element-a.sub.html (12477B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-a.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for HTML "a" element navigation</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/fetch/metadata/resources/helper.sub.js"></script> 15 <body> 16 <script> 17 'use strict'; 18 19 function induceRequest(url, {test, userActivated, attributes}) { 20 const win = window.open(); 21 const anchor = win.document.createElement('a'); 22 anchor.setAttribute('href', url); 23 24 for (const [ name, value ] of Object.entries(attributes)) { 25 anchor.setAttribute(name, value); 26 } 27 28 win.document.body.appendChild(anchor); 29 30 test.add_cleanup(() => win.close()); 31 32 if (userActivated) { 33 test_driver.bless('enable user activation', () => anchor.click()); 34 } else { 35 anchor.click(); 36 } 37 } 38 39 promise_test((t) => { 40 const key = '{{uuid()}}'; 41 42 induceRequest( 43 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 44 { 45 test: t, 46 userActivated: false, 47 attributes: {} 48 } 49 ); 50 51 // `induceRequest` does not necessarily trigger a navigation, so the Python 52 // handler must be polled until it has received the initial request. 53 return retrieve(key, {poll: true}) 54 .then((headers) => { 55 assert_not_own_property(headers, 'sec-fetch-site'); 56 }); 57 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination - no attributes'); 58 59 promise_test((t) => { 60 const key = '{{uuid()}}'; 61 62 induceRequest( 63 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 64 { 65 test: t, 66 userActivated: false, 67 attributes: {} 68 } 69 ); 70 71 // `induceRequest` does not necessarily trigger a navigation, so the Python 72 // handler must be polled until it has received the initial request. 73 return retrieve(key, {poll: true}) 74 .then((headers) => { 75 assert_not_own_property(headers, 'sec-fetch-site'); 76 }); 77 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination - no attributes'); 78 79 promise_test((t) => { 80 const key = '{{uuid()}}'; 81 82 induceRequest( 83 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 84 { 85 test: t, 86 userActivated: false, 87 attributes: {} 88 } 89 ); 90 91 // `induceRequest` does not necessarily trigger a navigation, so the Python 92 // handler must be polled until it has received the initial request. 93 return retrieve(key, {poll: true}) 94 .then((headers) => { 95 assert_not_own_property(headers, 'sec-fetch-site'); 96 }); 97 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination - no attributes'); 98 99 promise_test((t) => { 100 const key = '{{uuid()}}'; 101 102 induceRequest( 103 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 104 { 105 test: t, 106 userActivated: false, 107 attributes: {} 108 } 109 ); 110 111 // `induceRequest` does not necessarily trigger a navigation, so the Python 112 // handler must be polled until it has received the initial request. 113 return retrieve(key, {poll: true}) 114 .then((headers) => { 115 assert_not_own_property(headers, 'sec-fetch-mode'); 116 }); 117 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination - no attributes'); 118 119 promise_test((t) => { 120 const key = '{{uuid()}}'; 121 122 induceRequest( 123 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 124 { 125 test: t, 126 userActivated: false, 127 attributes: {} 128 } 129 ); 130 131 // `induceRequest` does not necessarily trigger a navigation, so the Python 132 // handler must be polled until it has received the initial request. 133 return retrieve(key, {poll: true}) 134 .then((headers) => { 135 assert_not_own_property(headers, 'sec-fetch-mode'); 136 }); 137 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination - no attributes'); 138 139 promise_test((t) => { 140 const key = '{{uuid()}}'; 141 142 induceRequest( 143 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 144 { 145 test: t, 146 userActivated: false, 147 attributes: {} 148 } 149 ); 150 151 // `induceRequest` does not necessarily trigger a navigation, so the Python 152 // handler must be polled until it has received the initial request. 153 return retrieve(key, {poll: true}) 154 .then((headers) => { 155 assert_not_own_property(headers, 'sec-fetch-mode'); 156 }); 157 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination - no attributes'); 158 159 promise_test((t) => { 160 const key = '{{uuid()}}'; 161 162 induceRequest( 163 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 164 { 165 test: t, 166 userActivated: false, 167 attributes: {} 168 } 169 ); 170 171 // `induceRequest` does not necessarily trigger a navigation, so the Python 172 // handler must be polled until it has received the initial request. 173 return retrieve(key, {poll: true}) 174 .then((headers) => { 175 assert_not_own_property(headers, 'sec-fetch-dest'); 176 }); 177 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination - no attributes'); 178 179 promise_test((t) => { 180 const key = '{{uuid()}}'; 181 182 induceRequest( 183 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 184 { 185 test: t, 186 userActivated: false, 187 attributes: {} 188 } 189 ); 190 191 // `induceRequest` does not necessarily trigger a navigation, so the Python 192 // handler must be polled until it has received the initial request. 193 return retrieve(key, {poll: true}) 194 .then((headers) => { 195 assert_not_own_property(headers, 'sec-fetch-dest'); 196 }); 197 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination - no attributes'); 198 199 promise_test((t) => { 200 const key = '{{uuid()}}'; 201 202 induceRequest( 203 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 204 { 205 test: t, 206 userActivated: false, 207 attributes: {} 208 } 209 ); 210 211 // `induceRequest` does not necessarily trigger a navigation, so the Python 212 // handler must be polled until it has received the initial request. 213 return retrieve(key, {poll: true}) 214 .then((headers) => { 215 assert_not_own_property(headers, 'sec-fetch-dest'); 216 }); 217 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination - no attributes'); 218 219 promise_test((t) => { 220 const key = '{{uuid()}}'; 221 222 induceRequest( 223 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 224 { 225 test: t, 226 userActivated: false, 227 attributes: {} 228 } 229 ); 230 231 // `induceRequest` does not necessarily trigger a navigation, so the Python 232 // handler must be polled until it has received the initial request. 233 return retrieve(key, {poll: true}) 234 .then((headers) => { 235 assert_not_own_property(headers, 'sec-fetch-user'); 236 }); 237 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination - no attributes'); 238 239 promise_test((t) => { 240 const key = '{{uuid()}}'; 241 242 induceRequest( 243 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 244 { 245 test: t, 246 userActivated: false, 247 attributes: {} 248 } 249 ); 250 251 // `induceRequest` does not necessarily trigger a navigation, so the Python 252 // handler must be polled until it has received the initial request. 253 return retrieve(key, {poll: true}) 254 .then((headers) => { 255 assert_not_own_property(headers, 'sec-fetch-user'); 256 }); 257 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination - no attributes'); 258 259 promise_test((t) => { 260 const key = '{{uuid()}}'; 261 262 induceRequest( 263 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 264 { 265 test: t, 266 userActivated: false, 267 attributes: {} 268 } 269 ); 270 271 // `induceRequest` does not necessarily trigger a navigation, so the Python 272 // handler must be polled until it has received the initial request. 273 return retrieve(key, {poll: true}) 274 .then((headers) => { 275 assert_not_own_property(headers, 'sec-fetch-user'); 276 }); 277 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - no attributes'); 278 279 promise_test((t) => { 280 const key = '{{uuid()}}'; 281 282 induceRequest( 283 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 284 { 285 test: t, 286 userActivated: false, 287 attributes: {} 288 } 289 ); 290 291 // `induceRequest` does not necessarily trigger a navigation, so the Python 292 // handler must be polled until it has received the initial request. 293 return retrieve(key, {poll: true}) 294 .then((headers) => { 295 assert_not_own_property(headers, 'sec-fetch-storage-access'); 296 }); 297 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - no attributes'); 298 299 promise_test((t) => { 300 const key = '{{uuid()}}'; 301 302 induceRequest( 303 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 304 { 305 test: t, 306 userActivated: false, 307 attributes: {} 308 } 309 ); 310 311 // `induceRequest` does not necessarily trigger a navigation, so the Python 312 // handler must be polled until it has received the initial request. 313 return retrieve(key, {poll: true}) 314 .then((headers) => { 315 assert_not_own_property(headers, 'sec-fetch-storage-access'); 316 }); 317 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - no attributes'); 318 319 promise_test((t) => { 320 const key = '{{uuid()}}'; 321 322 induceRequest( 323 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 324 { 325 test: t, 326 userActivated: false, 327 attributes: {} 328 } 329 ); 330 331 // `induceRequest` does not necessarily trigger a navigation, so the Python 332 // handler must be polled until it has received the initial request. 333 return retrieve(key, {poll: true}) 334 .then((headers) => { 335 assert_not_own_property(headers, 'sec-fetch-storage-access'); 336 }); 337 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - no attributes'); 338 339 promise_test((t) => { 340 const key = '{{uuid()}}'; 341 342 induceRequest( 343 makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], {mime: 'text/html'}), 344 { 345 test: t, 346 userActivated: false, 347 attributes: {} 348 } 349 ); 350 351 // `induceRequest` does not necessarily trigger a navigation, so the Python 352 // handler must be polled until it has received the initial request. 353 return retrieve(key, {poll: true}) 354 .then((headers) => { 355 assert_not_own_property(headers, 'sec-fetch-site'); 356 }); 357 }, 'sec-fetch-site - HTTPS downgrade (header not sent) - no attributes'); 358 359 promise_test((t) => { 360 const key = '{{uuid()}}'; 361 362 induceRequest( 363 makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], {mime: 'text/html'}), 364 { 365 test: t, 366 userActivated: false, 367 attributes: {} 368 } 369 ); 370 371 // `induceRequest` does not necessarily trigger a navigation, so the Python 372 // handler must be polled until it has received the initial request. 373 return retrieve(key, {poll: true}) 374 .then((headers) => { 375 assert_own_property(headers, 'sec-fetch-site'); 376 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 377 }); 378 }, 'sec-fetch-site - HTTPS upgrade - no attributes'); 379 380 promise_test((t) => { 381 const key = '{{uuid()}}'; 382 383 induceRequest( 384 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], {mime: 'text/html'}), 385 { 386 test: t, 387 userActivated: false, 388 attributes: {} 389 } 390 ); 391 392 // `induceRequest` does not necessarily trigger a navigation, so the Python 393 // handler must be polled until it has received the initial request. 394 return retrieve(key, {poll: true}) 395 .then((headers) => { 396 assert_own_property(headers, 'sec-fetch-site'); 397 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 398 }); 399 }, 'sec-fetch-site - HTTPS downgrade-upgrade - no attributes'); 400 </script> 401 </body> 402 </html>