"embed", "site":"same-origin", "user":"", "mode":"no-cors"};
let expected = {"site":"same-origin", "user":"", "mode":"no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -35,7 +35,7 @@
let e = document.createElement('embed');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"embed", "site":"same-site", "user":"", "mode":"no-cors"};
let expected = {"site":"same-site", "user":"", "mode":"no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -54,7 +54,7 @@
let e = document.createElement('embed');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"embed", "site":"cross-site", "user":"", "mode":"no-cors"};
let expected = {"site":"cross-site", "user":"", "mode":"no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......
third_party/blink/web_tests/external/wpt/fetch/metadata/fetch-preflight.tentative.https.sub.html
View file @ 2f7c5562
......@@ -13,7 +13,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-site",
"user": "",
"mode": "cors",
......@@ -30,7 +29,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user": "",
"mode": "cors",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/fetch-via-serviceworker--fallback.tentative.https.sub.html
View file @ 2f7c5562
......@@ -44,7 +44,7 @@
const text = await response.text();
// Verify presence of the expected Sec-Fetch-... request headers.
let expected = {"dest":"empty", "site":"same-origin", "user":"", "mode": "no-cors"};
let expected = {"site":"same-origin", "user":"", "mode": "no-cors"};
assert_header_equals(text, expected);
}, 'Sec-Fetch headers after SW fallback');
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/fetch-via-serviceworker--respondWith.tentative.https.sub.html
View file @ 2f7c5562
......@@ -45,7 +45,7 @@
const text = await response.text();
// Verify presence of the expected Sec-Fetch-... request headers.
let expected = {"dest":"empty", "site":"same-origin", "user":"", "mode": "no-cors"};
let expected = {"site":"same-origin", "user":"", "mode": "no-cors"};
assert_header_equals(text, expected);
}, 'Sec-Fetch headers after SW fallback');
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/fetch.tentative.https.sub.html
View file @ 2f7c5562
......@@ -9,7 +9,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-origin",
"user": "",
"mode": "cors",
......@@ -22,7 +21,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-site",
"user": "",
"mode": "cors",
......@@ -35,7 +33,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user": "",
"mode": "cors",
......@@ -49,7 +46,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-origin",
"user": "",
"mode": "same-origin",
......@@ -62,7 +58,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-origin",
"user": "",
"mode": "cors",
......@@ -75,7 +70,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-origin",
"user": "",
"mode": "no-cors",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/fetch.tentative.sub.html
View file @ 2f7c5562
......@@ -12,7 +12,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user": "",
"mode": "cors",
......@@ -27,7 +26,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "",
"site": "",
"user": "",
"mode": "",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/font.tentative.https.sub.html
View file @ 2f7c5562
......@@ -46,7 +46,7 @@
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-origin";
let expected = {"dest":"font", "site":"same-origin", "user":"", "mode": "cors"};
let expected = {"site":"same-origin", "user":"", "mode": "cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -58,7 +58,7 @@
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-site";
let expected = {"dest":"font", "site":"same-site", "user":"", "mode": "cors"};
let expected = {"site":"same-site", "user":"", "mode": "cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -70,7 +70,7 @@
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-cross-site";
let expected = {"dest":"font", "site":"cross-site", "user":"", "mode": "cors"};
let expected = {"site":"cross-site", "user":"", "mode": "cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......
third_party/blink/web_tests/external/wpt/fetch/metadata/history.tentative.https.sub.html
View file @ 2f7c5562
......@@ -55,8 +55,7 @@ add_test(
"back to same-origin-initiated navigation",
same_origin_host, // report_host
cross_site_host, // go_back_host
{ "dest": "document",
"site": "same-origin",
{ "site": "same-origin",
"user": "",
"mode": "navigate" });
......@@ -64,8 +63,7 @@ add_test(
"back to same-site-initiated navigation",
same_site_host, // report_host
cross_site_host, // go_back_host
{ "dest": "document",
"site": "same-site",
{ "site": "same-site",
"user": "",
"mode": "navigate" });
......@@ -73,8 +71,7 @@ add_test(
"back to cross-site-initiated navigation",
cross_site_host, // report_host
cross_site_host, // go_back_host
{ "dest": "document",
"site": "cross-site",
{ "site": "cross-site",
"user": "",
"mode": "navigate" });
......
third_party/blink/web_tests/external/wpt/fetch/metadata/iframe.tentative.https.sub.html
View file @ 2f7c5562
......@@ -42,42 +42,36 @@
}
create_test("{{host}}:{{ports[https][0]}}", FORCED, {
"dest": "nested-document",
"site": "same-origin",
"user": "",
"mode": "nested-navigate"
});
create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, {
"dest": "nested-document",
"site": "same-site",
"user": "",
"mode": "nested-navigate"
});
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, {
"dest": "nested-document",
"site": "cross-site",
"user": "",
"mode": "nested-navigate"
});
create_test("{{host}}:{{ports[https][0]}}", USER, {
"dest": "nested-document",
"site": "same-origin",
"user": "?1",
"mode": "nested-navigate"
});
create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, {
"dest": "nested-document",
"site": "same-site",
"user": "?1",
"mode": "nested-navigate"
});
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, {
"dest": "nested-document",
"site": "cross-site",
"user": "?1",
"mode": "nested-navigate"
......
third_party/blink/web_tests/external/wpt/fetch/metadata/iframe.tentative.sub.html
View file @ 2f7c5562
......@@ -12,7 +12,6 @@
return;
assert_header_equals(e.data, {
"dest": "",
"site": "",
"user": "",
"mode": "",
......@@ -31,7 +30,6 @@
return;
assert_header_equals(e.data, {
"dest": "",
"site": "",
"user": "",
"mode": "",
......@@ -50,7 +48,6 @@
return;
assert_header_equals(e.data, {
"dest": "",
"site": "",
"user": "",
"mode": "",
......@@ -69,7 +66,6 @@
return;
assert_header_equals(e.data, {
"dest": "nested-document",
"site": "cross-site",
"user": "",
"mode": "nested-navigate",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/img.tentative.https.sub.html
View file @ 2f7c5562
......@@ -13,13 +13,11 @@
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
"dest": "image",
"site": "same-origin",
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
......@@ -35,13 +33,11 @@
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
"dest": "image",
"site": "same-site",
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
......@@ -57,13 +53,11 @@
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
"dest": "image",
"site": "cross-site",
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
......
third_party/blink/web_tests/external/wpt/fetch/metadata/navigation.https.sub.html
View file @ 2f7c5562
......@@ -6,13 +6,11 @@
<script>
test(t => {
let expected = {
"dest": "document",
"mode": "navigate",
"site": "none",
};
let actual = {
"dest": "{{headers[sec-fetch-dest]}}",
"mode": "{{headers[sec-fetch-mode]}}",
"site": "{{headers[sec-fetch-site]}}",
// Skipping `Sec-Fetch-User`, as the test harness isn't consistent here.
......
third_party/blink/web_tests/external/wpt/fetch/metadata/object.tentative.https.sub.html
View file @ 2f7c5562
......@@ -16,7 +16,7 @@
let e = document.createElement('object');
e.data = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"object", "site":"same-origin", "user":"", "mode":"no-cors"};
let expected = {"site":"same-origin", "user":"", "mode":"no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -35,7 +35,7 @@
let e = document.createElement('object');
e.data = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"object", "site":"same-site", "user":"", "mode":"no-cors"};
let expected = {"site":"same-site", "user":"", "mode":"no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -54,7 +54,7 @@
let e = document.createElement('object');
e.data = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"object", "site":"cross-site", "user":"", "mode":"no-cors"};
let expected = {"site":"cross-site", "user":"", "mode":"no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......
third_party/blink/web_tests/external/wpt/fetch/metadata/portal.tentative.https.sub.html
View file @ 2f7c5562
......@@ -25,22 +25,18 @@
}
create_test("{{host}}:{{ports[https][0]}}", {
// TODO(mkwst): 'document' seems right, I guess? Perhaps a portal-specific destination would be better?
"dest": "document",
"site": "same-origin",
"user": "",
"mode": "nested-navigate"
});
create_test("{{hosts[][www]}}:{{ports[https][0]}}", {
"dest": "document",
"site": "same-site",
"user": "",
"mode": "nested-navigate"
});
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", {
"dest": "document",
"site": "cross-site",
"user": "",
"mode": "nested-navigate"
......
third_party/blink/web_tests/external/wpt/fetch/metadata/prefetch.tentative.https.sub.html
View file @ 2f7c5562
......@@ -30,7 +30,7 @@
}, `<link rel='prefetch' href='https://${host}/...'>`);
}
create_test("{{host}}:{{ports[https][0]}}", {"dest":"empty", "site":"same-origin", "user":"", "mode": "cors"});
create_test("{{hosts[][www]}}:{{ports[https][0]}}", {"dest":"empty", "site":"same-site", "user":"", "mode": "cors"});
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", {"dest":"empty", "site":"cross-site", "user":"", "mode": "cors"});
create_test("{{host}}:{{ports[https][0]}}", {"site":"same-origin", "user":"", "mode": "cors"});
create_test("{{hosts[][www]}}:{{ports[https][0]}}", {"site":"same-site", "user":"", "mode": "cors"});
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", {"site":"cross-site", "user":"", "mode": "cors"});
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/preload.tentative.https.sub.html
View file @ 2f7c5562
......@@ -44,8 +44,8 @@
];
as_tests.forEach(item => {
create_test("{{host}}:{{ports[https][0]}}", item[0], {"dest":item[1], "site":"same-origin", "user":"", "mode": "cors"});
create_test("{{hosts[][www]}}:{{ports[https][0]}}", item[0], {"dest":item[1], "site":"same-site", "user":"", "mode": "cors"});
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", item[0], {"dest":item[1], "site":"cross-site", "user":"", "mode": "cors"});
create_test("{{host}}:{{ports[https][0]}}", item[0], {"site":"same-origin", "user":"", "mode": "cors"});
create_test("{{hosts[][www]}}:{{ports[https][0]}}", item[0], {"site":"same-site", "user":"", "mode": "cors"});
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", item[0], {"site":"cross-site", "user":"", "mode": "cors"});
});
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/cross-site-redirect.tentative.https.sub.html
View file @ 2f7c5562
......@@ -15,7 +15,7 @@
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
......@@ -41,7 +41,7 @@
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
......@@ -67,7 +67,7 @@
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
......
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html
View file @ 2f7c5562
......@@ -17,7 +17,7 @@
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// cross-site
"https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;// same-origin
let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html
View file @ 2f7c5562
......@@ -19,7 +19,7 @@
<div id="fontTest">Downgraded then upgraded font</div>
<script>
let nonce = "{{$id}}";
let expected = { "dest": "", "site": "cross-site", "user": "", "mode": "cors" };
let expected = { "site": "cross-site", "user": "", "mode": "cors" };
// Validate various scenarios handle a request that redirects from https => http
// correctly and avoids disclosure of any Sec- headers.
......@@ -43,7 +43,6 @@
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
......@@ -51,7 +50,6 @@
assert_header_equals(got, {
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
"dest": undefined,
"site": "cross-site",
"user": undefined,
"mode": "cors",
......@@ -63,7 +61,7 @@
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, { "dest": "", "site": "cross-site", "user": "", "mode": "no-cors" });
assert_header_equals(header, { "site": "cross-site", "user": "", "mode": "no-cors" });
}, "Https downgrade-upgrade script => No headers");
</script>
</body>
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html
View file @ 2f7c5562
......@@ -17,7 +17,7 @@
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-site
"https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;// same-origin
let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"};
let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-http-upgrade.tentative.sub.html
View file @ 2f7c5562
......@@ -19,7 +19,7 @@
<div id="fontTest">Upgraded font</div>
<script>
let nonce = "{{$id}}";
let expected = { "dest": "", "site": "cross-site", "user": "", "mode": "cors" };
let expected = { "site": "cross-site", "user": "", "mode": "cors" };
// Validate various scenarios handle a request that redirects from http => https correctly and add the proper Sec- headers.
RunCommonRedirectTests("Http upgrade", upgradeRedirectTo, expected);
......@@ -42,7 +42,6 @@
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
......@@ -50,7 +49,6 @@
assert_header_equals(got, {
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
"dest": undefined,
"site": "cross-site",
"user": undefined,
"mode": "cors",
......@@ -63,7 +61,7 @@
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, { "dest": "", "site": "cross-site", "user": "", "mode": "no-cors" });
assert_header_equals(header, { "site": "cross-site", "user": "", "mode": "no-cors" });
}, "Http upgrade script => No headers");
</script>
</body>
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/redirect-https-downgrade.tentative.sub.html
View file @ 2f7c5562
......@@ -19,7 +19,7 @@
<div id="fontTest">Downgraded font</div>
<script>
let nonce = token();
let expected = { "dest": "", "site": "", "user": "", "mode": "" };
let expected = { "site": "", "user": "", "mode": "" };
// Validate various scenarios handle a request that redirects from https => http correctly and avoids disclosure of any Sec- headers.
RunCommonRedirectTests("Https downgrade", downgradeRedirectTo, expected);
......@@ -42,7 +42,6 @@
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
......@@ -50,7 +49,6 @@
assert_header_equals(got, {
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
"dest": undefined,
"site": undefined,
"user": undefined,
"mode": undefined,
......@@ -62,7 +60,7 @@
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, { "dest": "", "site": "cross-site", "user": "", "mode": "no-cors" });
assert_header_equals(header, { "site": "cross-site", "user": "", "mode": "no-cors" });
}, "Https downgrade script => No headers");
</script>
</body>
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/same-origin-redirect.tentative.https.sub.html
View file @ 2f7c5562
......@@ -15,7 +15,7 @@
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"same-origin", "user":"", "mode": "no-cors"};
let expected = {"site":"same-origin", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......@@ -42,7 +42,7 @@ promise_test(t => {
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"};
let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......@@ -69,7 +69,7 @@ promise_test(t => {
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......
third_party/blink/web_tests/external/wpt/fetch/metadata/redirect/same-site-redirect.tentative.https.sub.html
View file @ 2f7c5562
......@@ -15,7 +15,7 @@
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"};
let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......@@ -42,7 +42,7 @@ promise_test(t => {
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"};
let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......@@ -69,7 +69,7 @@ promise_test(t => {
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
e.onload = e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
......
third_party/blink/web_tests/external/wpt/fetch/metadata/report.tentative.https.sub.html
View file @ 2f7c5562
......@@ -22,9 +22,9 @@
document.addEventListener("securitypolicyviolation", (e) => {
counter++;
if (counter == 3) {
generate_test({"dest":"report", "site":"same-origin", "user":"", "mode": "no-cors"}, "same-origin");
generate_test({"dest":"report", "site":"same-site", "user":"", "mode": "no-cors"}, "same-site");
generate_test({"dest":"report", "site":"cross-site", "user":"", "mode": "no-cors"}, "cross-site");
generate_test({"site":"same-origin", "user":"", "mode": "no-cors"}, "same-origin");
generate_test({"site":"same-site", "user":"", "mode": "no-cors"}, "same-site");
generate_test({"site":"cross-site", "user":"", "mode": "no-cors"}, "cross-site");
done();
}
......
third_party/blink/web_tests/external/wpt/fetch/metadata/resources/helper.js
View file @ 2f7c5562
......@@ -2,15 +2,72 @@ function wrap_by_tag(tag, text) {
return tag ? `${tag}: ${text}`: text;
}
/**
* @param {object} value
* @param {object} expected
* @param {string} tag
**/
function assert_header_equals(value, expected, tag) {
if (typeof(value) === "string"){
assert_not_equals(value, "No header has been recorded");
value = JSON.parse(value);
}
assert_equals(value.dest, expected.dest, wrap_by_tag(tag, "dest"));
assert_equals(value.mode, expected.mode, wrap_by_tag(tag, "mode"));
assert_equals(value.site, expected.site, wrap_by_tag(tag, "site"));
if (expected.hasOwnProperty("user"))
assert_equals(value.user, expected.user, wrap_by_tag(tag, "user"));
}
/**
* @param {string} header
* @param {object} value
* @param {string} expected
* @param {string} tag
**/
function assert_header(header, value, expected, tag) {
if (typeof(value) === "string"){
assert_not_equals(value, "No header has been recorded");
value = JSON.parse(value);
}
assert_equals(value[header], expected, wrap_by_tag(tag, header));
}
/**
*
* @param {object} value
* @param {string} expected
* @param {string} tag
**/
function assert_header_dest_equals(value, expected, tag) {
assert_header("dest", value, expected, tag);
}
/**
* Test fetch record-header.py
* @param {string} key
* @param {string} expected
* @param {function} assert
* @return {Promise<string | never>}
*/
function fetch_record_header(key, expected, assert) {
return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert(text, expected))
}
/**
*
* @param {string} key
* @param {string} expected
* @param {function} assert
* @param {function} resolve
* @param {function} reject
* @return {Promise<any>}
*/
function fetch_record_header_with_catch(key, expected, assert, resolve, reject) {
return fetch_record_header(key, expected, assert, resolve)
.then(_ => resolve())
.catch(e => reject(e));
}
third_party/blink/web_tests/external/wpt/fetch/metadata/script.tentative.https.sub.html
View file @ 2f7c5562
......@@ -10,7 +10,6 @@
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, {
"dest": "script",
"site": "same-origin",
"user": "",
"mode": "no-cors",
......@@ -25,7 +24,6 @@
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, {
"dest": "script",
"site": "same-site",
"user": "",
"mode": "no-cors",
......@@ -40,7 +38,6 @@
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, {
"dest": "script",
"site": "cross-site",
"user": "",
"mode": "no-cors",
......@@ -55,7 +52,6 @@
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, {
"dest": "script",
"site": "same-origin",
"user": "",
"mode": "cors",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/script.tentative.sub.html
View file @ 2f7c5562
......@@ -10,7 +10,6 @@
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, {
"dest": "",
"site": "",
"user": "",
"mode": "",
......@@ -25,7 +24,6 @@
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, {
"dest": "",
"site": "",
"user": "",
"mode": "",
......@@ -40,7 +38,6 @@
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, {
"dest": "",
"site": "",
"user": "",
"mode": "",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/appcache.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html manifest="/fetch/metadata/resources/record-header.py?file=appcache-manifest{{$id:uuid()}}">
<meta name="timeout" content="long">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
async_test(t => {
window.applicationCache.oncached = window.applicationCache.onnoupdate = window.applicationCache.onerror = t.step_func(e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=appcache-manifest{{$id}}")
.then(t.step_func(response => response.text()))
.then(t.step_func_done(text => assert_header_dest_equals(text, "")))
.catch(t.unreached_func("Fetching and verifying the results should succeed."));
});
}, "Appcache!");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/embed.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<meta charset="utf-8"/>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "embed-same-origin" + nonce;
let e = document.createElement('embed');
e.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "embed", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin embed");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "embed-same-site" + nonce;
let e = document.createElement('embed');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "embed", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Site embed");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "embed-cross-site" + nonce;
let e = document.createElement('embed');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "embed", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Cross-Site embed");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/fetch-preflight.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script>
// Site
promise_test(t => {
return fetch("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py",
{
mode: "cors",
headers: { 'x-test': 'testing' }
})
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "Same-site fetch with preflight");
promise_test(t => {
return fetch("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py",
{
mode: "cors",
headers: { 'x-test': 'testing' }
})
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "Cross-site fetch with preflight");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/fetch-via-serviceworker--fallback.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<!--
This test verifies presence of Sec-Fetch-... request headers on a request
handled by a service worker - this test covers the scenario when the service
worker doesn't do anything and the request falls back to the network.
-->
<meta charset="utf-8"/>
<link rel="author" href="lukasza@chromium.org" title="Lukasz Anforowicz">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/service-workers/service-worker/resources/test-helpers.sub.js></script>
<script src=/common/utils.js></script>
<script>
const nonce = token();
const key = "fetch-via-serviceworker--fallback--" + nonce;
promise_test(async function(t) {
const SCOPE = '/fetch/metadata/resources/fetch-via-serviceworker--fallback--frame.html';
const SCRIPT = '/fetch/metadata/resources/fetch-via-serviceworker--fallback--sw.js';
const URL = '/fetch/metadata/resources/record-header.py?file=' + key;
const RETRIEVAL_URL = "/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key;
const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
t.add_cleanup(async () => {
if (reg)
await reg.unregister();
});
await wait_for_state(t, reg.installing, 'activated');
const frame = await with_iframe(SCOPE);
t.add_cleanup(async () => {
if (frame)
frame.remove();
});
// Trigger a fetch that 1) will go through the service worker and 2) will
// fetch a special URL that records request headers.
await frame.contentWindow.fetch(URL, {mode:'no-cors'});
// Retrieve the request headers that have been recorded in the previous step.
const response = await fetch(RETRIEVAL_URL);
const text = await response.text();
// Verify presence of the expected Sec-Fetch-... request headers.
assert_header_dest_equals(text, "empty");
}, 'Sec-Fetch headers after SW fallback');
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/fetch-via-serviceworker--respondWith.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<!--
This test verifies presence of Sec-Fetch-... request headers on a request
handled by a service worker - this test covers the scenario when the service
worker responds to the `fetch` event with:
event.respondWith(fetch(event.request));
-->
<meta charset="utf-8"/>
<link rel="author" href="lukasza@chromium.org" title="Lukasz Anforowicz">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/service-workers/service-worker/resources/test-helpers.sub.js></script>
<script src=/common/utils.js></script>
<script>
const nonce = token();
const key = "fetch-via-serviceworker--respondWith--" + nonce;
promise_test(async function(t) {
const SCOPE = '/fetch/metadata/resources/fetch-via-serviceworker--respondWith--frame.html';
const SCRIPT = '/fetch/metadata/resources/fetch-via-serviceworker--respondWith--sw.js';
const URL = '/fetch/metadata/resources/record-header.py?file=' + key;
const RETRIEVAL_URL = "/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key;
const reg = await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
t.add_cleanup(async () => {
if (reg)
await reg.unregister();
});
await wait_for_state(t, reg.installing, 'activated');
const frame = await with_iframe(SCOPE);
t.add_cleanup(async () => {
if (frame)
frame.remove();
});
// Trigger a fetch that 1) will go through the service worker and 2) will
// fetch a special URL that records request headers.
await frame.contentWindow.fetch(URL, {mode:'no-cors'});
// Retrieve the request headers that have been recorder in the previous step.
const response = await fetch(RETRIEVAL_URL);
const text = await response.text();
// Verify presence of the expected Sec-Fetch-... request headers.
assert_header_dest_equals(text, "empty");
}, 'Sec-Fetch headers after SW fallback');
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/fetch.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script>
// Site
promise_test(t => {
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "Same-origin fetch");
promise_test(t => {
return fetch("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "Same-site fetch");
promise_test(t => {
return fetch("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "Cross-site fetch");
// Mode
promise_test(t => {
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py", {mode: "same-origin"})
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "Same-origin mode");
promise_test(t => {
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py", {mode: "cors"})
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "CORS mode");
promise_test(t => {
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py", {mode: "no-cors"})
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "no-CORS mode");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/fetch.tentative.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script>
// http -> https should see `Sec-Fetch-Site: cross-site`.
// This is a regression test for
// https://github.com/w3c/webappsec-fetch-metadata/issues/34
promise_test(t => {
assert_equals(location.protocol, "http:");
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => assert_header_dest_equals(j, "empty"));
}, "http->https fetch (cross-scheme => cross-site)");
// http -> http should see no `Sec-Fetch-Site`.
promise_test(t => {
assert_equals(location.protocol, "http:");
return fetch("/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => assert_header_dest_equals(j, ""));
}, "http->http fetch (non-trustworthy destination => no metadata)");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/font.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<body>
<div id="test1">1</div>
<div id="test2">2</div>
<div id="test3">3</div>
<!-- Same-Origin request -->
<style>
@font-face {
font-family: myFirstFont;
src: url(https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=font-same-origin);
}
#test1 {
font-family: myFirstFont;
}
</style>
<!-- Same-Site request -->
<style>
@font-face {
font-family: mySecondFont;
src: url(https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=font-same-site);
}
#test2 {
font-family: mySecondFont;
}
</style>
<!-- Cross-Site request -->
<style>
@font-face {
font-family: myThirdFont;
src: url(https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=font-cross-site);
}
#test3 {
font-family: myThirdFont;
}
</style>
</body>
<script>
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-origin";
fetch_record_header_with_catch(key, "font", assert_header_dest_equals, resolve, reject);
});
}, "Same-Origin font");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-site";
fetch_record_header_with_catch(key, "font", assert_header_dest_equals, resolve, reject);
});
}, "Same-Site font");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-cross-site";
fetch_record_header_with_catch(key, "font", assert_header_dest_equals, resolve, reject);
});
}, "Cross-Site font");
});
</script>
</html>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/history.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script>
// Test that correct `Sec-Fetch-Site` (and other `Sec-Fetch-...` request
/// headers) are used in navigations triggered by |history.back()|.
function add_test(description, report_host, go_back_host, expectation) {
async_test(t => {
// STEP1: Navigate a new window to report_host/post-to-owner.py
const url_suffix = '/fetch/metadata/resources/post-to-owner.py'
const url = `https://${report_host}${url_suffix}`;
const w = window.open(url, '_blank');
var msg_counter = 0;
window.addEventListener('message', t.step_func(e => {
if (e.source != w)
return;
msg_counter = msg_counter + 1;
if (msg_counter == 1) {
// STEP2: Verify the headers (this is a sanity check that the same
// headers are used here and in STEP5).
assert_header_dest_equals(e.data, expectation);
// STEP3: Go to go_back_host/go-back.html (postponing this via
// step_timeout ensures that go-back.html will get a separate
// history entry - otherwise it might be treated as a client-side
// redirect and we might end up with nowhere to go back to).
t.step_timeout(() => {
const url_suffix = '/fetch/metadata/resources/go-back.html'
const url = `https://${go_back_host}${url_suffix}`;
w.location = url;
});
// STEP4 (elsewhere - inside go-back.html): Call history.back().
} else if (msg_counter == 2) {
// STEP5: Verify the headers (this is the main verification and focus
// of the test).
assert_header_dest_equals(e.data, expectation);
// STEP6: Finish the test.
t.done();
}
}));
}, description);
}
const same_origin_host = "{{host}}:{{ports[https][0]}}";
const same_site_host = "{{hosts[][www]}}:{{ports[https][0]}}";
const cross_site_host = "{{hosts[alt][www]}}:{{ports[https][0]}}";
add_test(
"back to same-origin-initiated navigation",
same_origin_host, // report_host
cross_site_host, // go_back_host
"document");
add_test(
"back to same-site-initiated navigation",
same_site_host, // report_host
cross_site_host, // go_back_host
"document");
add_test(
"back to cross-site-initiated navigation",
cross_site_host, // report_host
cross_site_host, // go_back_host
"document");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/iframe.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/resources/testdriver.js></script>
<script src=/resources/testdriver-vendor.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body>
<script>
const USER = true;
const FORCED = false;
function create_test(host, user_activated, expectations) {
async_test(t => {
let i = document.createElement('iframe');
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow)
return;
assert_header_dest_equals(e.data, expectations);
t.done();
}));
let url = `https://${host}/fetch/metadata/resources/post-to-owner.py`;
if (user_activated == FORCED) {
i.src = url;
document.body.appendChild(i);
} else if (user_activated == USER) {
let uuid = token();
i.name = uuid;
let a = document.createElement('a');
a.href = url;
a.target = uuid;
a.text = "This is a link!";
document.body.appendChild(i);
document.body.appendChild(a);
test_driver.click(a);
}
}, `{{host}} -> ${host} iframe: ${user_activated ? "user-activated" : "forced"}`);
}
create_test("{{host}}:{{ports[https][0]}}", FORCED, "nested-document");
create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, "nested-document");
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, "nested-document");
create_test("{{host}}:{{ports[https][0]}}", USER, "nested-document");
create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, "nested-document");
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, "nested-document");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/iframe.tentative.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<body>
<script>
async_test(t => {
let i = document.createElement('iframe');
i.src = "http://{{host}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow)
return;
assert_header_dest_equals(e.data, "");
t.done();
}));
document.body.appendChild(i);
}, "Non-secure same-origin iframe => No headers");
async_test(t => {
let i = document.createElement('iframe');
i.src = "http://{{hosts[][www]}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow)
return;
assert_header_dest_equals(e.data, "");
t.done();
}));
document.body.appendChild(i);
}, "Non-secure same-site iframe => No headers");
async_test(t => {
let i = document.createElement('iframe');
i.src = "http://{{hosts[alt][www]}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow)
return;
assert_header_dest_equals(e.data, "");
t.done();
}));
document.body.appendChild(i);
}, "Non-secure cross-site iframe => No headers.");
async_test(t => {
let i = document.createElement('iframe');
i.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py";
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow)
return;
assert_header_dest_equals(e.data, "nested-document");
t.done();
}));
document.body.appendChild(i);
}, "Secure, cross-site (cross-scheme, same-host) iframe");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/img.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/security-features/resources/common.sub.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<body>
<script>
// These tests reuse the `referrer-policy` infrastructure to load images that
// encode their request headers in their pixels. Fun stuff!
promise_test(() =>
requestViaImage(
"https://{{host}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"]
};
assert_header_dest_equals(got, "image");
}),
"Same-origin image");
promise_test(() =>
requestViaImage(
"https://{{hosts[][www]}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"]
};
assert_header_dest_equals(got, "image");
}),
"Same-site image");
promise_test(() =>
requestViaImage(
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"]
};
assert_header_dest_equals(got, "image");
}),
"Cross-site image");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/navigation.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script>
test(t => {
let actual = {
"dest": "{{headers[sec-fetch-dest]}}"
};
assert_header_dest_equals(actual, "document");
}, "This page's top-level navigation.");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/object.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<meta charset="utf-8"/>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "object-same-origin" + nonce;
let e = document.createElement('object');
e.data = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "object", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin object");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "object-same-site" + nonce;
let e = document.createElement('object');
e.data = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "object", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Site object");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "object-cross-site" + nonce;
let e = document.createElement('object');
e.data = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "object", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Cross-Site object");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/portal.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/resources/testdriver.js></script>
<script src=/resources/testdriver-vendor.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body>
<script>
const USER = true;
const FORCED = false;
function create_test(host, expectation) {
async_test(t => {
let p = document.createElement('portal');
p.addEventListener('message', t.step_func(e => {
assert_header_dest_equals(e.data, expectation);
t.done();
}));
let url = `https://${host}/fetch/metadata/resources/post-to-owner.py`;
p.src = url;
document.body.appendChild(p);
}, `{{host}} -> ${host} portal`);
}
// TODO(mkwst): 'document' seems right, I guess? Perhaps a portal-specific destination would be better?
create_test("{{host}}:{{ports[https][0]}}", "document");
create_test("{{hosts[][www]}}:{{ports[https][0]}}", "document");
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", "document");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/prefetch.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
test(t => {
assert_true(document.createElement('link').relList.supports('prefetch'));
}, "Browser supports prefetch.");
function create_test(host, expected) {
async_test(t => {
let nonce = token();
let key = "prefetch" + nonce;
let e = document.createElement('link');
e.rel = "prefetch";
e.href = `https://${host}/fetch/metadata/resources/record-header.py?file=${key}`;
e.setAttribute("crossorigin", "crossorigin");
e.onload = t.step_func(e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(t.step_func(response => response.text()))
.then(t.step_func_done(text => assert_header_dest_equals(text, expected)))
.catch(t.unreached_func("Fetching and verifying the results should succeed."));
});
e.onerror = t.unreached_func();
document.head.appendChild(e);
}, `<link rel='prefetch' href='https://${host}/...'>`);
}
create_test("{{host}}:{{ports[https][0]}}", "empty");
create_test("{{hosts[][www]}}:{{ports[https][0]}}", "empty");
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", "empty");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/preload.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<meta name="timeout" content="long">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
test(t => {
assert_true(document.createElement('link').relList.supports('preload'));
}, "Browser supports preload.");
function create_test(host, as, expected) {
async_test(t => {
let nonce = "{{uuid()}}";
let key = as + nonce;
let e = document.createElement('link');
e.rel = "preload";
e.href = `https://${host}/fetch/metadata/resources/record-header.py?file=${key}`;
e.setAttribute("crossorigin", "crossorigin");
if (as !== undefined) {
e.setAttribute("as", as);
}
e.onload = e.onerror = t.step_func_done(e => {
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(t.step_func(response => response.text()))
.then(t.step_func(text => assert_header_dest_equals(text, expected)))
.then(t.step_func_done(_ => resolve()))
.catch(t.unreached_func());
});
document.head.appendChild(e);
}, `<link rel='preload' as='${as}' href='https://${host}/...'>`);
}
let as_tests = [
[ "fetch", "empty" ],
[ "font", "font" ],
[ "image", "image" ],
[ "script", "script" ],
[ "style", "style" ],
[ "track", "track" ],
];
as_tests.forEach(item => {
create_test("{{host}}:{{ports[https][0]}}", item[0], item[1]);
create_test("{{hosts[][www]}}:{{ports[https][0]}}", item[0], item[1]);
create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", item[0], item[1]);
});
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/cross-site-redirect.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-cross-site-same-origin" + nonce;
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Cross-Site -> Same-Origin redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-cross-site-same-site" + nonce;
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Cross-Site -> Same-Site redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-cross-site-cross-site" + nonce;
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Cross-Site -> Cross-Site redirect");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-cross-site.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-multiple-cross-site" + nonce;
let e = document.createElement('img');
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// cross-site
"https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;// same-origin
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin -> Cross-Site -> Same-Origin redirect");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/fetch/metadata/resources/redirectTestHelper.sub.js></script>
<script src=/common/security-features/resources/common.sub.js></script>
<script src=/common/utils.js></script>
<style>
@font-face {
font-family: myDowngradeUpgradeFont;
src: url(https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fapi%2Fresources%2Fredirect.py%3Flocation%3Dhttps%253A%252F%252F{{host}}%253A{{ports[https][0]}}%252Ffetch%252Fmetadata%252Fresources%252Frecord-header.py%253Ffile%253Dfont-https-downgrade-upgrade{{$id:uuid()}});
}
#fontTest {
font-family: myDowngradeUpgradeFont;
}
</style>
<body>
<div id="fontTest">Downgraded then upgraded font</div>
<script>
let nonce = "{{$id}}";
// Validate various scenarios handle a request that redirects from https => http
// correctly and avoids disclosure of any Sec- headers.
RunCommonRedirectTests("Https downgrade-upgrade", MultipleRedirectTo, expected);
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-https-downgrade-upgrade{{$id}}";
return fetch_record_header_with_catch(key, "", assert_header_dest_equals, resolve, reject);
});
}, "Https downgrade-upgrade font => No headers");
});
promise_test(() => {
return requestViaImage(secureRedirectURL + encodeURIComponent(insecureRedirectURL + encodeURIComponent("https://{{host}}:{{ports[https][0]}}/common/security-features/subresource/image.py")))
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"]
};
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
assert_header_dest_equals(got, undefined);
});
}, "Https downgrade-upgrade image => No headers");
</script>
<script src="https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fapi%2Fresources%2Fredirect.py%3Flocation%3Dhttps%253A%252F%252F{{host}}%253A{{ports[https][0]}}%252Ffetch%252Fmetadata%252Fresources%252Fecho-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "");
}, "Https downgrade-upgrade script => No headers");
</script>
</body>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/multiple-redirect-same-site.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-multiple-same-site" + nonce;
let e = document.createElement('img');
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-site
"https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;// same-origin
e.onload = e => {
return fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
return fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin -> Same-Site -> Same-Origin redirect");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-http-upgrade.tentative.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/fetch/metadata/resources/redirectTestHelper.sub.js></script>
<script src=/common/security-features/resources/common.sub.js></script>
<script src=/common/utils.js></script>
<style>
@font-face {
font-family: myUpgradedFont;
src: url(http://{{host}}:{{ports[http][0]}}/fetch/api/resources/redirect.py?location=https%3A%2F%2F{{host}}%3A{{ports[https][0]}}%2Ffetch%2Fmetadata%2Fresources%2Frecord-header.py%3Ffile%3Dfont-https-upgrade{{$id:uuid()}});
}
#fontTest {
font-family: myUpgradedFont;
}
</style>
<body>
<div id="fontTest">Upgraded font</div>
<script>
let nonce = "{{$id}}";
// Validate various scenarios handle a request that redirects from http => https correctly and add the proper Sec- headers.
RunCommonRedirectTests("Http upgrade", upgradeRedirectTo, expected);
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-https-upgrade{{$id}}";
fetch_record_header_with_catch(key, "", assert_header_dest_equals, resolve, reject);
});
}, "Http upgrade font => No headers");
});
promise_test(() => {
return requestViaImage(insecureRedirectURL + encodeURIComponent("https://{{host}}:{{ports[https][0]}}/common/security-features/subresource/image.py"))
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"]
};
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
assert_header_dest_equals(got, undefined);
});
}, "Http upgrade image => No headers");
</script>
<script src="http://{{host}}:{{ports[http][0]}}/fetch/api/resources/redirect.py?location=https%3A%2F%2F{{host}}%3A{{ports[https][0]}}%2Ffetch%2Fmetadata%2Fresources%2Fecho-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "");
}, "Http upgrade script => No headers");
</script>
</body>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub-expected.txt 0 → 100644
View file @ 2f7c5562
This is a testharness.js-based test.
FAIL redirect-https-downgrade Uncaught SyntaxError: Unexpected token 'return'
Harness: the test ran to completion.
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/redirect-https-downgrade.tentative.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/fetch/metadata/resources/redirectTestHelper.sub.js></script>
<script src=/common/security-features/resources/common.sub.js></script>
<script src=/common/utils.js></script>
<style>
@font-face {
font-family: myDowngradedFont;
src: url(https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fmetadata%2Fresources%2Frecord-header.py%3Ffile%3Dfont-https-downgrade);
}
#fontTest {
font-family: myDowngradedFont;
}
</style>
<body>
<div id="fontTest">Downgraded font</div>
<script>
let nonce = token();
// Validate various scenarios handle a request that redirects from https => http correctly and avoids disclosure of any Sec- headers.
RunCommonRedirectTests("Https downgrade", downgradeRedirectTo, expected);
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-https-downgrade";
fetch_record_header_with_catch(key, "", assert_header_dest_equals, resolve, reject);
});
}, "Https downgrade font => No headers");
});
promise_test(() =>
return requestViaImage(secureRedirectURL + encodeURIComponent("http://{{host}}:{{ports[http][0]}}/common/security-features/subresource/image.py"))
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"]
};
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
assert_header_dest_equals(got, undefined);
}), "Https downgrade image => No headers");
</script>
<script src="https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fmetadata%2Fresources%2Fecho-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "");
}, "Https downgrade script => No headers");
</script>
</body>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/same-origin-redirect.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-origin-same-origin" + nonce;
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin -> Same-Origin redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-origin-same-site" + nonce;
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin -> Same-Site redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-origin-cross-site" + nonce;
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin -> Cross-Site redirect");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/redirect/same-site-redirect.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-site-same-origin" + nonce;
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Site -> Same-Origin redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-site-same-site" + nonce;
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Site -> Same-Site redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-site-cross-site" + nonce;
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
e.onerror = e => {
fetch_record_header_with_catch(key, "image", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Site -> Cross-Site redirect");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/report.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<link id="style" href="https://foo.bar" rel="stylesheet">
<body></body>
<script>
setup({ explicit_done: true });
function generate_test(expected, name) {
async_test(t => {
t.step_timeout(_ => {
return fetch_record_header("report-" + name, expected, assert_header_dest_equals)
.then(_ => t.done());
}, 1000);
}, name + " report");
}
let counter = 0;
document.addEventListener("securitypolicyviolation", (e) => {
counter++;
if (counter == 3) {
generate_test("report", "same-origin");
generate_test("report", "same-site");
generate_test("report", "cross-site");
done();
}
});
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/report.tentative.https.sub.html.sub.headers 0 → 100644
View file @ 2f7c5562
Content-Security-Policy: style-src 'self' 'unsafe-inline'; report-uri /fetch/metadata/resources/record-header.py?file=report-same-origin
Content-Security-Policy: style-src 'self' 'unsafe-inline'; report-uri https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=report-same-site
Content-Security-Policy: style-src 'self' 'unsafe-inline'; report-uri https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=report-cross-site
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/script.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<!-- Same-origin script -->
<script src="https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "script");
}, "Same-origin script");
</script>
<!-- Same-site script -->
<script src="https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "script");
}, "Same-site script");
</script>
<!-- Cross-site script -->
<script src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "script");
}, "Cross-site script");
</script>
<!-- Same-origin script, CORS mode -->
<script src="https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/echo-as-script.py" crossorigin="anonymous"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "script");
}, "Same-origin CORS script");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/script.tentative.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<!-- Same-origin script -->
<script src="http://{{host}}:{{ports[http][0]}}/fetch/metadata/resources/echo-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "");
}, "Non-secure same-origin script => No headers");
</script>
<!-- Same-site script -->
<script src="http://{{hosts[][www]}}:{{ports[http][0]}}/fetch/metadata/resources/echo-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "");
}, "Non-secure same-site script => No headers");
</script>
<!-- Cross-site script -->
<script src="http://{{hosts[alt][www]}}:{{ports[http][0]}}/fetch/metadata/resources/echo-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_dest_equals(header, "");
}, "Non-secure cross-site script => No headers");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/serviceworker.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<!--
This test verifies presence of Sec-Fetch-... request headers on a request
that fetches the service worker script itself (i.e. the script at the URL
passed as an argument to navigator.serviceWorker.register).
-->
<meta charset="utf-8"/>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body>
<script>
promise_test(async t => {
const nonce = token();
const key = "serviceworker-same-origin" + nonce;
// Register a service worker and check the request header.
const registration = await navigator.serviceWorker.register('https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=' + key);
t.add_cleanup(() => registration.unregister());
await retrieve_and_assert_headers(key, 'Register service worker');
// Trigger an update check and check the request header again.
await registration.update();
await retrieve_and_assert_headers(key, 'Update service worker');
}, 'metadata for service worker scripts');
async function retrieve_and_assert_headers(key, tag) {
const response = await fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
const text = await response.text();
assert_header_dest_equals(text, "serviceworker", tag);
}
</script>
</body>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/sharedworker.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<script>
let nonce = token();
let key = "sharedworker-same-origin" + nonce;
// TESTS //
if (window.Worker) {
// Same-Origin test
var sharedWorker = new SharedWorker('/fetch/metadata/resources/record-header.py?file=' + key);
sharedWorker.port.start();
sharedWorker.onerror = function(){
test_same_origin();
}
sharedWorker.port.onmessage = function(e) {
test_same_origin();
}
sharedWorker.port.postMessage("Ready");
}
function test_same_origin(){
promise_test(t => {
return new Promise((resolve, reject) => {
fetch_record_header_with_catch(key, "sharedworker", assert_header_dest_equals, resolve, reject);
})
}, "Same-Origin sharedworker")
}
</script>
<body></body>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/style.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body></body>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-same-origin" + nonce;
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "style", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin style");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-same-site" + nonce;
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "style", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Site style");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-cross-site" + nonce;
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
fetch_record_header_with_catch(key, "style", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Cross-Site style");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-same-origin-cors" + nonce;
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.crossOrigin = "anonymous";
e.onload = e => {
fetch_record_header_with_catch(key, "style", assert_header_dest_equals, resolve, reject);
};
document.body.appendChild(e);
})
}, "Same-Origin, cors style");
</script>
</html>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/track.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body>
</body>
<script>
let nonce = token();
function createVideoElement() {
let el = document.createElement('video');
el.src = "/media/movie_5.mp4";
el.setAttribute("controls", "");
el.setAttribute("crossorigin", "");
return el;
}
function createTrack() {
let el = document.createElement("track");
el.setAttribute("default", "");
el.setAttribute("kind", "captions");
el.setAttribute("srclang", "en");
return el;
}
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "track-same-origin" + nonce;
let video = createVideoElement();
let el = createTrack();
el.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
fetch_record_header_with_catch(key, "track", assert_header_dest_equals, resolve, reject);
});
video.appendChild(el);
document.body.appendChild(video);
});
}, "Same-Origin track");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "track-same-site" + nonce;
let video = createVideoElement();
let el = createTrack();
el.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
fetch_record_header_with_catch(key, "track", assert_header_dest_equals, resolve, reject);
});
video.appendChild(el);
document.body.appendChild(video);
});
}, "Same-Site track");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "track-cross-site" + nonce;
let video = createVideoElement();
let el = createTrack();
el.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
fetch_record_header_with_catch(key, "track", assert_header_dest_equals, resolve, reject);
});
video.appendChild(el);
document.body.appendChild(video);
});
}, "Cross-Site track");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "track-same-origin-cors" + nonce;
let video = createVideoElement();
// Unset `crossorigin` to change the CORS mode:
video.crossOrigin = undefined;
let el = createTrack();
el.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
fetch_record_header_with_catch(key, "track", assert_header_dest_equals, resolve, reject);
});
video.appendChild(el);
document.body.appendChild(video);
});
}, "Same-Origin, CORS track");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/trailing-dot.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script>
// Site
promise_test(t => {
return fetch("https://{{host}}.:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_dest_equals(j, "empty");
});
}, "Fetching a resource from the same origin, but spelled with a trailing dot.");
promise_test(t => {
return fetch("https://{{hosts[][www]}}.:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_dest_equals(j, "empty");
});
}, "Fetching a resource from the same site, but spelled with a trailing dot.");
promise_test(t => {
return fetch("https://{{hosts[alt][www]}}.:{{ports[https][0]}}/fetch/metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_dest_equals(j, "empty");
});
}, "Fetching a resource from a cross-site host, spelled with a trailing dot.");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/unload.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/resources/testdriver.js></script>
<script src=/resources/testdriver-vendor.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<body>
<script>
// The test
// 1. Creates a same-origin iframe
// 2. Adds to the iframe an unload handler that will
// trigger a request to <unload_request_url>/.../record-header.py...
// 3. Navigate the iframe to a cross-origin url (to data: url)
// 4. Waits until the request goes through
// 5. Verifies Sec-Fetch-Site request header of the request.
//
// This is a regression test for https://crbug.com/986577.
function create_test(unload_request_origin, expectation) {
async_test(t => {
// STEP 1: Create an iframe.
let nonce = token();
let key = "unload-test-" + nonce;
let url = unload_request_origin +
"/fetch/metadata/resources/record-header.py?file=" + key;
let i = document.createElement('iframe');
i.src = '/fetch/metadata/resources/unload-with-beacon.html';
i.onload = () => {
// STEP 2: Ask the iframe to add an unload handler.
i.contentWindow.postMessage(url, '*');
};
window.addEventListener('message', e => {
// STEP 3: Navigate the iframe away
i.contentWindow.location = 'data:text/html,DONE';
});
document.body.appendChild(i);
// STEPS 4 and 5: Wait for the beacon to go through and verify
// the request headers.
function wait_and_verify() {
t.step_timeout(() => {
let callback_method = text => t.step(() => {
if (text == "No header has been recorded") {
wait_and_verify();
return;
}
assert_header_dest_equals(text, expectation);
t.done();
});
fetch_record_header(key, expectation, callback_method);
}, 200);
}
wait_and_verify();
}, "Fetch from an unload handler");
}
create_test("https://{{host}}:{{ports[https][0]}}", "empty");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/window-open.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/resources/testdriver.js></script>
<script src=/resources/testdriver-vendor.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<body>
<script>
// Forced navigations:
async_test(t => {
let w = window.open("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
window.addEventListener('message', t.step_func(e => {
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
t.done();
}));
}, "Same-origin window, forced");
async_test(t => {
let w = window.open("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
window.addEventListener('message', t.step_func(e => {
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
t.done();
}));
}, "Same-site window, forced");
async_test(t => {
let w = window.open("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
window.addEventListener('message', t.step_func(e => {
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
t.done();
}));
}, "Cross-site window, forced");
async_test(t => {
let w = window.open("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
let messages = 0;
window.addEventListener('message', t.step_func(e => {
messages++;
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
if (messages == 1) {
w.location.reload();
} else {
t.done();
}
}));
}, "Same-origin window, forced, reloaded");
async_test(t => {
let w = window.open("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
let messages = 0;
window.addEventListener('message', t.step_func(e => {
messages++;
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
if (messages == 1) {
w.location.reload();
} else {
t.done();
}
}));
}, "Same-site window, forced, reloaded");
async_test(t => {
let w = window.open("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
let messages = 0;
window.addEventListener('message', t.step_func(e => {
messages++;
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
if (messages == 1) {
w.location.reload();
} else {
t.done();
}
}));
}, "Cross-site window, forced, reloaded");
// User-activated navigations:
async_test(t => {
let b = document.createElement('button');
b.onclick = t.step_func(_ => {
let w = window.open("https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
window.addEventListener('message', t.step_func(e => {
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
t.done();
}));
});
document.body.appendChild(b);
test_driver.click(b);
}, "Same-origin window, user-activated");
async_test(t => {
let b = document.createElement('button');
b.onclick = t.step_func(_ => {
let w = window.open("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
window.addEventListener('message', t.step_func(e => {
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
t.done();
}));
});
document.body.appendChild(b);
test_driver.click(b);
}, "Same-site window, user-activated");
async_test(t => {
let b = document.createElement('button');
b.onclick = t.step_func(_ => {
let w = window.open("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py");
t.add_cleanup(_ => w.close());
window.addEventListener('message', t.step_func(e => {
if (e.source != w)
return;
assert_header_dest_equals(e.data, "document");
t.done();
}));
});
document.body.appendChild(b);
test_driver.click(b);
}, "Cross-site window, user-activated");
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/worker.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<script>
let nonce = token();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "worker-same-origin" + nonce;
let w = new Worker("/fetch/metadata/resources/record-header.py?file=" + key);
w.onmessage = e => {
fetch_record_header_with_catch(key, "worker", assert_header_dest_equals, resolve, reject);
};
});
}, "Same-Origin worker");
</script>
<body></body>
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub-expected.txt 0 → 100644
View file @ 2f7c5562
This is a testharness.js-based test.
PASS Same-Origin xslt
FAIL Same-site xslt assert_not_equals: got disallowed value "No header has been recorded"
FAIL Cross-site xslt assert_not_equals: got disallowed value "No header has been recorded"
Harness: the test ran to completion.
third_party/blink/web_tests/external/wpt/fetch/metadata/sec-fetch-dest/xslt.tentative.https.sub.html 0 → 100644
View file @ 2f7c5562
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/common/utils.js></script>
<script>
// Open a window with XML document which loads resources via <?xml-stylesheet/> tag
let nonce = token();
let w = window.open("/fetch/metadata/resources/xslt-test.sub.xml?token=" + nonce);
window.addEventListener('message', function(e) {
if (e.source != w)
return;
promise_test(t => {
return fetch_record_header("xslt-same-origin" + nonce, "xslt", assert_header_dest_equals);
}, "Same-Origin xslt");
promise_test(t => {
return fetch_record_header("xslt-same-site" + nonce, "xslt", assert_header_dest_equals);
}, "Same-site xslt");
promise_test(t => {
return fetch_record_header("xslt-cross-site" + nonce, "xslt", assert_header_dest_equals);
}, "Cross-site xslt");
w.close();
});
</script>
third_party/blink/web_tests/external/wpt/fetch/metadata/serviceworker.tentative.https.sub.html
View file @ 2f7c5562
......@@ -27,8 +27,8 @@
}, 'metadata for service worker scripts');
async function retrieve_and_assert_headers(key, tag) {
let expected = { "dest": "serviceworker", "site": "same-origin", "user": "", "mode": "same-origin" };
const response = await fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
let expected = { "site": "same-origin", "user": "", "mode": "same-origin" };
const response = await fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key);
const text = await response.text();
assert_header_equals(text, expected, tag);
}
......
third_party/blink/web_tests/external/wpt/fetch/metadata/sharedworker.tentative.https.sub.html
View file @ 2f7c5562
......@@ -28,7 +28,7 @@
function test_same_origin(){
promise_test(t => {
return new Promise((resolve, reject) => {
let expected = {"dest":"sharedworker", "site":"same-origin", "user":"", "mode": "same-origin"};
let expected = {"site":"same-origin", "user":"", "mode": "same-origin"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
......
third_party/blink/web_tests/external/wpt/fetch/metadata/style.tentative.https.sub.html
View file @ 2f7c5562
......@@ -17,7 +17,7 @@
e.rel = "stylesheet";
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"style", "site":"same-origin", "user":"", "mode": "no-cors"};
let expected = {"site":"same-origin", "user":"", "mode": "no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -37,7 +37,7 @@
e.rel = "stylesheet";
e.href = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"style", "site":"same-site", "user":"", "mode": "no-cors"};
let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -57,7 +57,7 @@
e.rel = "stylesheet";
e.href = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"dest":"style", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......@@ -78,7 +78,7 @@
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
e.crossOrigin = "anonymous";
e.onload = e => {
let expected = {"dest":"style", "site":"same-origin", "user":"", "mode": "cors"};
let expected = {"site":"same-origin", "user":"", "mode": "cors"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......
third_party/blink/web_tests/external/wpt/fetch/metadata/track.tentative.https.sub.html
View file @ 2f7c5562
......@@ -34,7 +34,6 @@
el.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
expected = {
"dest": "track",
"site": "same-origin",
"user": "",
"mode": "cors" // Because the `video` element has `crossorigin`
......@@ -57,7 +56,6 @@
el.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
expected = {
"dest": "track",
"site": "same-site",
"user": "",
"mode": "cors" // Because the `video` element has `crossorigin`
......@@ -82,7 +80,6 @@
el.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
expected = {
"dest": "track",
"site": "cross-site",
"user": "",
"mode": "cors" // Because the `video` element has `crossorigin`
......@@ -110,7 +107,6 @@
el.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
el.onload = t.step_func(_ => {
expected = {
"dest":"track",
"site":"same-origin",
"user":"",
"mode": "same-origin"
......
third_party/blink/web_tests/external/wpt/fetch/metadata/trailing-dot.tentative.https.sub.html
View file @ 2f7c5562
......@@ -9,7 +9,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user": "",
"mode": "cors",
......@@ -22,7 +21,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user": "",
"mode": "cors",
......@@ -35,7 +33,6 @@
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user": "",
"mode": "cors",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/unload.tentative.https.sub.html
View file @ 2f7c5562
......@@ -56,7 +56,6 @@
}
create_test("https://{{host}}:{{ports[https][0]}}", {
"dest": "empty",
"site": "same-origin",
"user": "",
"mode": "no-cors"
......
third_party/blink/web_tests/external/wpt/fetch/metadata/window-open.tentative.https.sub.html
View file @ 2f7c5562
......@@ -15,7 +15,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "same-origin",
"user": "",
"mode": "navigate",
......@@ -32,7 +31,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "same-site",
"user": "",
"mode": "navigate",
......@@ -49,7 +47,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "cross-site",
"user": "",
"mode": "navigate",
......@@ -68,7 +65,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "same-origin",
"user": "",
"mode": "navigate",
......@@ -92,7 +88,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "same-site",
"user": "",
"mode": "navigate",
......@@ -116,7 +111,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "cross-site",
"user": "",
"mode": "navigate",
......@@ -141,7 +135,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "same-origin",
"user": "?1",
"mode": "navigate",
......@@ -163,7 +156,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "same-site",
"user": "?1",
"mode": "navigate",
......@@ -185,7 +177,6 @@
return;
assert_header_equals(e.data, {
"dest": "document",
"site": "cross-site",
"user": "?1",
"mode": "navigate",
......
third_party/blink/web_tests/external/wpt/fetch/metadata/worker.tentative.https.sub.html
View file @ 2f7c5562
......@@ -13,7 +13,7 @@
let key = "worker-same-origin" + nonce;
let w = new Worker("/fetch/metadata/resources/record-header.py?file=" + key);
w.onmessage = e => {
let expected = {"dest":"worker", "site":"same-origin", "user":"", "mode": "same-origin"};
let expected = {"site":"same-origin", "user":"", "mode": "same-origin"};
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
......
third_party/blink/web_tests/external/wpt/fetch/metadata/xslt.tentative.https.sub.html
View file @ 2f7c5562
......@@ -14,21 +14,21 @@
return;
promise_test(t => {
let expected = {"dest":"xslt", "site":"same-origin", "user":"", "mode": "same-origin"};
let expected = {"site":"same-origin", "user":"", "mode": "same-origin"};
return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-same-origin" + nonce)
.then(response => response.text())
.then(text => assert_header_equals(text, expected));
}, "Same-Origin xslt");
promise_test(t => {
let expected = {"dest":"xslt", "site":"same-site", "user":"", "mode": "no-cors"};
let expected = {"site":"same-site", "user":"", "mode": "no-cors"};
return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-same-site" + nonce)
.then(response => response.text())
.then(text => assert_header_equals(text, expected));
}, "Same-site xslt");
promise_test(t => {
let expected = {"dest":"xslt", "site":"cross-site", "user":"", "mode": "no-cors"};
let expected = {"site":"cross-site", "user":"", "mode": "no-cors"};
return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=xslt-cross-site" + nonce)
.then(response => response.text())
.then(text => assert_header_equals(text, expected));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment