element-iframe.sub.html (8316B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-iframe.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for HTML "frame" element source</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 function induceRequest(url, test, userActivated) { 19 const iframe = document.createElement('iframe'); 20 21 const setSrc = () => iframe.setAttribute('src', url); 22 23 document.body.appendChild(iframe); 24 test.add_cleanup(() => iframe.remove()); 25 26 return new Promise((resolve) => { 27 if (userActivated) { 28 test_driver.bless('enable user activation', setSrc); 29 } else { 30 setSrc(); 31 } 32 33 iframe.onload = iframe.onerror = resolve; 34 }); 35 } 36 37 promise_test((t) => { 38 const key = '{{uuid()}}'; 39 40 return induceRequest( 41 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 42 t, 43 false 44 ) 45 .then(() => retrieve(key)) 46 .then((headers) => { 47 assert_not_own_property(headers, 'sec-fetch-site'); 48 }); 49 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 50 51 promise_test((t) => { 52 const key = '{{uuid()}}'; 53 54 return induceRequest( 55 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 56 t, 57 false 58 ) 59 .then(() => retrieve(key)) 60 .then((headers) => { 61 assert_not_own_property(headers, 'sec-fetch-site'); 62 }); 63 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 64 65 promise_test((t) => { 66 const key = '{{uuid()}}'; 67 68 return induceRequest( 69 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 70 t, 71 false 72 ) 73 .then(() => retrieve(key)) 74 .then((headers) => { 75 assert_not_own_property(headers, 'sec-fetch-site'); 76 }); 77 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 78 79 promise_test((t) => { 80 const key = '{{uuid()}}'; 81 82 return induceRequest( 83 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 84 t, 85 false 86 ) 87 .then(() => retrieve(key)) 88 .then((headers) => { 89 assert_not_own_property(headers, 'sec-fetch-mode'); 90 }); 91 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 92 93 promise_test((t) => { 94 const key = '{{uuid()}}'; 95 96 return induceRequest( 97 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 98 t, 99 false 100 ) 101 .then(() => retrieve(key)) 102 .then((headers) => { 103 assert_not_own_property(headers, 'sec-fetch-mode'); 104 }); 105 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 106 107 promise_test((t) => { 108 const key = '{{uuid()}}'; 109 110 return induceRequest( 111 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 112 t, 113 false 114 ) 115 .then(() => retrieve(key)) 116 .then((headers) => { 117 assert_not_own_property(headers, 'sec-fetch-mode'); 118 }); 119 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 120 121 promise_test((t) => { 122 const key = '{{uuid()}}'; 123 124 return induceRequest( 125 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 126 t, 127 false 128 ) 129 .then(() => retrieve(key)) 130 .then((headers) => { 131 assert_not_own_property(headers, 'sec-fetch-dest'); 132 }); 133 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 134 135 promise_test((t) => { 136 const key = '{{uuid()}}'; 137 138 return induceRequest( 139 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 140 t, 141 false 142 ) 143 .then(() => retrieve(key)) 144 .then((headers) => { 145 assert_not_own_property(headers, 'sec-fetch-dest'); 146 }); 147 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 148 149 promise_test((t) => { 150 const key = '{{uuid()}}'; 151 152 return induceRequest( 153 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 154 t, 155 false 156 ) 157 .then(() => retrieve(key)) 158 .then((headers) => { 159 assert_not_own_property(headers, 'sec-fetch-dest'); 160 }); 161 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 162 163 promise_test((t) => { 164 const key = '{{uuid()}}'; 165 166 return induceRequest( 167 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 168 t, 169 false 170 ) 171 .then(() => retrieve(key)) 172 .then((headers) => { 173 assert_not_own_property(headers, 'sec-fetch-user'); 174 }); 175 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 176 177 promise_test((t) => { 178 const key = '{{uuid()}}'; 179 180 return induceRequest( 181 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 182 t, 183 false 184 ) 185 .then(() => retrieve(key)) 186 .then((headers) => { 187 assert_not_own_property(headers, 'sec-fetch-user'); 188 }); 189 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 190 191 promise_test((t) => { 192 const key = '{{uuid()}}'; 193 194 return induceRequest( 195 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 196 t, 197 false 198 ) 199 .then(() => retrieve(key)) 200 .then((headers) => { 201 assert_not_own_property(headers, 'sec-fetch-user'); 202 }); 203 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 204 205 promise_test((t) => { 206 const key = '{{uuid()}}'; 207 208 return induceRequest( 209 makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}), 210 t, 211 false 212 ) 213 .then(() => retrieve(key)) 214 .then((headers) => { 215 assert_not_own_property(headers, 'sec-fetch-storage-access'); 216 }); 217 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 218 219 promise_test((t) => { 220 const key = '{{uuid()}}'; 221 222 return induceRequest( 223 makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}), 224 t, 225 false 226 ) 227 .then(() => retrieve(key)) 228 .then((headers) => { 229 assert_not_own_property(headers, 'sec-fetch-storage-access'); 230 }); 231 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 232 233 promise_test((t) => { 234 const key = '{{uuid()}}'; 235 236 return induceRequest( 237 makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}), 238 t, 239 false 240 ) 241 .then(() => retrieve(key)) 242 .then((headers) => { 243 assert_not_own_property(headers, 'sec-fetch-storage-access'); 244 }); 245 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 246 247 promise_test((t) => { 248 const key = '{{uuid()}}'; 249 250 return induceRequest( 251 makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], {mime: 'text/html'}), 252 t, 253 false 254 ) 255 .then(() => retrieve(key)) 256 .then((headers) => { 257 assert_not_own_property(headers, 'sec-fetch-site'); 258 }); 259 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 260 261 promise_test((t) => { 262 const key = '{{uuid()}}'; 263 264 return induceRequest( 265 makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], {mime: 'text/html'}), 266 t, 267 false 268 ) 269 .then(() => retrieve(key)) 270 .then((headers) => { 271 assert_own_property(headers, 'sec-fetch-site'); 272 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 273 }); 274 }, 'sec-fetch-site - HTTPS upgrade'); 275 276 promise_test((t) => { 277 const key = '{{uuid()}}'; 278 279 return induceRequest( 280 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], {mime: 'text/html'}), 281 t, 282 false 283 ) 284 .then(() => retrieve(key)) 285 .then((headers) => { 286 assert_own_property(headers, 'sec-fetch-site'); 287 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 288 }); 289 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 290 </script> 291 </body> 292 </html>