[ tor-browser ].git.dasho

element-img-environment-change.sub.html (9077B)
      1 <!DOCTYPE html>
      2 <!--
      3 This test was procedurally generated. Please do not modify it directly.
      4 Sources:
      5 - fetch/metadata/tools/fetch-metadata.conf.yml
      6 - fetch/metadata/tools/templates/element-img-environment-change.sub.html
      7 -->
      8 <html lang="en">
      9  <meta charset="utf-8">
     10  <title>HTTP headers on image request triggered by change to environment</title>
     11  <script src="/resources/testharness.js"></script>
     12  <script src="/resources/testharnessreport.js"></script>
     13  <script src="/fetch/metadata/resources/helper.sub.js"></script>
     14  <body>
     15  <script>
     16  'use strict';
     17 
     18  // The response to the request under test must describe a valid image
     19  // resource in order for the `load` event to be fired.
     20  const params = {
     21    body: `
     22      <svg xmlns="http://www.w3.org/2000/svg" width="123" height="123">
     23        <rect fill="lime" width="123" height="123"/>
     24      </svg>
     25    `,
     26    mime: 'image/svg+xml'
     27  };
     28 
     29  function induceRequest(t, url, attributes) {
     30    const iframe = document.createElement('iframe');
     31    iframe.style.width = '50px';
     32    document.body.appendChild(iframe);
     33    t.add_cleanup(() => iframe.remove());
     34    iframe.contentDocument.open();
     35    iframe.contentDocument.close();
     36 
     37    const image = iframe.contentDocument.createElement('img');
     38    for (const [ name, value ] of Object.entries(attributes)) {
     39      image.setAttribute(name, value);
     40    }
     41    iframe.contentDocument.body.appendChild(image);
     42 
     43    image.setAttribute('srcset', `${url} 100w, /media/1x1-green.png 1w`);
     44    image.setAttribute('sizes', '(max-width: 100px) 1px, (min-width: 150px) 123px');
     45 
     46    return new Promise((resolve) => {
     47        image.onload = image.onerror = resolve;
     48      })
     49      .then(() => {
     50 
     51        iframe.style.width = '200px';
     52 
     53        return new Promise((resolve) => image.onload = resolve);
     54      });
     55  }
     56 
     57  promise_test((t) => {
     58    const key = '{{uuid()}}';
     59 
     60    return induceRequest(
     61        t,
     62        makeRequestURL(key, ['httpOrigin'], params),
     63        {}
     64      )
     65      .then(() => retrieve(key))
     66      .then((headers) => {
     67          assert_not_own_property(headers, 'sec-fetch-site');
     68        });
     69  }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination, no attributes');
     70 
     71  promise_test((t) => {
     72    const key = '{{uuid()}}';
     73 
     74    return induceRequest(
     75        t,
     76        makeRequestURL(key, ['httpSameSite'], params),
     77        {}
     78      )
     79      .then(() => retrieve(key))
     80      .then((headers) => {
     81          assert_not_own_property(headers, 'sec-fetch-site');
     82        });
     83  }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination, no attributes');
     84 
     85  promise_test((t) => {
     86    const key = '{{uuid()}}';
     87 
     88    return induceRequest(
     89        t,
     90        makeRequestURL(key, ['httpCrossSite'], params),
     91        {}
     92      )
     93      .then(() => retrieve(key))
     94      .then((headers) => {
     95          assert_not_own_property(headers, 'sec-fetch-site');
     96        });
     97  }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination, no attributes');
     98 
     99  promise_test((t) => {
    100    const key = '{{uuid()}}';
    101 
    102    return induceRequest(
    103        t,
    104        makeRequestURL(key, ['httpOrigin'], params),
    105        {}
    106      )
    107      .then(() => retrieve(key))
    108      .then((headers) => {
    109          assert_not_own_property(headers, 'sec-fetch-mode');
    110        });
    111  }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination, no attributes');
    112 
    113  promise_test((t) => {
    114    const key = '{{uuid()}}';
    115 
    116    return induceRequest(
    117        t,
    118        makeRequestURL(key, ['httpSameSite'], params),
    119        {}
    120      )
    121      .then(() => retrieve(key))
    122      .then((headers) => {
    123          assert_not_own_property(headers, 'sec-fetch-mode');
    124        });
    125  }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination, no attributes');
    126 
    127  promise_test((t) => {
    128    const key = '{{uuid()}}';
    129 
    130    return induceRequest(
    131        t,
    132        makeRequestURL(key, ['httpCrossSite'], params),
    133        {}
    134      )
    135      .then(() => retrieve(key))
    136      .then((headers) => {
    137          assert_not_own_property(headers, 'sec-fetch-mode');
    138        });
    139  }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination, no attributes');
    140 
    141  promise_test((t) => {
    142    const key = '{{uuid()}}';
    143 
    144    return induceRequest(
    145        t,
    146        makeRequestURL(key, ['httpOrigin'], params),
    147        {}
    148      )
    149      .then(() => retrieve(key))
    150      .then((headers) => {
    151          assert_not_own_property(headers, 'sec-fetch-dest');
    152        });
    153  }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination, no attributes');
    154 
    155  promise_test((t) => {
    156    const key = '{{uuid()}}';
    157 
    158    return induceRequest(
    159        t,
    160        makeRequestURL(key, ['httpSameSite'], params),
    161        {}
    162      )
    163      .then(() => retrieve(key))
    164      .then((headers) => {
    165          assert_not_own_property(headers, 'sec-fetch-dest');
    166        });
    167  }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination, no attributes');
    168 
    169  promise_test((t) => {
    170    const key = '{{uuid()}}';
    171 
    172    return induceRequest(
    173        t,
    174        makeRequestURL(key, ['httpCrossSite'], params),
    175        {}
    176      )
    177      .then(() => retrieve(key))
    178      .then((headers) => {
    179          assert_not_own_property(headers, 'sec-fetch-dest');
    180        });
    181  }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination, no attributes');
    182 
    183  promise_test((t) => {
    184    const key = '{{uuid()}}';
    185 
    186    return induceRequest(
    187        t,
    188        makeRequestURL(key, ['httpOrigin'], params),
    189        {}
    190      )
    191      .then(() => retrieve(key))
    192      .then((headers) => {
    193          assert_not_own_property(headers, 'sec-fetch-user');
    194        });
    195  }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination, no attributes');
    196 
    197  promise_test((t) => {
    198    const key = '{{uuid()}}';
    199 
    200    return induceRequest(
    201        t,
    202        makeRequestURL(key, ['httpSameSite'], params),
    203        {}
    204      )
    205      .then(() => retrieve(key))
    206      .then((headers) => {
    207          assert_not_own_property(headers, 'sec-fetch-user');
    208        });
    209  }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination, no attributes');
    210 
    211  promise_test((t) => {
    212    const key = '{{uuid()}}';
    213 
    214    return induceRequest(
    215        t,
    216        makeRequestURL(key, ['httpCrossSite'], params),
    217        {}
    218      )
    219      .then(() => retrieve(key))
    220      .then((headers) => {
    221          assert_not_own_property(headers, 'sec-fetch-user');
    222        });
    223  }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no attributes');
    224 
    225  promise_test((t) => {
    226    const key = '{{uuid()}}';
    227 
    228    return induceRequest(
    229        t,
    230        makeRequestURL(key, ['httpOrigin'], params),
    231        {}
    232      )
    233      .then(() => retrieve(key))
    234      .then((headers) => {
    235          assert_not_own_property(headers, 'sec-fetch-storage-access');
    236        });
    237  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes');
    238 
    239  promise_test((t) => {
    240    const key = '{{uuid()}}';
    241 
    242    return induceRequest(
    243        t,
    244        makeRequestURL(key, ['httpSameSite'], params),
    245        {}
    246      )
    247      .then(() => retrieve(key))
    248      .then((headers) => {
    249          assert_not_own_property(headers, 'sec-fetch-storage-access');
    250        });
    251  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes');
    252 
    253  promise_test((t) => {
    254    const key = '{{uuid()}}';
    255 
    256    return induceRequest(
    257        t,
    258        makeRequestURL(key, ['httpCrossSite'], params),
    259        {}
    260      )
    261      .then(() => retrieve(key))
    262      .then((headers) => {
    263          assert_not_own_property(headers, 'sec-fetch-storage-access');
    264        });
    265  }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes');
    266 
    267  promise_test((t) => {
    268    const key = '{{uuid()}}';
    269 
    270    return induceRequest(
    271        t,
    272        makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], params),
    273        {}
    274      )
    275      .then(() => retrieve(key))
    276      .then((headers) => {
    277          assert_not_own_property(headers, 'sec-fetch-site');
    278        });
    279  }, 'sec-fetch-site - HTTPS downgrade (header not sent), no attributes');
    280 
    281  promise_test((t) => {
    282    const key = '{{uuid()}}';
    283 
    284    return induceRequest(
    285        t,
    286        makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], params),
    287        {}
    288      )
    289      .then(() => retrieve(key))
    290      .then((headers) => {
    291          assert_own_property(headers, 'sec-fetch-site');
    292          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    293        });
    294  }, 'sec-fetch-site - HTTPS upgrade, no attributes');
    295 
    296  promise_test((t) => {
    297    const key = '{{uuid()}}';
    298 
    299    return induceRequest(
    300        t,
    301        makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], params),
    302        {}
    303      )
    304      .then(() => retrieve(key))
    305      .then((headers) => {
    306          assert_own_property(headers, 'sec-fetch-site');
    307          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    308        });
    309  }, 'sec-fetch-site - HTTPS downgrade-upgrade, no attributes');
    310  </script>
    311  </body>
    312 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE