element-img.https.sub.html (20729B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-img.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for HTML "img" element source</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 function induceRequest(url, sourceAttr, attributes) { 19 const image = document.createElement('img'); 20 21 for (const [ name, value ] of Object.entries(attributes)) { 22 image.setAttribute(name, value); 23 } 24 25 return new Promise((resolve) => { 26 image.setAttribute(sourceAttr, url); 27 image.onload = image.onerror = resolve; 28 }); 29 } 30 31 promise_test(() => { 32 const key = '{{uuid()}}'; 33 34 return induceRequest( 35 makeRequestURL(key, ['httpsOrigin']), 36 'src', 37 {} 38 ) 39 .then(() => retrieve(key)) 40 .then((headers) => { 41 assert_own_property(headers, 'sec-fetch-site'); 42 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 43 }); 44 }, 'sec-fetch-site - src - Same origin, no attributes'); 45 46 promise_test(() => { 47 const key = '{{uuid()}}'; 48 49 return induceRequest( 50 makeRequestURL(key, ['httpsOrigin']), 51 'srcset', 52 {} 53 ) 54 .then(() => retrieve(key)) 55 .then((headers) => { 56 assert_own_property(headers, 'sec-fetch-site'); 57 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 58 }); 59 }, 'sec-fetch-site - srcset - Same origin, no attributes'); 60 61 promise_test(() => { 62 const key = '{{uuid()}}'; 63 64 return induceRequest( 65 makeRequestURL(key, ['httpsCrossSite']), 66 'src', 67 {} 68 ) 69 .then(() => retrieve(key)) 70 .then((headers) => { 71 assert_own_property(headers, 'sec-fetch-site'); 72 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 73 }); 74 }, 'sec-fetch-site - src - Cross-site, no attributes'); 75 76 promise_test(() => { 77 const key = '{{uuid()}}'; 78 79 return induceRequest( 80 makeRequestURL(key, ['httpsCrossSite']), 81 'srcset', 82 {} 83 ) 84 .then(() => retrieve(key)) 85 .then((headers) => { 86 assert_own_property(headers, 'sec-fetch-site'); 87 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 88 }); 89 }, 'sec-fetch-site - srcset - Cross-site, no attributes'); 90 91 promise_test(() => { 92 const key = '{{uuid()}}'; 93 94 return induceRequest( 95 makeRequestURL(key, ['httpsSameSite']), 96 'src', 97 {} 98 ) 99 .then(() => retrieve(key)) 100 .then((headers) => { 101 assert_own_property(headers, 'sec-fetch-site'); 102 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 103 }); 104 }, 'sec-fetch-site - src - Same site, no attributes'); 105 106 promise_test(() => { 107 const key = '{{uuid()}}'; 108 109 return induceRequest( 110 makeRequestURL(key, ['httpsSameSite']), 111 'srcset', 112 {} 113 ) 114 .then(() => retrieve(key)) 115 .then((headers) => { 116 assert_own_property(headers, 'sec-fetch-site'); 117 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 118 }); 119 }, 'sec-fetch-site - srcset - Same site, no attributes'); 120 121 promise_test(() => { 122 const key = '{{uuid()}}'; 123 124 return induceRequest( 125 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin']), 126 'src', 127 {} 128 ) 129 .then(() => retrieve(key)) 130 .then((headers) => { 131 assert_own_property(headers, 'sec-fetch-site'); 132 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 133 }); 134 }, 'sec-fetch-site - src - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes'); 135 136 promise_test(() => { 137 const key = '{{uuid()}}'; 138 139 return induceRequest( 140 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin']), 141 'srcset', 142 {} 143 ) 144 .then(() => retrieve(key)) 145 .then((headers) => { 146 assert_own_property(headers, 'sec-fetch-site'); 147 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 148 }); 149 }, 'sec-fetch-site - srcset - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes'); 150 151 promise_test(() => { 152 const key = '{{uuid()}}'; 153 154 return induceRequest( 155 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin']), 156 'src', 157 {} 158 ) 159 .then(() => retrieve(key)) 160 .then((headers) => { 161 assert_own_property(headers, 'sec-fetch-site'); 162 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 163 }); 164 }, 'sec-fetch-site - src - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes'); 165 166 promise_test(() => { 167 const key = '{{uuid()}}'; 168 169 return induceRequest( 170 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin']), 171 'srcset', 172 {} 173 ) 174 .then(() => retrieve(key)) 175 .then((headers) => { 176 assert_own_property(headers, 'sec-fetch-site'); 177 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 178 }); 179 }, 'sec-fetch-site - srcset - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes'); 180 181 promise_test(() => { 182 const key = '{{uuid()}}'; 183 184 return induceRequest( 185 makeRequestURL(key, ['httpsCrossSite', 'httpsOrigin']), 186 'src', 187 {} 188 ) 189 .then(() => retrieve(key)) 190 .then((headers) => { 191 assert_own_property(headers, 'sec-fetch-site'); 192 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 193 }); 194 }, 'sec-fetch-site - src - Cross-Site -> Same Origin, no attributes'); 195 196 promise_test(() => { 197 const key = '{{uuid()}}'; 198 199 return induceRequest( 200 makeRequestURL(key, ['httpsCrossSite', 'httpsOrigin']), 201 'srcset', 202 {} 203 ) 204 .then(() => retrieve(key)) 205 .then((headers) => { 206 assert_own_property(headers, 'sec-fetch-site'); 207 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 208 }); 209 }, 'sec-fetch-site - srcset - Cross-Site -> Same Origin, no attributes'); 210 211 promise_test(() => { 212 const key = '{{uuid()}}'; 213 214 return induceRequest( 215 makeRequestURL(key, ['httpsCrossSite', 'httpsSameSite']), 216 'src', 217 {} 218 ) 219 .then(() => retrieve(key)) 220 .then((headers) => { 221 assert_own_property(headers, 'sec-fetch-site'); 222 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 223 }); 224 }, 'sec-fetch-site - src - Cross-Site -> Same-Site, no attributes'); 225 226 promise_test(() => { 227 const key = '{{uuid()}}'; 228 229 return induceRequest( 230 makeRequestURL(key, ['httpsCrossSite', 'httpsSameSite']), 231 'srcset', 232 {} 233 ) 234 .then(() => retrieve(key)) 235 .then((headers) => { 236 assert_own_property(headers, 'sec-fetch-site'); 237 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 238 }); 239 }, 'sec-fetch-site - srcset - Cross-Site -> Same-Site, no attributes'); 240 241 promise_test(() => { 242 const key = '{{uuid()}}'; 243 244 return induceRequest( 245 makeRequestURL(key, ['httpsCrossSite', 'httpsCrossSite']), 246 'src', 247 {} 248 ) 249 .then(() => retrieve(key)) 250 .then((headers) => { 251 assert_own_property(headers, 'sec-fetch-site'); 252 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 253 }); 254 }, 'sec-fetch-site - src - Cross-Site -> Cross-Site, no attributes'); 255 256 promise_test(() => { 257 const key = '{{uuid()}}'; 258 259 return induceRequest( 260 makeRequestURL(key, ['httpsCrossSite', 'httpsCrossSite']), 261 'srcset', 262 {} 263 ) 264 .then(() => retrieve(key)) 265 .then((headers) => { 266 assert_own_property(headers, 'sec-fetch-site'); 267 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 268 }); 269 }, 'sec-fetch-site - srcset - Cross-Site -> Cross-Site, no attributes'); 270 271 promise_test(() => { 272 const key = '{{uuid()}}'; 273 274 return induceRequest( 275 makeRequestURL(key, ['httpsOrigin', 'httpsOrigin']), 276 'src', 277 {} 278 ) 279 .then(() => retrieve(key)) 280 .then((headers) => { 281 assert_own_property(headers, 'sec-fetch-site'); 282 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 283 }); 284 }, 'sec-fetch-site - src - Same-Origin -> Same Origin, no attributes'); 285 286 promise_test(() => { 287 const key = '{{uuid()}}'; 288 289 return induceRequest( 290 makeRequestURL(key, ['httpsOrigin', 'httpsOrigin']), 291 'srcset', 292 {} 293 ) 294 .then(() => retrieve(key)) 295 .then((headers) => { 296 assert_own_property(headers, 'sec-fetch-site'); 297 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 298 }); 299 }, 'sec-fetch-site - srcset - Same-Origin -> Same Origin, no attributes'); 300 301 promise_test(() => { 302 const key = '{{uuid()}}'; 303 304 return induceRequest( 305 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite']), 306 'src', 307 {} 308 ) 309 .then(() => retrieve(key)) 310 .then((headers) => { 311 assert_own_property(headers, 'sec-fetch-site'); 312 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 313 }); 314 }, 'sec-fetch-site - src - Same-Origin -> Same-Site, no attributes'); 315 316 promise_test(() => { 317 const key = '{{uuid()}}'; 318 319 return induceRequest( 320 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite']), 321 'srcset', 322 {} 323 ) 324 .then(() => retrieve(key)) 325 .then((headers) => { 326 assert_own_property(headers, 'sec-fetch-site'); 327 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 328 }); 329 }, 'sec-fetch-site - srcset - Same-Origin -> Same-Site, no attributes'); 330 331 promise_test(() => { 332 const key = '{{uuid()}}'; 333 334 return induceRequest( 335 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite']), 336 'src', 337 {} 338 ) 339 .then(() => retrieve(key)) 340 .then((headers) => { 341 assert_own_property(headers, 'sec-fetch-site'); 342 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 343 }); 344 }, 'sec-fetch-site - src - Same-Origin -> Cross-Site, no attributes'); 345 346 promise_test(() => { 347 const key = '{{uuid()}}'; 348 349 return induceRequest( 350 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite']), 351 'srcset', 352 {} 353 ) 354 .then(() => retrieve(key)) 355 .then((headers) => { 356 assert_own_property(headers, 'sec-fetch-site'); 357 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 358 }); 359 }, 'sec-fetch-site - srcset - Same-Origin -> Cross-Site, no attributes'); 360 361 promise_test(() => { 362 const key = '{{uuid()}}'; 363 364 return induceRequest( 365 makeRequestURL(key, ['httpsSameSite', 'httpsOrigin']), 366 'src', 367 {} 368 ) 369 .then(() => retrieve(key)) 370 .then((headers) => { 371 assert_own_property(headers, 'sec-fetch-site'); 372 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 373 }); 374 }, 'sec-fetch-site - src - Same-Site -> Same Origin, no attributes'); 375 376 promise_test(() => { 377 const key = '{{uuid()}}'; 378 379 return induceRequest( 380 makeRequestURL(key, ['httpsSameSite', 'httpsOrigin']), 381 'srcset', 382 {} 383 ) 384 .then(() => retrieve(key)) 385 .then((headers) => { 386 assert_own_property(headers, 'sec-fetch-site'); 387 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 388 }); 389 }, 'sec-fetch-site - srcset - Same-Site -> Same Origin, no attributes'); 390 391 promise_test(() => { 392 const key = '{{uuid()}}'; 393 394 return induceRequest( 395 makeRequestURL(key, ['httpsSameSite', 'httpsSameSite']), 396 'src', 397 {} 398 ) 399 .then(() => retrieve(key)) 400 .then((headers) => { 401 assert_own_property(headers, 'sec-fetch-site'); 402 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 403 }); 404 }, 'sec-fetch-site - src - Same-Site -> Same-Site, no attributes'); 405 406 promise_test(() => { 407 const key = '{{uuid()}}'; 408 409 return induceRequest( 410 makeRequestURL(key, ['httpsSameSite', 'httpsSameSite']), 411 'srcset', 412 {} 413 ) 414 .then(() => retrieve(key)) 415 .then((headers) => { 416 assert_own_property(headers, 'sec-fetch-site'); 417 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 418 }); 419 }, 'sec-fetch-site - srcset - Same-Site -> Same-Site, no attributes'); 420 421 promise_test(() => { 422 const key = '{{uuid()}}'; 423 424 return induceRequest( 425 makeRequestURL(key, ['httpsSameSite', 'httpsCrossSite']), 426 'src', 427 {} 428 ) 429 .then(() => retrieve(key)) 430 .then((headers) => { 431 assert_own_property(headers, 'sec-fetch-site'); 432 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 433 }); 434 }, 'sec-fetch-site - src - Same-Site -> Cross-Site, no attributes'); 435 436 promise_test(() => { 437 const key = '{{uuid()}}'; 438 439 return induceRequest( 440 makeRequestURL(key, ['httpsSameSite', 'httpsCrossSite']), 441 'srcset', 442 {} 443 ) 444 .then(() => retrieve(key)) 445 .then((headers) => { 446 assert_own_property(headers, 'sec-fetch-site'); 447 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 448 }); 449 }, 'sec-fetch-site - srcset - Same-Site -> Cross-Site, no attributes'); 450 451 promise_test(() => { 452 const key = '{{uuid()}}'; 453 454 return induceRequest( 455 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']), 456 'src', 457 {} 458 ) 459 .then(() => retrieve(key)) 460 .then((headers) => { 461 assert_own_property(headers, 'sec-fetch-site'); 462 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 463 }); 464 }, 'sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes'); 465 466 promise_test(() => { 467 const key = '{{uuid()}}'; 468 469 return induceRequest( 470 makeRequestURL(key, []), 471 'src', 472 {} 473 ) 474 .then(() => retrieve(key)) 475 .then((headers) => { 476 assert_own_property(headers, 'sec-fetch-mode'); 477 assert_array_equals(headers['sec-fetch-mode'], ['no-cors']); 478 }); 479 }, 'sec-fetch-mode - src - no attributes'); 480 481 promise_test(() => { 482 const key = '{{uuid()}}'; 483 484 return induceRequest( 485 makeRequestURL(key, []), 486 'src', 487 {"crossorigin": ""} 488 ) 489 .then(() => retrieve(key)) 490 .then((headers) => { 491 assert_own_property(headers, 'sec-fetch-mode'); 492 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 493 }); 494 }, 'sec-fetch-mode - src - attributes: crossorigin'); 495 496 promise_test(() => { 497 const key = '{{uuid()}}'; 498 499 return induceRequest( 500 makeRequestURL(key, []), 501 'src', 502 {"crossorigin": "anonymous"} 503 ) 504 .then(() => retrieve(key)) 505 .then((headers) => { 506 assert_own_property(headers, 'sec-fetch-mode'); 507 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 508 }); 509 }, 'sec-fetch-mode - src - attributes: crossorigin=anonymous'); 510 511 promise_test(() => { 512 const key = '{{uuid()}}'; 513 514 return induceRequest( 515 makeRequestURL(key, []), 516 'src', 517 {"crossorigin": "use-credentials"} 518 ) 519 .then(() => retrieve(key)) 520 .then((headers) => { 521 assert_own_property(headers, 'sec-fetch-mode'); 522 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 523 }); 524 }, 'sec-fetch-mode - src - attributes: crossorigin=use-credentials'); 525 526 promise_test(() => { 527 const key = '{{uuid()}}'; 528 529 return induceRequest( 530 makeRequestURL(key, []), 531 'srcset', 532 {} 533 ) 534 .then(() => retrieve(key)) 535 .then((headers) => { 536 assert_own_property(headers, 'sec-fetch-mode'); 537 assert_array_equals(headers['sec-fetch-mode'], ['no-cors']); 538 }); 539 }, 'sec-fetch-mode - srcset - no attributes'); 540 541 promise_test(() => { 542 const key = '{{uuid()}}'; 543 544 return induceRequest( 545 makeRequestURL(key, []), 546 'srcset', 547 {"crossorigin": ""} 548 ) 549 .then(() => retrieve(key)) 550 .then((headers) => { 551 assert_own_property(headers, 'sec-fetch-mode'); 552 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 553 }); 554 }, 'sec-fetch-mode - srcset - attributes: crossorigin'); 555 556 promise_test(() => { 557 const key = '{{uuid()}}'; 558 559 return induceRequest( 560 makeRequestURL(key, []), 561 'srcset', 562 {"crossorigin": "anonymous"} 563 ) 564 .then(() => retrieve(key)) 565 .then((headers) => { 566 assert_own_property(headers, 'sec-fetch-mode'); 567 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 568 }); 569 }, 'sec-fetch-mode - srcset - attributes: crossorigin=anonymous'); 570 571 promise_test(() => { 572 const key = '{{uuid()}}'; 573 574 return induceRequest( 575 makeRequestURL(key, []), 576 'srcset', 577 {"crossorigin": "use-credentials"} 578 ) 579 .then(() => retrieve(key)) 580 .then((headers) => { 581 assert_own_property(headers, 'sec-fetch-mode'); 582 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 583 }); 584 }, 'sec-fetch-mode - srcset - attributes: crossorigin=use-credentials'); 585 586 promise_test(() => { 587 const key = '{{uuid()}}'; 588 589 return induceRequest( 590 makeRequestURL(key, []), 591 'src', 592 {} 593 ) 594 .then(() => retrieve(key)) 595 .then((headers) => { 596 assert_own_property(headers, 'sec-fetch-dest'); 597 assert_array_equals(headers['sec-fetch-dest'], ['image']); 598 }); 599 }, 'sec-fetch-dest - src - no attributes'); 600 601 promise_test(() => { 602 const key = '{{uuid()}}'; 603 604 return induceRequest( 605 makeRequestURL(key, []), 606 'srcset', 607 {} 608 ) 609 .then(() => retrieve(key)) 610 .then((headers) => { 611 assert_own_property(headers, 'sec-fetch-dest'); 612 assert_array_equals(headers['sec-fetch-dest'], ['image']); 613 }); 614 }, 'sec-fetch-dest - srcset - no attributes'); 615 616 promise_test(() => { 617 const key = '{{uuid()}}'; 618 619 return induceRequest( 620 makeRequestURL(key, []), 621 'src', 622 {} 623 ) 624 .then(() => retrieve(key)) 625 .then((headers) => { 626 assert_not_own_property(headers, 'sec-fetch-user'); 627 }); 628 }, 'sec-fetch-user - src - no attributes'); 629 630 promise_test(() => { 631 const key = '{{uuid()}}'; 632 633 return induceRequest( 634 makeRequestURL(key, []), 635 'srcset', 636 {} 637 ) 638 .then(() => retrieve(key)) 639 .then((headers) => { 640 assert_not_own_property(headers, 'sec-fetch-user'); 641 }); 642 }, 'sec-fetch-user - srcset - no attributes'); 643 644 promise_test(() => { 645 const key = '{{uuid()}}'; 646 647 return induceRequest( 648 makeRequestURL(key, ['httpsCrossSite']), 649 'src', 650 {} 651 ) 652 .then(() => retrieve(key)) 653 .then((headers) => { 654 assert_own_property(headers, 'sec-fetch-storage-access'); 655 assert_array_equals(headers['sec-fetch-storage-access'], ['none']); 656 }); 657 }, 'sec-fetch-storage-access - src - Cross-site, no attributes'); 658 659 promise_test(() => { 660 const key = '{{uuid()}}'; 661 662 return induceRequest( 663 makeRequestURL(key, ['httpsCrossSite']), 664 'srcset', 665 {} 666 ) 667 .then(() => retrieve(key)) 668 .then((headers) => { 669 assert_own_property(headers, 'sec-fetch-storage-access'); 670 assert_array_equals(headers['sec-fetch-storage-access'], ['none']); 671 }); 672 }, 'sec-fetch-storage-access - srcset - Cross-site, no attributes'); 673 674 promise_test(() => { 675 const key = '{{uuid()}}'; 676 677 return induceRequest( 678 makeRequestURL(key, ['httpsSameSite']), 679 'src', 680 {} 681 ) 682 .then(() => retrieve(key)) 683 .then((headers) => { 684 assert_not_own_property(headers, 'sec-fetch-storage-access'); 685 }); 686 }, 'sec-fetch-storage-access - src - Same site, no attributes'); 687 688 promise_test(() => { 689 const key = '{{uuid()}}'; 690 691 return induceRequest( 692 makeRequestURL(key, ['httpsSameSite']), 693 'srcset', 694 {} 695 ) 696 .then(() => retrieve(key)) 697 .then((headers) => { 698 assert_not_own_property(headers, 'sec-fetch-storage-access'); 699 }); 700 }, 'sec-fetch-storage-access - srcset - Same site, no attributes'); 701 </script> 702 </body> 703 </html>