tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

http-equiv-accept-ch-non-secure.http.html (2038B)

      1 <html>
      2 <meta http-equiv="Accept-CH" content="Sec-CH-DPR, DPR, Sec-CH-Width, Width, Sec-CH-Viewport-Width, Viewport-Width, Sec-CH-Device-Memory, Device-Memory, rtt, downlink, ect">
      3 <title>Accept-CH http-equiv insecure transport test</title>
      4 <body>
      5 <script src="/resources/testharness.js"></script>
      6 <script src="/resources/testharnessreport.js"></script>
      7 
      8 <script>
      9 
     10 // Even though this HTML file contains "Accept-CH" http-equiv headers, the
     11 // browser should NOT attach the specified client hints in the HTTP request
     12 // headers since the page is being fetched over an insecure transport.
     13 // Test this functionality by fetching an XHR from this page hosted on
     14 // an insecure HTTP server.
     15 
     16 // resources/echo-client-hints-received.py sets the response headers depending on the set
     17 // of client hints it receives in the request headers.
     18 
     19 promise_test(t => {
     20  return fetch("/client-hints/resources/echo-client-hints-received.py").then(r => {
     21    assert_equals(r.status, 200)
     22    // Verify that the browser does not include client hints in the headers
     23    // when fetching the XHR from an insecure HTTP server.
     24    assert_false(r.headers.has("device-memory-received"), "device-memory-received");
     25    assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
     26    assert_false(r.headers.has("dpr-received"), "dpr-received");
     27    assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
     28    assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
     29    assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
     30    assert_false(r.headers.has("rtt-received"), "rtt-received");
     31    assert_false(r.headers.has("downlink-received"), "downlink-received");
     32    assert_false(r.headers.has("ect-received"), "ect-received");
     33    assert_false(r.headers.has("prefers-color-scheme-received"), "prefers-color-scheme-received");
     34  });
     35 }, "Accept-CH http-equiv test over insecure transport");
     36 
     37 </script>
     38 </body>
     39 </html>