css-images.sub.tentative.html (43844B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/css-images.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for CSS image-accepting properties</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/fetch/metadata/resources/helper.sub.js"></script> 15 <body> 16 <script> 17 'use strict'; 18 19 /** 20 * The subtests in this file use an iframe to induce requests for CSS 21 * resources because an iframe's `onload` event is the most direct and 22 * generic mechanism to detect loading of CSS resources. As an optimization, 23 * the subtests share the same iframe and document. 24 */ 25 const declarations = []; 26 const iframe = document.createElement('iframe'); 27 const whenIframeReady = new Promise((resolve, reject) => { 28 iframe.onload = resolve; 29 iframe.onerror = reject; 30 }); 31 32 async_test((t) => { 33 const key = '{{uuid()}}'; 34 const url = makeRequestURL(key, ['httpOrigin']); 35 36 declarations.push(`background-image: url("${url}");`); 37 38 whenIframeReady 39 .then(() => retrieve(key)) 40 .then((headers) => { 41 assert_not_own_property(headers, 'sec-fetch-site'); 42 }) 43 .then(t.step_func_done(), (error) => t.unreached_func()); 44 }, 'background-image sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 45 46 async_test((t) => { 47 const key = '{{uuid()}}'; 48 const url = makeRequestURL(key, ['httpOrigin']); 49 50 declarations.push(`border-image: url("${url}");`); 51 52 whenIframeReady 53 .then(() => retrieve(key)) 54 .then((headers) => { 55 assert_not_own_property(headers, 'sec-fetch-site'); 56 }) 57 .then(t.step_func_done(), t.unreached_func()); 58 }, 'border-image sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 59 60 async_test((t) => { 61 const key = '{{uuid()}}'; 62 const url = makeRequestURL(key, ['httpOrigin']); 63 64 declarations.push(`content: url("${url}");`); 65 66 whenIframeReady 67 .then(() => retrieve(key)) 68 .then((headers) => { 69 assert_not_own_property(headers, 'sec-fetch-site'); 70 }) 71 .then(t.step_func_done(), t.unreached_func()); 72 }, 'content sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 73 74 async_test((t) => { 75 const key = '{{uuid()}}'; 76 const url = makeRequestURL(key, ['httpOrigin']); 77 78 declarations.push(`cursor: url("${url}"), auto;`); 79 80 whenIframeReady 81 .then(() => retrieve(key)) 82 .then((headers) => { 83 assert_not_own_property(headers, 'sec-fetch-site'); 84 }) 85 .then(t.step_func_done(), t.unreached_func()); 86 }, 'cursor sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 87 88 async_test((t) => { 89 const key = '{{uuid()}}'; 90 const url = makeRequestURL(key, ['httpOrigin']); 91 92 declarations.push(`list-style-image: url("${url}");`); 93 94 whenIframeReady 95 .then(() => retrieve(key)) 96 .then((headers) => { 97 assert_not_own_property(headers, 'sec-fetch-site'); 98 }) 99 .then(t.step_func_done(), t.unreached_func()); 100 }, 'list-style-image sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 101 102 async_test((t) => { 103 const key = '{{uuid()}}'; 104 const url = makeRequestURL(key, ['httpSameSite']); 105 106 declarations.push(`background-image: url("${url}");`); 107 108 whenIframeReady 109 .then(() => retrieve(key)) 110 .then((headers) => { 111 assert_not_own_property(headers, 'sec-fetch-site'); 112 }) 113 .then(t.step_func_done(), (error) => t.unreached_func()); 114 }, 'background-image sec-fetch-site - Not sent to non-trustworthy same-site destination'); 115 116 async_test((t) => { 117 const key = '{{uuid()}}'; 118 const url = makeRequestURL(key, ['httpSameSite']); 119 120 declarations.push(`border-image: url("${url}");`); 121 122 whenIframeReady 123 .then(() => retrieve(key)) 124 .then((headers) => { 125 assert_not_own_property(headers, 'sec-fetch-site'); 126 }) 127 .then(t.step_func_done(), t.unreached_func()); 128 }, 'border-image sec-fetch-site - Not sent to non-trustworthy same-site destination'); 129 130 async_test((t) => { 131 const key = '{{uuid()}}'; 132 const url = makeRequestURL(key, ['httpSameSite']); 133 134 declarations.push(`content: url("${url}");`); 135 136 whenIframeReady 137 .then(() => retrieve(key)) 138 .then((headers) => { 139 assert_not_own_property(headers, 'sec-fetch-site'); 140 }) 141 .then(t.step_func_done(), t.unreached_func()); 142 }, 'content sec-fetch-site - Not sent to non-trustworthy same-site destination'); 143 144 async_test((t) => { 145 const key = '{{uuid()}}'; 146 const url = makeRequestURL(key, ['httpSameSite']); 147 148 declarations.push(`cursor: url("${url}"), auto;`); 149 150 whenIframeReady 151 .then(() => retrieve(key)) 152 .then((headers) => { 153 assert_not_own_property(headers, 'sec-fetch-site'); 154 }) 155 .then(t.step_func_done(), t.unreached_func()); 156 }, 'cursor sec-fetch-site - Not sent to non-trustworthy same-site destination'); 157 158 async_test((t) => { 159 const key = '{{uuid()}}'; 160 const url = makeRequestURL(key, ['httpSameSite']); 161 162 declarations.push(`list-style-image: url("${url}");`); 163 164 whenIframeReady 165 .then(() => retrieve(key)) 166 .then((headers) => { 167 assert_not_own_property(headers, 'sec-fetch-site'); 168 }) 169 .then(t.step_func_done(), t.unreached_func()); 170 }, 'list-style-image sec-fetch-site - Not sent to non-trustworthy same-site destination'); 171 172 async_test((t) => { 173 const key = '{{uuid()}}'; 174 const url = makeRequestURL(key, ['httpCrossSite']); 175 176 declarations.push(`background-image: url("${url}");`); 177 178 whenIframeReady 179 .then(() => retrieve(key)) 180 .then((headers) => { 181 assert_not_own_property(headers, 'sec-fetch-site'); 182 }) 183 .then(t.step_func_done(), (error) => t.unreached_func()); 184 }, 'background-image sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 185 186 async_test((t) => { 187 const key = '{{uuid()}}'; 188 const url = makeRequestURL(key, ['httpCrossSite']); 189 190 declarations.push(`border-image: url("${url}");`); 191 192 whenIframeReady 193 .then(() => retrieve(key)) 194 .then((headers) => { 195 assert_not_own_property(headers, 'sec-fetch-site'); 196 }) 197 .then(t.step_func_done(), t.unreached_func()); 198 }, 'border-image sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 199 200 async_test((t) => { 201 const key = '{{uuid()}}'; 202 const url = makeRequestURL(key, ['httpCrossSite']); 203 204 declarations.push(`content: url("${url}");`); 205 206 whenIframeReady 207 .then(() => retrieve(key)) 208 .then((headers) => { 209 assert_not_own_property(headers, 'sec-fetch-site'); 210 }) 211 .then(t.step_func_done(), t.unreached_func()); 212 }, 'content sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 213 214 async_test((t) => { 215 const key = '{{uuid()}}'; 216 const url = makeRequestURL(key, ['httpCrossSite']); 217 218 declarations.push(`cursor: url("${url}"), auto;`); 219 220 whenIframeReady 221 .then(() => retrieve(key)) 222 .then((headers) => { 223 assert_not_own_property(headers, 'sec-fetch-site'); 224 }) 225 .then(t.step_func_done(), t.unreached_func()); 226 }, 'cursor sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 227 228 async_test((t) => { 229 const key = '{{uuid()}}'; 230 const url = makeRequestURL(key, ['httpCrossSite']); 231 232 declarations.push(`list-style-image: url("${url}");`); 233 234 whenIframeReady 235 .then(() => retrieve(key)) 236 .then((headers) => { 237 assert_not_own_property(headers, 'sec-fetch-site'); 238 }) 239 .then(t.step_func_done(), t.unreached_func()); 240 }, 'list-style-image sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 241 242 async_test((t) => { 243 const key = '{{uuid()}}'; 244 const url = makeRequestURL(key, ['httpOrigin']); 245 246 declarations.push(`background-image: url("${url}");`); 247 248 whenIframeReady 249 .then(() => retrieve(key)) 250 .then((headers) => { 251 assert_not_own_property(headers, 'sec-fetch-mode'); 252 }) 253 .then(t.step_func_done(), (error) => t.unreached_func()); 254 }, 'background-image sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 255 256 async_test((t) => { 257 const key = '{{uuid()}}'; 258 const url = makeRequestURL(key, ['httpOrigin']); 259 260 declarations.push(`border-image: url("${url}");`); 261 262 whenIframeReady 263 .then(() => retrieve(key)) 264 .then((headers) => { 265 assert_not_own_property(headers, 'sec-fetch-mode'); 266 }) 267 .then(t.step_func_done(), t.unreached_func()); 268 }, 'border-image sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 269 270 async_test((t) => { 271 const key = '{{uuid()}}'; 272 const url = makeRequestURL(key, ['httpOrigin']); 273 274 declarations.push(`content: url("${url}");`); 275 276 whenIframeReady 277 .then(() => retrieve(key)) 278 .then((headers) => { 279 assert_not_own_property(headers, 'sec-fetch-mode'); 280 }) 281 .then(t.step_func_done(), t.unreached_func()); 282 }, 'content sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 283 284 async_test((t) => { 285 const key = '{{uuid()}}'; 286 const url = makeRequestURL(key, ['httpOrigin']); 287 288 declarations.push(`cursor: url("${url}"), auto;`); 289 290 whenIframeReady 291 .then(() => retrieve(key)) 292 .then((headers) => { 293 assert_not_own_property(headers, 'sec-fetch-mode'); 294 }) 295 .then(t.step_func_done(), t.unreached_func()); 296 }, 'cursor sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 297 298 async_test((t) => { 299 const key = '{{uuid()}}'; 300 const url = makeRequestURL(key, ['httpOrigin']); 301 302 declarations.push(`list-style-image: url("${url}");`); 303 304 whenIframeReady 305 .then(() => retrieve(key)) 306 .then((headers) => { 307 assert_not_own_property(headers, 'sec-fetch-mode'); 308 }) 309 .then(t.step_func_done(), t.unreached_func()); 310 }, 'list-style-image sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 311 312 async_test((t) => { 313 const key = '{{uuid()}}'; 314 const url = makeRequestURL(key, ['httpSameSite']); 315 316 declarations.push(`background-image: url("${url}");`); 317 318 whenIframeReady 319 .then(() => retrieve(key)) 320 .then((headers) => { 321 assert_not_own_property(headers, 'sec-fetch-mode'); 322 }) 323 .then(t.step_func_done(), (error) => t.unreached_func()); 324 }, 'background-image sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 325 326 async_test((t) => { 327 const key = '{{uuid()}}'; 328 const url = makeRequestURL(key, ['httpSameSite']); 329 330 declarations.push(`border-image: url("${url}");`); 331 332 whenIframeReady 333 .then(() => retrieve(key)) 334 .then((headers) => { 335 assert_not_own_property(headers, 'sec-fetch-mode'); 336 }) 337 .then(t.step_func_done(), t.unreached_func()); 338 }, 'border-image sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 339 340 async_test((t) => { 341 const key = '{{uuid()}}'; 342 const url = makeRequestURL(key, ['httpSameSite']); 343 344 declarations.push(`content: url("${url}");`); 345 346 whenIframeReady 347 .then(() => retrieve(key)) 348 .then((headers) => { 349 assert_not_own_property(headers, 'sec-fetch-mode'); 350 }) 351 .then(t.step_func_done(), t.unreached_func()); 352 }, 'content sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 353 354 async_test((t) => { 355 const key = '{{uuid()}}'; 356 const url = makeRequestURL(key, ['httpSameSite']); 357 358 declarations.push(`cursor: url("${url}"), auto;`); 359 360 whenIframeReady 361 .then(() => retrieve(key)) 362 .then((headers) => { 363 assert_not_own_property(headers, 'sec-fetch-mode'); 364 }) 365 .then(t.step_func_done(), t.unreached_func()); 366 }, 'cursor sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 367 368 async_test((t) => { 369 const key = '{{uuid()}}'; 370 const url = makeRequestURL(key, ['httpSameSite']); 371 372 declarations.push(`list-style-image: url("${url}");`); 373 374 whenIframeReady 375 .then(() => retrieve(key)) 376 .then((headers) => { 377 assert_not_own_property(headers, 'sec-fetch-mode'); 378 }) 379 .then(t.step_func_done(), t.unreached_func()); 380 }, 'list-style-image sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 381 382 async_test((t) => { 383 const key = '{{uuid()}}'; 384 const url = makeRequestURL(key, ['httpCrossSite']); 385 386 declarations.push(`background-image: url("${url}");`); 387 388 whenIframeReady 389 .then(() => retrieve(key)) 390 .then((headers) => { 391 assert_not_own_property(headers, 'sec-fetch-mode'); 392 }) 393 .then(t.step_func_done(), (error) => t.unreached_func()); 394 }, 'background-image sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 395 396 async_test((t) => { 397 const key = '{{uuid()}}'; 398 const url = makeRequestURL(key, ['httpCrossSite']); 399 400 declarations.push(`border-image: url("${url}");`); 401 402 whenIframeReady 403 .then(() => retrieve(key)) 404 .then((headers) => { 405 assert_not_own_property(headers, 'sec-fetch-mode'); 406 }) 407 .then(t.step_func_done(), t.unreached_func()); 408 }, 'border-image sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 409 410 async_test((t) => { 411 const key = '{{uuid()}}'; 412 const url = makeRequestURL(key, ['httpCrossSite']); 413 414 declarations.push(`content: url("${url}");`); 415 416 whenIframeReady 417 .then(() => retrieve(key)) 418 .then((headers) => { 419 assert_not_own_property(headers, 'sec-fetch-mode'); 420 }) 421 .then(t.step_func_done(), t.unreached_func()); 422 }, 'content sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 423 424 async_test((t) => { 425 const key = '{{uuid()}}'; 426 const url = makeRequestURL(key, ['httpCrossSite']); 427 428 declarations.push(`cursor: url("${url}"), auto;`); 429 430 whenIframeReady 431 .then(() => retrieve(key)) 432 .then((headers) => { 433 assert_not_own_property(headers, 'sec-fetch-mode'); 434 }) 435 .then(t.step_func_done(), t.unreached_func()); 436 }, 'cursor sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 437 438 async_test((t) => { 439 const key = '{{uuid()}}'; 440 const url = makeRequestURL(key, ['httpCrossSite']); 441 442 declarations.push(`list-style-image: url("${url}");`); 443 444 whenIframeReady 445 .then(() => retrieve(key)) 446 .then((headers) => { 447 assert_not_own_property(headers, 'sec-fetch-mode'); 448 }) 449 .then(t.step_func_done(), t.unreached_func()); 450 }, 'list-style-image sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 451 452 async_test((t) => { 453 const key = '{{uuid()}}'; 454 const url = makeRequestURL(key, ['httpOrigin']); 455 456 declarations.push(`background-image: url("${url}");`); 457 458 whenIframeReady 459 .then(() => retrieve(key)) 460 .then((headers) => { 461 assert_not_own_property(headers, 'sec-fetch-dest'); 462 }) 463 .then(t.step_func_done(), (error) => t.unreached_func()); 464 }, 'background-image sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 465 466 async_test((t) => { 467 const key = '{{uuid()}}'; 468 const url = makeRequestURL(key, ['httpOrigin']); 469 470 declarations.push(`border-image: url("${url}");`); 471 472 whenIframeReady 473 .then(() => retrieve(key)) 474 .then((headers) => { 475 assert_not_own_property(headers, 'sec-fetch-dest'); 476 }) 477 .then(t.step_func_done(), t.unreached_func()); 478 }, 'border-image sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 479 480 async_test((t) => { 481 const key = '{{uuid()}}'; 482 const url = makeRequestURL(key, ['httpOrigin']); 483 484 declarations.push(`content: url("${url}");`); 485 486 whenIframeReady 487 .then(() => retrieve(key)) 488 .then((headers) => { 489 assert_not_own_property(headers, 'sec-fetch-dest'); 490 }) 491 .then(t.step_func_done(), t.unreached_func()); 492 }, 'content sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 493 494 async_test((t) => { 495 const key = '{{uuid()}}'; 496 const url = makeRequestURL(key, ['httpOrigin']); 497 498 declarations.push(`cursor: url("${url}"), auto;`); 499 500 whenIframeReady 501 .then(() => retrieve(key)) 502 .then((headers) => { 503 assert_not_own_property(headers, 'sec-fetch-dest'); 504 }) 505 .then(t.step_func_done(), t.unreached_func()); 506 }, 'cursor sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 507 508 async_test((t) => { 509 const key = '{{uuid()}}'; 510 const url = makeRequestURL(key, ['httpOrigin']); 511 512 declarations.push(`list-style-image: url("${url}");`); 513 514 whenIframeReady 515 .then(() => retrieve(key)) 516 .then((headers) => { 517 assert_not_own_property(headers, 'sec-fetch-dest'); 518 }) 519 .then(t.step_func_done(), t.unreached_func()); 520 }, 'list-style-image sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 521 522 async_test((t) => { 523 const key = '{{uuid()}}'; 524 const url = makeRequestURL(key, ['httpSameSite']); 525 526 declarations.push(`background-image: url("${url}");`); 527 528 whenIframeReady 529 .then(() => retrieve(key)) 530 .then((headers) => { 531 assert_not_own_property(headers, 'sec-fetch-dest'); 532 }) 533 .then(t.step_func_done(), (error) => t.unreached_func()); 534 }, 'background-image sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 535 536 async_test((t) => { 537 const key = '{{uuid()}}'; 538 const url = makeRequestURL(key, ['httpSameSite']); 539 540 declarations.push(`border-image: url("${url}");`); 541 542 whenIframeReady 543 .then(() => retrieve(key)) 544 .then((headers) => { 545 assert_not_own_property(headers, 'sec-fetch-dest'); 546 }) 547 .then(t.step_func_done(), t.unreached_func()); 548 }, 'border-image sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 549 550 async_test((t) => { 551 const key = '{{uuid()}}'; 552 const url = makeRequestURL(key, ['httpSameSite']); 553 554 declarations.push(`content: url("${url}");`); 555 556 whenIframeReady 557 .then(() => retrieve(key)) 558 .then((headers) => { 559 assert_not_own_property(headers, 'sec-fetch-dest'); 560 }) 561 .then(t.step_func_done(), t.unreached_func()); 562 }, 'content sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 563 564 async_test((t) => { 565 const key = '{{uuid()}}'; 566 const url = makeRequestURL(key, ['httpSameSite']); 567 568 declarations.push(`cursor: url("${url}"), auto;`); 569 570 whenIframeReady 571 .then(() => retrieve(key)) 572 .then((headers) => { 573 assert_not_own_property(headers, 'sec-fetch-dest'); 574 }) 575 .then(t.step_func_done(), t.unreached_func()); 576 }, 'cursor sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 577 578 async_test((t) => { 579 const key = '{{uuid()}}'; 580 const url = makeRequestURL(key, ['httpSameSite']); 581 582 declarations.push(`list-style-image: url("${url}");`); 583 584 whenIframeReady 585 .then(() => retrieve(key)) 586 .then((headers) => { 587 assert_not_own_property(headers, 'sec-fetch-dest'); 588 }) 589 .then(t.step_func_done(), t.unreached_func()); 590 }, 'list-style-image sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 591 592 async_test((t) => { 593 const key = '{{uuid()}}'; 594 const url = makeRequestURL(key, ['httpCrossSite']); 595 596 declarations.push(`background-image: url("${url}");`); 597 598 whenIframeReady 599 .then(() => retrieve(key)) 600 .then((headers) => { 601 assert_not_own_property(headers, 'sec-fetch-dest'); 602 }) 603 .then(t.step_func_done(), (error) => t.unreached_func()); 604 }, 'background-image sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 605 606 async_test((t) => { 607 const key = '{{uuid()}}'; 608 const url = makeRequestURL(key, ['httpCrossSite']); 609 610 declarations.push(`border-image: url("${url}");`); 611 612 whenIframeReady 613 .then(() => retrieve(key)) 614 .then((headers) => { 615 assert_not_own_property(headers, 'sec-fetch-dest'); 616 }) 617 .then(t.step_func_done(), t.unreached_func()); 618 }, 'border-image sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 619 620 async_test((t) => { 621 const key = '{{uuid()}}'; 622 const url = makeRequestURL(key, ['httpCrossSite']); 623 624 declarations.push(`content: url("${url}");`); 625 626 whenIframeReady 627 .then(() => retrieve(key)) 628 .then((headers) => { 629 assert_not_own_property(headers, 'sec-fetch-dest'); 630 }) 631 .then(t.step_func_done(), t.unreached_func()); 632 }, 'content sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 633 634 async_test((t) => { 635 const key = '{{uuid()}}'; 636 const url = makeRequestURL(key, ['httpCrossSite']); 637 638 declarations.push(`cursor: url("${url}"), auto;`); 639 640 whenIframeReady 641 .then(() => retrieve(key)) 642 .then((headers) => { 643 assert_not_own_property(headers, 'sec-fetch-dest'); 644 }) 645 .then(t.step_func_done(), t.unreached_func()); 646 }, 'cursor sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 647 648 async_test((t) => { 649 const key = '{{uuid()}}'; 650 const url = makeRequestURL(key, ['httpCrossSite']); 651 652 declarations.push(`list-style-image: url("${url}");`); 653 654 whenIframeReady 655 .then(() => retrieve(key)) 656 .then((headers) => { 657 assert_not_own_property(headers, 'sec-fetch-dest'); 658 }) 659 .then(t.step_func_done(), t.unreached_func()); 660 }, 'list-style-image sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 661 662 async_test((t) => { 663 const key = '{{uuid()}}'; 664 const url = makeRequestURL(key, ['httpOrigin']); 665 666 declarations.push(`background-image: url("${url}");`); 667 668 whenIframeReady 669 .then(() => retrieve(key)) 670 .then((headers) => { 671 assert_not_own_property(headers, 'sec-fetch-user'); 672 }) 673 .then(t.step_func_done(), (error) => t.unreached_func()); 674 }, 'background-image sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 675 676 async_test((t) => { 677 const key = '{{uuid()}}'; 678 const url = makeRequestURL(key, ['httpOrigin']); 679 680 declarations.push(`border-image: url("${url}");`); 681 682 whenIframeReady 683 .then(() => retrieve(key)) 684 .then((headers) => { 685 assert_not_own_property(headers, 'sec-fetch-user'); 686 }) 687 .then(t.step_func_done(), t.unreached_func()); 688 }, 'border-image sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 689 690 async_test((t) => { 691 const key = '{{uuid()}}'; 692 const url = makeRequestURL(key, ['httpOrigin']); 693 694 declarations.push(`content: url("${url}");`); 695 696 whenIframeReady 697 .then(() => retrieve(key)) 698 .then((headers) => { 699 assert_not_own_property(headers, 'sec-fetch-user'); 700 }) 701 .then(t.step_func_done(), t.unreached_func()); 702 }, 'content sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 703 704 async_test((t) => { 705 const key = '{{uuid()}}'; 706 const url = makeRequestURL(key, ['httpOrigin']); 707 708 declarations.push(`cursor: url("${url}"), auto;`); 709 710 whenIframeReady 711 .then(() => retrieve(key)) 712 .then((headers) => { 713 assert_not_own_property(headers, 'sec-fetch-user'); 714 }) 715 .then(t.step_func_done(), t.unreached_func()); 716 }, 'cursor sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 717 718 async_test((t) => { 719 const key = '{{uuid()}}'; 720 const url = makeRequestURL(key, ['httpOrigin']); 721 722 declarations.push(`list-style-image: url("${url}");`); 723 724 whenIframeReady 725 .then(() => retrieve(key)) 726 .then((headers) => { 727 assert_not_own_property(headers, 'sec-fetch-user'); 728 }) 729 .then(t.step_func_done(), t.unreached_func()); 730 }, 'list-style-image sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 731 732 async_test((t) => { 733 const key = '{{uuid()}}'; 734 const url = makeRequestURL(key, ['httpSameSite']); 735 736 declarations.push(`background-image: url("${url}");`); 737 738 whenIframeReady 739 .then(() => retrieve(key)) 740 .then((headers) => { 741 assert_not_own_property(headers, 'sec-fetch-user'); 742 }) 743 .then(t.step_func_done(), (error) => t.unreached_func()); 744 }, 'background-image sec-fetch-user - Not sent to non-trustworthy same-site destination'); 745 746 async_test((t) => { 747 const key = '{{uuid()}}'; 748 const url = makeRequestURL(key, ['httpSameSite']); 749 750 declarations.push(`border-image: url("${url}");`); 751 752 whenIframeReady 753 .then(() => retrieve(key)) 754 .then((headers) => { 755 assert_not_own_property(headers, 'sec-fetch-user'); 756 }) 757 .then(t.step_func_done(), t.unreached_func()); 758 }, 'border-image sec-fetch-user - Not sent to non-trustworthy same-site destination'); 759 760 async_test((t) => { 761 const key = '{{uuid()}}'; 762 const url = makeRequestURL(key, ['httpSameSite']); 763 764 declarations.push(`content: url("${url}");`); 765 766 whenIframeReady 767 .then(() => retrieve(key)) 768 .then((headers) => { 769 assert_not_own_property(headers, 'sec-fetch-user'); 770 }) 771 .then(t.step_func_done(), t.unreached_func()); 772 }, 'content sec-fetch-user - Not sent to non-trustworthy same-site destination'); 773 774 async_test((t) => { 775 const key = '{{uuid()}}'; 776 const url = makeRequestURL(key, ['httpSameSite']); 777 778 declarations.push(`cursor: url("${url}"), auto;`); 779 780 whenIframeReady 781 .then(() => retrieve(key)) 782 .then((headers) => { 783 assert_not_own_property(headers, 'sec-fetch-user'); 784 }) 785 .then(t.step_func_done(), t.unreached_func()); 786 }, 'cursor sec-fetch-user - Not sent to non-trustworthy same-site destination'); 787 788 async_test((t) => { 789 const key = '{{uuid()}}'; 790 const url = makeRequestURL(key, ['httpSameSite']); 791 792 declarations.push(`list-style-image: url("${url}");`); 793 794 whenIframeReady 795 .then(() => retrieve(key)) 796 .then((headers) => { 797 assert_not_own_property(headers, 'sec-fetch-user'); 798 }) 799 .then(t.step_func_done(), t.unreached_func()); 800 }, 'list-style-image sec-fetch-user - Not sent to non-trustworthy same-site destination'); 801 802 async_test((t) => { 803 const key = '{{uuid()}}'; 804 const url = makeRequestURL(key, ['httpCrossSite']); 805 806 declarations.push(`background-image: url("${url}");`); 807 808 whenIframeReady 809 .then(() => retrieve(key)) 810 .then((headers) => { 811 assert_not_own_property(headers, 'sec-fetch-user'); 812 }) 813 .then(t.step_func_done(), (error) => t.unreached_func()); 814 }, 'background-image sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 815 816 async_test((t) => { 817 const key = '{{uuid()}}'; 818 const url = makeRequestURL(key, ['httpCrossSite']); 819 820 declarations.push(`border-image: url("${url}");`); 821 822 whenIframeReady 823 .then(() => retrieve(key)) 824 .then((headers) => { 825 assert_not_own_property(headers, 'sec-fetch-user'); 826 }) 827 .then(t.step_func_done(), t.unreached_func()); 828 }, 'border-image sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 829 830 async_test((t) => { 831 const key = '{{uuid()}}'; 832 const url = makeRequestURL(key, ['httpCrossSite']); 833 834 declarations.push(`content: url("${url}");`); 835 836 whenIframeReady 837 .then(() => retrieve(key)) 838 .then((headers) => { 839 assert_not_own_property(headers, 'sec-fetch-user'); 840 }) 841 .then(t.step_func_done(), t.unreached_func()); 842 }, 'content sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 843 844 async_test((t) => { 845 const key = '{{uuid()}}'; 846 const url = makeRequestURL(key, ['httpCrossSite']); 847 848 declarations.push(`cursor: url("${url}"), auto;`); 849 850 whenIframeReady 851 .then(() => retrieve(key)) 852 .then((headers) => { 853 assert_not_own_property(headers, 'sec-fetch-user'); 854 }) 855 .then(t.step_func_done(), t.unreached_func()); 856 }, 'cursor sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 857 858 async_test((t) => { 859 const key = '{{uuid()}}'; 860 const url = makeRequestURL(key, ['httpCrossSite']); 861 862 declarations.push(`list-style-image: url("${url}");`); 863 864 whenIframeReady 865 .then(() => retrieve(key)) 866 .then((headers) => { 867 assert_not_own_property(headers, 'sec-fetch-user'); 868 }) 869 .then(t.step_func_done(), t.unreached_func()); 870 }, 'list-style-image sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 871 872 async_test((t) => { 873 const key = '{{uuid()}}'; 874 const url = makeRequestURL(key, ['httpOrigin']); 875 876 declarations.push(`background-image: url("${url}");`); 877 878 whenIframeReady 879 .then(() => retrieve(key)) 880 .then((headers) => { 881 assert_not_own_property(headers, 'sec-fetch-storage-access'); 882 }) 883 .then(t.step_func_done(), (error) => t.unreached_func()); 884 }, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 885 886 async_test((t) => { 887 const key = '{{uuid()}}'; 888 const url = makeRequestURL(key, ['httpOrigin']); 889 890 declarations.push(`border-image: url("${url}");`); 891 892 whenIframeReady 893 .then(() => retrieve(key)) 894 .then((headers) => { 895 assert_not_own_property(headers, 'sec-fetch-storage-access'); 896 }) 897 .then(t.step_func_done(), t.unreached_func()); 898 }, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 899 900 async_test((t) => { 901 const key = '{{uuid()}}'; 902 const url = makeRequestURL(key, ['httpOrigin']); 903 904 declarations.push(`content: url("${url}");`); 905 906 whenIframeReady 907 .then(() => retrieve(key)) 908 .then((headers) => { 909 assert_not_own_property(headers, 'sec-fetch-storage-access'); 910 }) 911 .then(t.step_func_done(), t.unreached_func()); 912 }, 'content sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 913 914 async_test((t) => { 915 const key = '{{uuid()}}'; 916 const url = makeRequestURL(key, ['httpOrigin']); 917 918 declarations.push(`cursor: url("${url}"), auto;`); 919 920 whenIframeReady 921 .then(() => retrieve(key)) 922 .then((headers) => { 923 assert_not_own_property(headers, 'sec-fetch-storage-access'); 924 }) 925 .then(t.step_func_done(), t.unreached_func()); 926 }, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 927 928 async_test((t) => { 929 const key = '{{uuid()}}'; 930 const url = makeRequestURL(key, ['httpOrigin']); 931 932 declarations.push(`list-style-image: url("${url}");`); 933 934 whenIframeReady 935 .then(() => retrieve(key)) 936 .then((headers) => { 937 assert_not_own_property(headers, 'sec-fetch-storage-access'); 938 }) 939 .then(t.step_func_done(), t.unreached_func()); 940 }, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 941 942 async_test((t) => { 943 const key = '{{uuid()}}'; 944 const url = makeRequestURL(key, ['httpSameSite']); 945 946 declarations.push(`background-image: url("${url}");`); 947 948 whenIframeReady 949 .then(() => retrieve(key)) 950 .then((headers) => { 951 assert_not_own_property(headers, 'sec-fetch-storage-access'); 952 }) 953 .then(t.step_func_done(), (error) => t.unreached_func()); 954 }, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 955 956 async_test((t) => { 957 const key = '{{uuid()}}'; 958 const url = makeRequestURL(key, ['httpSameSite']); 959 960 declarations.push(`border-image: url("${url}");`); 961 962 whenIframeReady 963 .then(() => retrieve(key)) 964 .then((headers) => { 965 assert_not_own_property(headers, 'sec-fetch-storage-access'); 966 }) 967 .then(t.step_func_done(), t.unreached_func()); 968 }, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 969 970 async_test((t) => { 971 const key = '{{uuid()}}'; 972 const url = makeRequestURL(key, ['httpSameSite']); 973 974 declarations.push(`content: url("${url}");`); 975 976 whenIframeReady 977 .then(() => retrieve(key)) 978 .then((headers) => { 979 assert_not_own_property(headers, 'sec-fetch-storage-access'); 980 }) 981 .then(t.step_func_done(), t.unreached_func()); 982 }, 'content sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 983 984 async_test((t) => { 985 const key = '{{uuid()}}'; 986 const url = makeRequestURL(key, ['httpSameSite']); 987 988 declarations.push(`cursor: url("${url}"), auto;`); 989 990 whenIframeReady 991 .then(() => retrieve(key)) 992 .then((headers) => { 993 assert_not_own_property(headers, 'sec-fetch-storage-access'); 994 }) 995 .then(t.step_func_done(), t.unreached_func()); 996 }, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 997 998 async_test((t) => { 999 const key = '{{uuid()}}'; 1000 const url = makeRequestURL(key, ['httpSameSite']); 1001 1002 declarations.push(`list-style-image: url("${url}");`); 1003 1004 whenIframeReady 1005 .then(() => retrieve(key)) 1006 .then((headers) => { 1007 assert_not_own_property(headers, 'sec-fetch-storage-access'); 1008 }) 1009 .then(t.step_func_done(), t.unreached_func()); 1010 }, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 1011 1012 async_test((t) => { 1013 const key = '{{uuid()}}'; 1014 const url = makeRequestURL(key, ['httpCrossSite']); 1015 1016 declarations.push(`background-image: url("${url}");`); 1017 1018 whenIframeReady 1019 .then(() => retrieve(key)) 1020 .then((headers) => { 1021 assert_not_own_property(headers, 'sec-fetch-storage-access'); 1022 }) 1023 .then(t.step_func_done(), (error) => t.unreached_func()); 1024 }, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 1025 1026 async_test((t) => { 1027 const key = '{{uuid()}}'; 1028 const url = makeRequestURL(key, ['httpCrossSite']); 1029 1030 declarations.push(`border-image: url("${url}");`); 1031 1032 whenIframeReady 1033 .then(() => retrieve(key)) 1034 .then((headers) => { 1035 assert_not_own_property(headers, 'sec-fetch-storage-access'); 1036 }) 1037 .then(t.step_func_done(), t.unreached_func()); 1038 }, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 1039 1040 async_test((t) => { 1041 const key = '{{uuid()}}'; 1042 const url = makeRequestURL(key, ['httpCrossSite']); 1043 1044 declarations.push(`content: url("${url}");`); 1045 1046 whenIframeReady 1047 .then(() => retrieve(key)) 1048 .then((headers) => { 1049 assert_not_own_property(headers, 'sec-fetch-storage-access'); 1050 }) 1051 .then(t.step_func_done(), t.unreached_func()); 1052 }, 'content sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 1053 1054 async_test((t) => { 1055 const key = '{{uuid()}}'; 1056 const url = makeRequestURL(key, ['httpCrossSite']); 1057 1058 declarations.push(`cursor: url("${url}"), auto;`); 1059 1060 whenIframeReady 1061 .then(() => retrieve(key)) 1062 .then((headers) => { 1063 assert_not_own_property(headers, 'sec-fetch-storage-access'); 1064 }) 1065 .then(t.step_func_done(), t.unreached_func()); 1066 }, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 1067 1068 async_test((t) => { 1069 const key = '{{uuid()}}'; 1070 const url = makeRequestURL(key, ['httpCrossSite']); 1071 1072 declarations.push(`list-style-image: url("${url}");`); 1073 1074 whenIframeReady 1075 .then(() => retrieve(key)) 1076 .then((headers) => { 1077 assert_not_own_property(headers, 'sec-fetch-storage-access'); 1078 }) 1079 .then(t.step_func_done(), t.unreached_func()); 1080 }, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 1081 1082 async_test((t) => { 1083 const key = '{{uuid()}}'; 1084 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']); 1085 1086 declarations.push(`background-image: url("${url}");`); 1087 1088 whenIframeReady 1089 .then(() => retrieve(key)) 1090 .then((headers) => { 1091 assert_not_own_property(headers, 'sec-fetch-site'); 1092 }) 1093 .then(t.step_func_done(), (error) => t.unreached_func()); 1094 }, 'background-image sec-fetch-site - HTTPS downgrade (header not sent)'); 1095 1096 async_test((t) => { 1097 const key = '{{uuid()}}'; 1098 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']); 1099 1100 declarations.push(`border-image: url("${url}");`); 1101 1102 whenIframeReady 1103 .then(() => retrieve(key)) 1104 .then((headers) => { 1105 assert_not_own_property(headers, 'sec-fetch-site'); 1106 }) 1107 .then(t.step_func_done(), t.unreached_func()); 1108 }, 'border-image sec-fetch-site - HTTPS downgrade (header not sent)'); 1109 1110 async_test((t) => { 1111 const key = '{{uuid()}}'; 1112 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']); 1113 1114 declarations.push(`content: url("${url}");`); 1115 1116 whenIframeReady 1117 .then(() => retrieve(key)) 1118 .then((headers) => { 1119 assert_not_own_property(headers, 'sec-fetch-site'); 1120 }) 1121 .then(t.step_func_done(), t.unreached_func()); 1122 }, 'content sec-fetch-site - HTTPS downgrade (header not sent)'); 1123 1124 async_test((t) => { 1125 const key = '{{uuid()}}'; 1126 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']); 1127 1128 declarations.push(`cursor: url("${url}"), auto;`); 1129 1130 whenIframeReady 1131 .then(() => retrieve(key)) 1132 .then((headers) => { 1133 assert_not_own_property(headers, 'sec-fetch-site'); 1134 }) 1135 .then(t.step_func_done(), t.unreached_func()); 1136 }, 'cursor sec-fetch-site - HTTPS downgrade (header not sent)'); 1137 1138 async_test((t) => { 1139 const key = '{{uuid()}}'; 1140 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']); 1141 1142 declarations.push(`list-style-image: url("${url}");`); 1143 1144 whenIframeReady 1145 .then(() => retrieve(key)) 1146 .then((headers) => { 1147 assert_not_own_property(headers, 'sec-fetch-site'); 1148 }) 1149 .then(t.step_func_done(), t.unreached_func()); 1150 }, 'list-style-image sec-fetch-site - HTTPS downgrade (header not sent)'); 1151 1152 async_test((t) => { 1153 const key = '{{uuid()}}'; 1154 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']); 1155 1156 declarations.push(`background-image: url("${url}");`); 1157 1158 whenIframeReady 1159 .then(() => retrieve(key)) 1160 .then((headers) => { 1161 assert_own_property(headers, 'sec-fetch-site'); 1162 assert_equals(headers['sec-fetch-site'], 'cross-site'); 1163 }) 1164 .then(t.step_func_done(), (error) => t.unreached_func()); 1165 }, 'background-image sec-fetch-site - HTTPS upgrade'); 1166 1167 async_test((t) => { 1168 const key = '{{uuid()}}'; 1169 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']); 1170 1171 declarations.push(`border-image: url("${url}");`); 1172 1173 whenIframeReady 1174 .then(() => retrieve(key)) 1175 .then((headers) => { 1176 assert_own_property(headers, 'sec-fetch-site'); 1177 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1178 }) 1179 .then(t.step_func_done(), t.unreached_func()); 1180 }, 'border-image sec-fetch-site - HTTPS upgrade'); 1181 1182 async_test((t) => { 1183 const key = '{{uuid()}}'; 1184 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']); 1185 1186 declarations.push(`content: url("${url}");`); 1187 1188 whenIframeReady 1189 .then(() => retrieve(key)) 1190 .then((headers) => { 1191 assert_own_property(headers, 'sec-fetch-site'); 1192 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1193 }) 1194 .then(t.step_func_done(), t.unreached_func()); 1195 }, 'content sec-fetch-site - HTTPS upgrade'); 1196 1197 async_test((t) => { 1198 const key = '{{uuid()}}'; 1199 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']); 1200 1201 declarations.push(`cursor: url("${url}"), auto;`); 1202 1203 whenIframeReady 1204 .then(() => retrieve(key)) 1205 .then((headers) => { 1206 assert_own_property(headers, 'sec-fetch-site'); 1207 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1208 }) 1209 .then(t.step_func_done(), t.unreached_func()); 1210 }, 'cursor sec-fetch-site - HTTPS upgrade'); 1211 1212 async_test((t) => { 1213 const key = '{{uuid()}}'; 1214 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']); 1215 1216 declarations.push(`list-style-image: url("${url}");`); 1217 1218 whenIframeReady 1219 .then(() => retrieve(key)) 1220 .then((headers) => { 1221 assert_own_property(headers, 'sec-fetch-site'); 1222 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1223 }) 1224 .then(t.step_func_done(), t.unreached_func()); 1225 }, 'list-style-image sec-fetch-site - HTTPS upgrade'); 1226 1227 async_test((t) => { 1228 const key = '{{uuid()}}'; 1229 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']); 1230 1231 declarations.push(`background-image: url("${url}");`); 1232 1233 whenIframeReady 1234 .then(() => retrieve(key)) 1235 .then((headers) => { 1236 assert_own_property(headers, 'sec-fetch-site'); 1237 assert_equals(headers['sec-fetch-site'], 'cross-site'); 1238 }) 1239 .then(t.step_func_done(), (error) => t.unreached_func()); 1240 }, 'background-image sec-fetch-site - HTTPS downgrade-upgrade'); 1241 1242 async_test((t) => { 1243 const key = '{{uuid()}}'; 1244 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']); 1245 1246 declarations.push(`border-image: url("${url}");`); 1247 1248 whenIframeReady 1249 .then(() => retrieve(key)) 1250 .then((headers) => { 1251 assert_own_property(headers, 'sec-fetch-site'); 1252 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1253 }) 1254 .then(t.step_func_done(), t.unreached_func()); 1255 }, 'border-image sec-fetch-site - HTTPS downgrade-upgrade'); 1256 1257 async_test((t) => { 1258 const key = '{{uuid()}}'; 1259 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']); 1260 1261 declarations.push(`content: url("${url}");`); 1262 1263 whenIframeReady 1264 .then(() => retrieve(key)) 1265 .then((headers) => { 1266 assert_own_property(headers, 'sec-fetch-site'); 1267 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1268 }) 1269 .then(t.step_func_done(), t.unreached_func()); 1270 }, 'content sec-fetch-site - HTTPS downgrade-upgrade'); 1271 1272 async_test((t) => { 1273 const key = '{{uuid()}}'; 1274 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']); 1275 1276 declarations.push(`cursor: url("${url}"), auto;`); 1277 1278 whenIframeReady 1279 .then(() => retrieve(key)) 1280 .then((headers) => { 1281 assert_own_property(headers, 'sec-fetch-site'); 1282 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1283 }) 1284 .then(t.step_func_done(), t.unreached_func()); 1285 }, 'cursor sec-fetch-site - HTTPS downgrade-upgrade'); 1286 1287 async_test((t) => { 1288 const key = '{{uuid()}}'; 1289 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']); 1290 1291 declarations.push(`list-style-image: url("${url}");`); 1292 1293 whenIframeReady 1294 .then(() => retrieve(key)) 1295 .then((headers) => { 1296 assert_own_property(headers, 'sec-fetch-site'); 1297 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1298 }) 1299 .then(t.step_func_done(), t.unreached_func()); 1300 }, 'list-style-image sec-fetch-site - HTTPS downgrade-upgrade'); 1301 1302 iframe.srcdoc = declarations.map((declaration, index) => ` 1303 <style>.el${index} { ${declaration} }</style><div class="el${index}"></div>` 1304 ).join(''); 1305 document.body.appendChild(iframe); 1306 1307 </script> 1308 </body> 1309 </html>