element-iframe.https.sub.html (9870B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-iframe.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for HTML "frame" element source</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/resources/testdriver.js"></script> 14 <script src="/resources/testdriver-vendor.js"></script> 15 <script src="/fetch/metadata/resources/helper.sub.js"></script> 16 <body> 17 <script> 18 'use strict'; 19 20 function induceRequest(url, test, userActivated) { 21 const iframe = document.createElement('iframe'); 22 23 const setSrc = () => iframe.setAttribute('src', url); 24 25 document.body.appendChild(iframe); 26 test.add_cleanup(() => iframe.remove()); 27 28 return new Promise((resolve) => { 29 if (userActivated) { 30 test_driver.bless('enable user activation', setSrc); 31 } else { 32 setSrc(); 33 } 34 35 iframe.onload = iframe.onerror = resolve; 36 }); 37 } 38 39 promise_test((t) => { 40 const key = '{{uuid()}}'; 41 42 return induceRequest( 43 makeRequestURL(key, ['httpsOrigin'], {mime: 'text/html'}), 44 t, 45 false 46 ) 47 .then(() => retrieve(key)) 48 .then((headers) => { 49 assert_own_property(headers, 'sec-fetch-site'); 50 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 51 }); 52 }, 'sec-fetch-site - Same origin'); 53 54 promise_test((t) => { 55 const key = '{{uuid()}}'; 56 57 return induceRequest( 58 makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}), 59 t, 60 false 61 ) 62 .then(() => retrieve(key)) 63 .then((headers) => { 64 assert_own_property(headers, 'sec-fetch-site'); 65 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 66 }); 67 }, 'sec-fetch-site - Cross-site'); 68 69 promise_test((t) => { 70 const key = '{{uuid()}}'; 71 72 return induceRequest( 73 makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}), 74 t, 75 false 76 ) 77 .then(() => retrieve(key)) 78 .then((headers) => { 79 assert_own_property(headers, 'sec-fetch-site'); 80 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 81 }); 82 }, 'sec-fetch-site - Same site'); 83 84 promise_test((t) => { 85 const key = '{{uuid()}}'; 86 87 return induceRequest( 88 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin'], {mime: 'text/html'}), 89 t, 90 false 91 ) 92 .then(() => retrieve(key)) 93 .then((headers) => { 94 assert_own_property(headers, 'sec-fetch-site'); 95 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 96 }); 97 }, 'sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect'); 98 99 promise_test((t) => { 100 const key = '{{uuid()}}'; 101 102 return induceRequest( 103 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin'], {mime: 'text/html'}), 104 t, 105 false 106 ) 107 .then(() => retrieve(key)) 108 .then((headers) => { 109 assert_own_property(headers, 'sec-fetch-site'); 110 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 111 }); 112 }, 'sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect'); 113 114 promise_test((t) => { 115 const key = '{{uuid()}}'; 116 117 return induceRequest( 118 makeRequestURL(key, ['httpsCrossSite', 'httpsOrigin'], {mime: 'text/html'}), 119 t, 120 false 121 ) 122 .then(() => retrieve(key)) 123 .then((headers) => { 124 assert_own_property(headers, 'sec-fetch-site'); 125 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 126 }); 127 }, 'sec-fetch-site - Cross-Site -> Same Origin'); 128 129 promise_test((t) => { 130 const key = '{{uuid()}}'; 131 132 return induceRequest( 133 makeRequestURL(key, ['httpsCrossSite', 'httpsSameSite'], {mime: 'text/html'}), 134 t, 135 false 136 ) 137 .then(() => retrieve(key)) 138 .then((headers) => { 139 assert_own_property(headers, 'sec-fetch-site'); 140 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 141 }); 142 }, 'sec-fetch-site - Cross-Site -> Same-Site'); 143 144 promise_test((t) => { 145 const key = '{{uuid()}}'; 146 147 return induceRequest( 148 makeRequestURL(key, ['httpsCrossSite', 'httpsCrossSite'], {mime: 'text/html'}), 149 t, 150 false 151 ) 152 .then(() => retrieve(key)) 153 .then((headers) => { 154 assert_own_property(headers, 'sec-fetch-site'); 155 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 156 }); 157 }, 'sec-fetch-site - Cross-Site -> Cross-Site'); 158 159 promise_test((t) => { 160 const key = '{{uuid()}}'; 161 162 return induceRequest( 163 makeRequestURL(key, ['httpsOrigin', 'httpsOrigin'], {mime: 'text/html'}), 164 t, 165 false 166 ) 167 .then(() => retrieve(key)) 168 .then((headers) => { 169 assert_own_property(headers, 'sec-fetch-site'); 170 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 171 }); 172 }, 'sec-fetch-site - Same-Origin -> Same Origin'); 173 174 promise_test((t) => { 175 const key = '{{uuid()}}'; 176 177 return induceRequest( 178 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite'], {mime: 'text/html'}), 179 t, 180 false 181 ) 182 .then(() => retrieve(key)) 183 .then((headers) => { 184 assert_own_property(headers, 'sec-fetch-site'); 185 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 186 }); 187 }, 'sec-fetch-site - Same-Origin -> Same-Site'); 188 189 promise_test((t) => { 190 const key = '{{uuid()}}'; 191 192 return induceRequest( 193 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite'], {mime: 'text/html'}), 194 t, 195 false 196 ) 197 .then(() => retrieve(key)) 198 .then((headers) => { 199 assert_own_property(headers, 'sec-fetch-site'); 200 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 201 }); 202 }, 'sec-fetch-site - Same-Origin -> Cross-Site'); 203 204 promise_test((t) => { 205 const key = '{{uuid()}}'; 206 207 return induceRequest( 208 makeRequestURL(key, ['httpsSameSite', 'httpsOrigin'], {mime: 'text/html'}), 209 t, 210 false 211 ) 212 .then(() => retrieve(key)) 213 .then((headers) => { 214 assert_own_property(headers, 'sec-fetch-site'); 215 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 216 }); 217 }, 'sec-fetch-site - Same-Site -> Same Origin'); 218 219 promise_test((t) => { 220 const key = '{{uuid()}}'; 221 222 return induceRequest( 223 makeRequestURL(key, ['httpsSameSite', 'httpsSameSite'], {mime: 'text/html'}), 224 t, 225 false 226 ) 227 .then(() => retrieve(key)) 228 .then((headers) => { 229 assert_own_property(headers, 'sec-fetch-site'); 230 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 231 }); 232 }, 'sec-fetch-site - Same-Site -> Same-Site'); 233 234 promise_test((t) => { 235 const key = '{{uuid()}}'; 236 237 return induceRequest( 238 makeRequestURL(key, ['httpsSameSite', 'httpsCrossSite'], {mime: 'text/html'}), 239 t, 240 false 241 ) 242 .then(() => retrieve(key)) 243 .then((headers) => { 244 assert_own_property(headers, 'sec-fetch-site'); 245 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 246 }); 247 }, 'sec-fetch-site - Same-Site -> Cross-Site'); 248 249 promise_test((t) => { 250 const key = '{{uuid()}}'; 251 252 return induceRequest( 253 makeRequestURL(key, [], {mime: 'text/html'}), 254 t, 255 false 256 ) 257 .then(() => retrieve(key)) 258 .then((headers) => { 259 assert_own_property(headers, 'sec-fetch-mode'); 260 assert_array_equals(headers['sec-fetch-mode'], ['navigate']); 261 }); 262 }, 'sec-fetch-mode'); 263 264 promise_test((t) => { 265 const key = '{{uuid()}}'; 266 267 return induceRequest( 268 makeRequestURL(key, [], {mime: 'text/html'}), 269 t, 270 false 271 ) 272 .then(() => retrieve(key)) 273 .then((headers) => { 274 assert_own_property(headers, 'sec-fetch-dest'); 275 assert_array_equals(headers['sec-fetch-dest'], ['iframe']); 276 }); 277 }, 'sec-fetch-dest'); 278 279 promise_test((t) => { 280 const key = '{{uuid()}}'; 281 282 return induceRequest( 283 makeRequestURL(key, [], {mime: 'text/html'}), 284 t, 285 false 286 ) 287 .then(() => retrieve(key)) 288 .then((headers) => { 289 assert_not_own_property(headers, 'sec-fetch-user'); 290 }); 291 }, 'sec-fetch-user'); 292 293 promise_test((t) => { 294 const key = '{{uuid()}}'; 295 296 return induceRequest( 297 makeRequestURL(key, [], {mime: 'text/html'}), 298 t, 299 true 300 ) 301 .then(() => retrieve(key)) 302 .then((headers) => { 303 assert_own_property(headers, 'sec-fetch-user'); 304 assert_array_equals(headers['sec-fetch-user'], ['?1']); 305 }); 306 }, 'sec-fetch-user with user activation'); 307 308 promise_test((t) => { 309 const key = '{{uuid()}}'; 310 311 return induceRequest( 312 makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}), 313 t, 314 false 315 ) 316 .then(() => retrieve(key)) 317 .then((headers) => { 318 assert_own_property(headers, 'sec-fetch-storage-access'); 319 assert_array_equals(headers['sec-fetch-storage-access'], ['none']); 320 }); 321 }, 'sec-fetch-storage-access - Cross-site'); 322 323 promise_test((t) => { 324 const key = '{{uuid()}}'; 325 326 return induceRequest( 327 makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}), 328 t, 329 false 330 ) 331 .then(() => retrieve(key)) 332 .then((headers) => { 333 assert_not_own_property(headers, 'sec-fetch-storage-access'); 334 }); 335 }, 'sec-fetch-storage-access - Same site'); 336 </script> 337 </body> 338 </html>