[ tor-browser ].git.dasho

element-img.sub.html (15552B)
      1 <!DOCTYPE html>
      2 <!--
      3 This test was procedurally generated. Please do not modify it directly.
      4 Sources:
      5 - fetch/metadata/tools/fetch-metadata.conf.yml
      6 - fetch/metadata/tools/templates/element-img.sub.html
      7 -->
      8 <html lang="en">
      9  <meta charset="utf-8">
     10  <title>HTTP headers on request for HTML "img" element source</title>
     11  <script src="/resources/testharness.js"></script>
     12  <script src="/resources/testharnessreport.js"></script>
     13  <script src="/fetch/metadata/resources/helper.sub.js"></script>
     14  <body>
     15  <script>
     16  'use strict';
     17 
     18  function induceRequest(url, sourceAttr, attributes) {
     19    const image = document.createElement('img');
     20 
     21    for (const [ name, value ] of Object.entries(attributes)) {
     22      image.setAttribute(name, value);
     23    }
     24 
     25    return new Promise((resolve) => {
     26        image.setAttribute(sourceAttr, url);
     27        image.onload = image.onerror = resolve;
     28      });
     29  }
     30 
     31  promise_test(() => {
     32    const key = '{{uuid()}}';
     33 
     34    return induceRequest(
     35        makeRequestURL(key, ['httpOrigin']),
     36        'src',
     37        {}
     38      )
     39      .then(() => retrieve(key))
     40      .then((headers) => {
     41          assert_not_own_property(headers, 'sec-fetch-site');
     42        });
     43  }, 'sec-fetch-site - src - Not sent to non-trustworthy same-origin destination, no attributes');
     44 
     45  promise_test(() => {
     46    const key = '{{uuid()}}';
     47 
     48    return induceRequest(
     49        makeRequestURL(key, ['httpOrigin']),
     50        'srcset',
     51        {}
     52      )
     53      .then(() => retrieve(key))
     54      .then((headers) => {
     55          assert_not_own_property(headers, 'sec-fetch-site');
     56        });
     57  }, 'sec-fetch-site - srcset - Not sent to non-trustworthy same-origin destination, no attributes');
     58 
     59  promise_test(() => {
     60    const key = '{{uuid()}}';
     61 
     62    return induceRequest(
     63        makeRequestURL(key, ['httpSameSite']),
     64        'src',
     65        {}
     66      )
     67      .then(() => retrieve(key))
     68      .then((headers) => {
     69          assert_not_own_property(headers, 'sec-fetch-site');
     70        });
     71  }, 'sec-fetch-site - src - Not sent to non-trustworthy same-site destination, no attributes');
     72 
     73  promise_test(() => {
     74    const key = '{{uuid()}}';
     75 
     76    return induceRequest(
     77        makeRequestURL(key, ['httpSameSite']),
     78        'srcset',
     79        {}
     80      )
     81      .then(() => retrieve(key))
     82      .then((headers) => {
     83          assert_not_own_property(headers, 'sec-fetch-site');
     84        });
     85  }, 'sec-fetch-site - srcset - Not sent to non-trustworthy same-site destination, no attributes');
     86 
     87  promise_test(() => {
     88    const key = '{{uuid()}}';
     89 
     90    return induceRequest(
     91        makeRequestURL(key, ['httpCrossSite']),
     92        'src',
     93        {}
     94      )
     95      .then(() => retrieve(key))
     96      .then((headers) => {
     97          assert_not_own_property(headers, 'sec-fetch-site');
     98        });
     99  }, 'sec-fetch-site - src - Not sent to non-trustworthy cross-site destination, no attributes');
    100 
    101  promise_test(() => {
    102    const key = '{{uuid()}}';
    103 
    104    return induceRequest(
    105        makeRequestURL(key, ['httpCrossSite']),
    106        'srcset',
    107        {}
    108      )
    109      .then(() => retrieve(key))
    110      .then((headers) => {
    111          assert_not_own_property(headers, 'sec-fetch-site');
    112        });
    113  }, 'sec-fetch-site - srcset - Not sent to non-trustworthy cross-site destination, no attributes');
    114 
    115  promise_test(() => {
    116    const key = '{{uuid()}}';
    117 
    118    return induceRequest(
    119        makeRequestURL(key, ['httpOrigin']),
    120        'src',
    121        {}
    122      )
    123      .then(() => retrieve(key))
    124      .then((headers) => {
    125          assert_not_own_property(headers, 'sec-fetch-mode');
    126        });
    127  }, 'sec-fetch-mode - src - Not sent to non-trustworthy same-origin destination, no attributes');
    128 
    129  promise_test(() => {
    130    const key = '{{uuid()}}';
    131 
    132    return induceRequest(
    133        makeRequestURL(key, ['httpOrigin']),
    134        'srcset',
    135        {}
    136      )
    137      .then(() => retrieve(key))
    138      .then((headers) => {
    139          assert_not_own_property(headers, 'sec-fetch-mode');
    140        });
    141  }, 'sec-fetch-mode - srcset - Not sent to non-trustworthy same-origin destination, no attributes');
    142 
    143  promise_test(() => {
    144    const key = '{{uuid()}}';
    145 
    146    return induceRequest(
    147        makeRequestURL(key, ['httpSameSite']),
    148        'src',
    149        {}
    150      )
    151      .then(() => retrieve(key))
    152      .then((headers) => {
    153          assert_not_own_property(headers, 'sec-fetch-mode');
    154        });
    155  }, 'sec-fetch-mode - src - Not sent to non-trustworthy same-site destination, no attributes');
    156 
    157  promise_test(() => {
    158    const key = '{{uuid()}}';
    159 
    160    return induceRequest(
    161        makeRequestURL(key, ['httpSameSite']),
    162        'srcset',
    163        {}
    164      )
    165      .then(() => retrieve(key))
    166      .then((headers) => {
    167          assert_not_own_property(headers, 'sec-fetch-mode');
    168        });
    169  }, 'sec-fetch-mode - srcset - Not sent to non-trustworthy same-site destination, no attributes');
    170 
    171  promise_test(() => {
    172    const key = '{{uuid()}}';
    173 
    174    return induceRequest(
    175        makeRequestURL(key, ['httpCrossSite']),
    176        'src',
    177        {}
    178      )
    179      .then(() => retrieve(key))
    180      .then((headers) => {
    181          assert_not_own_property(headers, 'sec-fetch-mode');
    182        });
    183  }, 'sec-fetch-mode - src - Not sent to non-trustworthy cross-site destination, no attributes');
    184 
    185  promise_test(() => {
    186    const key = '{{uuid()}}';
    187 
    188    return induceRequest(
    189        makeRequestURL(key, ['httpCrossSite']),
    190        'srcset',
    191        {}
    192      )
    193      .then(() => retrieve(key))
    194      .then((headers) => {
    195          assert_not_own_property(headers, 'sec-fetch-mode');
    196        });
    197  }, 'sec-fetch-mode - srcset - Not sent to non-trustworthy cross-site destination, no attributes');
    198 
    199  promise_test(() => {
    200    const key = '{{uuid()}}';
    201 
    202    return induceRequest(
    203        makeRequestURL(key, ['httpOrigin']),
    204        'src',
    205        {}
    206      )
    207      .then(() => retrieve(key))
    208      .then((headers) => {
    209          assert_not_own_property(headers, 'sec-fetch-dest');
    210        });
    211  }, 'sec-fetch-dest - src - Not sent to non-trustworthy same-origin destination, no attributes');
    212 
    213  promise_test(() => {
    214    const key = '{{uuid()}}';
    215 
    216    return induceRequest(
    217        makeRequestURL(key, ['httpOrigin']),
    218        'srcset',
    219        {}
    220      )
    221      .then(() => retrieve(key))
    222      .then((headers) => {
    223          assert_not_own_property(headers, 'sec-fetch-dest');
    224        });
    225  }, 'sec-fetch-dest - srcset - Not sent to non-trustworthy same-origin destination, no attributes');
    226 
    227  promise_test(() => {
    228    const key = '{{uuid()}}';
    229 
    230    return induceRequest(
    231        makeRequestURL(key, ['httpSameSite']),
    232        'src',
    233        {}
    234      )
    235      .then(() => retrieve(key))
    236      .then((headers) => {
    237          assert_not_own_property(headers, 'sec-fetch-dest');
    238        });
    239  }, 'sec-fetch-dest - src - Not sent to non-trustworthy same-site destination, no attributes');
    240 
    241  promise_test(() => {
    242    const key = '{{uuid()}}';
    243 
    244    return induceRequest(
    245        makeRequestURL(key, ['httpSameSite']),
    246        'srcset',
    247        {}
    248      )
    249      .then(() => retrieve(key))
    250      .then((headers) => {
    251          assert_not_own_property(headers, 'sec-fetch-dest');
    252        });
    253  }, 'sec-fetch-dest - srcset - Not sent to non-trustworthy same-site destination, no attributes');
    254 
    255  promise_test(() => {
    256    const key = '{{uuid()}}';
    257 
    258    return induceRequest(
    259        makeRequestURL(key, ['httpCrossSite']),
    260        'src',
    261        {}
    262      )
    263      .then(() => retrieve(key))
    264      .then((headers) => {
    265          assert_not_own_property(headers, 'sec-fetch-dest');
    266        });
    267  }, 'sec-fetch-dest - src - Not sent to non-trustworthy cross-site destination, no attributes');
    268 
    269  promise_test(() => {
    270    const key = '{{uuid()}}';
    271 
    272    return induceRequest(
    273        makeRequestURL(key, ['httpCrossSite']),
    274        'srcset',
    275        {}
    276      )
    277      .then(() => retrieve(key))
    278      .then((headers) => {
    279          assert_not_own_property(headers, 'sec-fetch-dest');
    280        });
    281  }, 'sec-fetch-dest - srcset - Not sent to non-trustworthy cross-site destination, no attributes');
    282 
    283  promise_test(() => {
    284    const key = '{{uuid()}}';
    285 
    286    return induceRequest(
    287        makeRequestURL(key, ['httpOrigin']),
    288        'src',
    289        {}
    290      )
    291      .then(() => retrieve(key))
    292      .then((headers) => {
    293          assert_not_own_property(headers, 'sec-fetch-user');
    294        });
    295  }, 'sec-fetch-user - src - Not sent to non-trustworthy same-origin destination, no attributes');
    296 
    297  promise_test(() => {
    298    const key = '{{uuid()}}';
    299 
    300    return induceRequest(
    301        makeRequestURL(key, ['httpOrigin']),
    302        'srcset',
    303        {}
    304      )
    305      .then(() => retrieve(key))
    306      .then((headers) => {
    307          assert_not_own_property(headers, 'sec-fetch-user');
    308        });
    309  }, 'sec-fetch-user - srcset - Not sent to non-trustworthy same-origin destination, no attributes');
    310 
    311  promise_test(() => {
    312    const key = '{{uuid()}}';
    313 
    314    return induceRequest(
    315        makeRequestURL(key, ['httpSameSite']),
    316        'src',
    317        {}
    318      )
    319      .then(() => retrieve(key))
    320      .then((headers) => {
    321          assert_not_own_property(headers, 'sec-fetch-user');
    322        });
    323  }, 'sec-fetch-user - src - Not sent to non-trustworthy same-site destination, no attributes');
    324 
    325  promise_test(() => {
    326    const key = '{{uuid()}}';
    327 
    328    return induceRequest(
    329        makeRequestURL(key, ['httpSameSite']),
    330        'srcset',
    331        {}
    332      )
    333      .then(() => retrieve(key))
    334      .then((headers) => {
    335          assert_not_own_property(headers, 'sec-fetch-user');
    336        });
    337  }, 'sec-fetch-user - srcset - Not sent to non-trustworthy same-site destination, no attributes');
    338 
    339  promise_test(() => {
    340    const key = '{{uuid()}}';
    341 
    342    return induceRequest(
    343        makeRequestURL(key, ['httpCrossSite']),
    344        'src',
    345        {}
    346      )
    347      .then(() => retrieve(key))
    348      .then((headers) => {
    349          assert_not_own_property(headers, 'sec-fetch-user');
    350        });
    351  }, 'sec-fetch-user - src - Not sent to non-trustworthy cross-site destination, no attributes');
    352 
    353  promise_test(() => {
    354    const key = '{{uuid()}}';
    355 
    356    return induceRequest(
    357        makeRequestURL(key, ['httpCrossSite']),
    358        'srcset',
    359        {}
    360      )
    361      .then(() => retrieve(key))
    362      .then((headers) => {
    363          assert_not_own_property(headers, 'sec-fetch-user');
    364        });
    365  }, 'sec-fetch-user - srcset - Not sent to non-trustworthy cross-site destination, no attributes');
    366 
    367  promise_test(() => {
    368    const key = '{{uuid()}}';
    369 
    370    return induceRequest(
    371        makeRequestURL(key, ['httpOrigin']),
    372        'src',
    373        {}
    374      )
    375      .then(() => retrieve(key))
    376      .then((headers) => {
    377          assert_not_own_property(headers, 'sec-fetch-storage-access');
    378        });
    379  }, 'sec-fetch-storage-access - src - Not sent to non-trustworthy same-origin destination, no attributes');
    380 
    381  promise_test(() => {
    382    const key = '{{uuid()}}';
    383 
    384    return induceRequest(
    385        makeRequestURL(key, ['httpOrigin']),
    386        'srcset',
    387        {}
    388      )
    389      .then(() => retrieve(key))
    390      .then((headers) => {
    391          assert_not_own_property(headers, 'sec-fetch-storage-access');
    392        });
    393  }, 'sec-fetch-storage-access - srcset - Not sent to non-trustworthy same-origin destination, no attributes');
    394 
    395  promise_test(() => {
    396    const key = '{{uuid()}}';
    397 
    398    return induceRequest(
    399        makeRequestURL(key, ['httpSameSite']),
    400        'src',
    401        {}
    402      )
    403      .then(() => retrieve(key))
    404      .then((headers) => {
    405          assert_not_own_property(headers, 'sec-fetch-storage-access');
    406        });
    407  }, 'sec-fetch-storage-access - src - Not sent to non-trustworthy same-site destination, no attributes');
    408 
    409  promise_test(() => {
    410    const key = '{{uuid()}}';
    411 
    412    return induceRequest(
    413        makeRequestURL(key, ['httpSameSite']),
    414        'srcset',
    415        {}
    416      )
    417      .then(() => retrieve(key))
    418      .then((headers) => {
    419          assert_not_own_property(headers, 'sec-fetch-storage-access');
    420        });
    421  }, 'sec-fetch-storage-access - srcset - Not sent to non-trustworthy same-site destination, no attributes');
    422 
    423  promise_test(() => {
    424    const key = '{{uuid()}}';
    425 
    426    return induceRequest(
    427        makeRequestURL(key, ['httpCrossSite']),
    428        'src',
    429        {}
    430      )
    431      .then(() => retrieve(key))
    432      .then((headers) => {
    433          assert_not_own_property(headers, 'sec-fetch-storage-access');
    434        });
    435  }, 'sec-fetch-storage-access - src - Not sent to non-trustworthy cross-site destination, no attributes');
    436 
    437  promise_test(() => {
    438    const key = '{{uuid()}}';
    439 
    440    return induceRequest(
    441        makeRequestURL(key, ['httpCrossSite']),
    442        'srcset',
    443        {}
    444      )
    445      .then(() => retrieve(key))
    446      .then((headers) => {
    447          assert_not_own_property(headers, 'sec-fetch-storage-access');
    448        });
    449  }, 'sec-fetch-storage-access - srcset - Not sent to non-trustworthy cross-site destination, no attributes');
    450 
    451  promise_test(() => {
    452    const key = '{{uuid()}}';
    453 
    454    return induceRequest(
    455        makeRequestURL(key, ['httpsOrigin', 'httpOrigin']),
    456        'src',
    457        {}
    458      )
    459      .then(() => retrieve(key))
    460      .then((headers) => {
    461          assert_not_own_property(headers, 'sec-fetch-site');
    462        });
    463  }, 'sec-fetch-site - src - HTTPS downgrade (header not sent), no attributes');
    464 
    465  promise_test(() => {
    466    const key = '{{uuid()}}';
    467 
    468    return induceRequest(
    469        makeRequestURL(key, ['httpsOrigin', 'httpOrigin']),
    470        'srcset',
    471        {}
    472      )
    473      .then(() => retrieve(key))
    474      .then((headers) => {
    475          assert_not_own_property(headers, 'sec-fetch-site');
    476        });
    477  }, 'sec-fetch-site - srcset - HTTPS downgrade (header not sent), no attributes');
    478 
    479  promise_test(() => {
    480    const key = '{{uuid()}}';
    481 
    482    return induceRequest(
    483        makeRequestURL(key, ['httpOrigin', 'httpsOrigin']),
    484        'src',
    485        {}
    486      )
    487      .then(() => retrieve(key))
    488      .then((headers) => {
    489          assert_own_property(headers, 'sec-fetch-site');
    490          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    491        });
    492  }, 'sec-fetch-site - src - HTTPS upgrade, no attributes');
    493 
    494  promise_test(() => {
    495    const key = '{{uuid()}}';
    496 
    497    return induceRequest(
    498        makeRequestURL(key, ['httpOrigin', 'httpsOrigin']),
    499        'srcset',
    500        {}
    501      )
    502      .then(() => retrieve(key))
    503      .then((headers) => {
    504          assert_own_property(headers, 'sec-fetch-site');
    505          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    506        });
    507  }, 'sec-fetch-site - srcset - HTTPS upgrade, no attributes');
    508 
    509  promise_test(() => {
    510    const key = '{{uuid()}}';
    511 
    512    return induceRequest(
    513        makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']),
    514        'src',
    515        {}
    516      )
    517      .then(() => retrieve(key))
    518      .then((headers) => {
    519          assert_own_property(headers, 'sec-fetch-site');
    520          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    521        });
    522  }, 'sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes');
    523 
    524  promise_test(() => {
    525    const key = '{{uuid()}}';
    526 
    527    return induceRequest(
    528        makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']),
    529        'srcset',
    530        {}
    531      )
    532      .then(() => retrieve(key))
    533      .then((headers) => {
    534          assert_own_property(headers, 'sec-fetch-site');
    535          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    536        });
    537  }, 'sec-fetch-site - srcset - HTTPS downgrade-upgrade, no attributes');
    538  </script>
    539  </body>
    540 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE