css-font-face.sub.tentative.html (7338B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/css-font-face.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for CSS font-face</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 let count = 0; 19 20 function induceRequest(t, url) { 21 const id = `el-${count += 1}`; 22 const style = document.createElement('style'); 23 style.appendChild(document.createTextNode(` 24 @font-face { 25 font-family: wpt-font-family${id}; 26 src: url(${url}); 27 } 28 #el-${id} { 29 font-family: wpt-font-family${id}; 30 } 31 `)); 32 const div = document.createElement('div'); 33 div.setAttribute('id', 'el-' + id); 34 div.appendChild(style); 35 div.appendChild(document.createTextNode('x')); 36 document.body.appendChild(div); 37 38 t.add_cleanup(() => div.remove()); 39 40 return document.fonts.ready; 41 } 42 43 promise_test((t) => { 44 const key = '{{uuid()}}'; 45 46 return induceRequest(t, makeRequestURL(key, ['httpOrigin'])) 47 .then(() => retrieve(key)) 48 .then((headers) => { 49 assert_not_own_property(headers, 'sec-fetch-site'); 50 }); 51 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 52 53 promise_test((t) => { 54 const key = '{{uuid()}}'; 55 56 return induceRequest(t, makeRequestURL(key, ['httpSameSite'])) 57 .then(() => retrieve(key)) 58 .then((headers) => { 59 assert_not_own_property(headers, 'sec-fetch-site'); 60 }); 61 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 62 63 promise_test((t) => { 64 const key = '{{uuid()}}'; 65 66 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'])) 67 .then(() => retrieve(key)) 68 .then((headers) => { 69 assert_not_own_property(headers, 'sec-fetch-site'); 70 }); 71 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 72 73 promise_test((t) => { 74 const key = '{{uuid()}}'; 75 76 return induceRequest(t, makeRequestURL(key, ['httpOrigin'])) 77 .then(() => retrieve(key)) 78 .then((headers) => { 79 assert_not_own_property(headers, 'sec-fetch-mode'); 80 }); 81 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 82 83 promise_test((t) => { 84 const key = '{{uuid()}}'; 85 86 return induceRequest(t, makeRequestURL(key, ['httpSameSite'])) 87 .then(() => retrieve(key)) 88 .then((headers) => { 89 assert_not_own_property(headers, 'sec-fetch-mode'); 90 }); 91 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 92 93 promise_test((t) => { 94 const key = '{{uuid()}}'; 95 96 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'])) 97 .then(() => retrieve(key)) 98 .then((headers) => { 99 assert_not_own_property(headers, 'sec-fetch-mode'); 100 }); 101 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 102 103 promise_test((t) => { 104 const key = '{{uuid()}}'; 105 106 return induceRequest(t, makeRequestURL(key, ['httpOrigin'])) 107 .then(() => retrieve(key)) 108 .then((headers) => { 109 assert_not_own_property(headers, 'sec-fetch-dest'); 110 }); 111 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 112 113 promise_test((t) => { 114 const key = '{{uuid()}}'; 115 116 return induceRequest(t, makeRequestURL(key, ['httpSameSite'])) 117 .then(() => retrieve(key)) 118 .then((headers) => { 119 assert_not_own_property(headers, 'sec-fetch-dest'); 120 }); 121 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 122 123 promise_test((t) => { 124 const key = '{{uuid()}}'; 125 126 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'])) 127 .then(() => retrieve(key)) 128 .then((headers) => { 129 assert_not_own_property(headers, 'sec-fetch-dest'); 130 }); 131 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 132 133 promise_test((t) => { 134 const key = '{{uuid()}}'; 135 136 return induceRequest(t, makeRequestURL(key, ['httpOrigin'])) 137 .then(() => retrieve(key)) 138 .then((headers) => { 139 assert_not_own_property(headers, 'sec-fetch-user'); 140 }); 141 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 142 143 promise_test((t) => { 144 const key = '{{uuid()}}'; 145 146 return induceRequest(t, makeRequestURL(key, ['httpSameSite'])) 147 .then(() => retrieve(key)) 148 .then((headers) => { 149 assert_not_own_property(headers, 'sec-fetch-user'); 150 }); 151 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 152 153 promise_test((t) => { 154 const key = '{{uuid()}}'; 155 156 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'])) 157 .then(() => retrieve(key)) 158 .then((headers) => { 159 assert_not_own_property(headers, 'sec-fetch-user'); 160 }); 161 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 162 163 promise_test((t) => { 164 const key = '{{uuid()}}'; 165 166 return induceRequest(t, makeRequestURL(key, ['httpOrigin'])) 167 .then(() => retrieve(key)) 168 .then((headers) => { 169 assert_not_own_property(headers, 'sec-fetch-storage-access'); 170 }); 171 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 172 173 promise_test((t) => { 174 const key = '{{uuid()}}'; 175 176 return induceRequest(t, makeRequestURL(key, ['httpSameSite'])) 177 .then(() => retrieve(key)) 178 .then((headers) => { 179 assert_not_own_property(headers, 'sec-fetch-storage-access'); 180 }); 181 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 182 183 promise_test((t) => { 184 const key = '{{uuid()}}'; 185 186 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'])) 187 .then(() => retrieve(key)) 188 .then((headers) => { 189 assert_not_own_property(headers, 'sec-fetch-storage-access'); 190 }); 191 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 192 193 promise_test((t) => { 194 const key = '{{uuid()}}'; 195 196 return induceRequest(t, makeRequestURL(key, ['httpsOrigin', 'httpOrigin'])) 197 .then(() => retrieve(key)) 198 .then((headers) => { 199 assert_not_own_property(headers, 'sec-fetch-site'); 200 }); 201 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 202 203 promise_test((t) => { 204 const key = '{{uuid()}}'; 205 206 return induceRequest(t, makeRequestURL(key, ['httpOrigin', 'httpsOrigin'])) 207 .then(() => retrieve(key)) 208 .then((headers) => { 209 assert_own_property(headers, 'sec-fetch-site'); 210 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 211 }); 212 }, 'sec-fetch-site - HTTPS upgrade'); 213 214 promise_test((t) => { 215 const key = '{{uuid()}}'; 216 217 return induceRequest(t, makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'])) 218 .then(() => retrieve(key)) 219 .then((headers) => { 220 assert_own_property(headers, 'sec-fetch-site'); 221 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 222 }); 223 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 224 </script> 225 </body> 226 </html>