tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

meta-equiv-delegate-ch-non-secure.http.html (2062B)

      1 <!DOCTYPE html>
      2 <html>
      3 <meta http-equiv="Delegate-CH" content="Sec-CH-DPR; DPR; Sec-CH-Width; Width; Sec-CH-Viewport-Width; Viewport-Width; Sec-CH-Device-Memory; Device-Memory; rtt; downlink; ect">
      4 <title>Delegate-CH meta-equiv insecure transport test</title>
      5 <body>
      6 <script src="/resources/testharness.js"></script>
      7 <script src="/resources/testharnessreport.js"></script>
      8 
      9 <script>
     10 
     11 // Even though this HTML file contains "Delegate-CH" meta-equiv headers, the
     12 // browser should NOT attach the specified client hints in the HTTP request
     13 // headers since the page is being fetched over an insecure transport.
     14 // Test this functionality by fetching an XHR from this page hosted on
     15 // an insecure HTTP server.
     16 
     17 // resources/echo-client-hints-received.py sets the response headers depending on the set
     18 // of client hints it receives in the request headers.
     19 
     20 promise_test(t => {
     21  return fetch("/client-hints/resources/echo-client-hints-received.py").then(r => {
     22    assert_equals(r.status, 200)
     23    // Verify that the browser does not include client hints in the headers
     24    // when fetching the XHR from an insecure HTTP server.
     25    assert_false(r.headers.has("device-memory-received"), "device-memory-received");
     26    assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
     27    assert_false(r.headers.has("dpr-received"), "dpr-received");
     28    assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
     29    assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
     30    assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
     31    assert_false(r.headers.has("rtt-received"), "rtt-received");
     32    assert_false(r.headers.has("downlink-received"), "downlink-received");
     33    assert_false(r.headers.has("ect-received"), "ect-received");
     34    assert_false(r.headers.has("prefers-color-scheme-received"), "prefers-color-scheme-received");
     35  });
     36 }, "Delegate-CH meta-equiv test over insecure transport");
     37 
     38 </script>
     39 </body>
     40 </html>