element-input-image.sub.html (7389B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-input-image.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for HTML "input" element with type="button"</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 function induceRequest(url, test) { 19 const input = document.createElement('input'); 20 input.setAttribute('type', 'image'); 21 22 document.body.appendChild(input); 23 test.add_cleanup(() => input.remove()); 24 25 return new Promise((resolve) => { 26 input.onload = input.onerror = resolve; 27 input.setAttribute('src', url); 28 }); 29 } 30 31 promise_test((t) => { 32 const key = '{{uuid()}}'; 33 34 return induceRequest(makeRequestURL(key, ['httpOrigin']), t) 35 .then(() => retrieve(key)) 36 .then((headers) => { 37 assert_not_own_property(headers, 'sec-fetch-site'); 38 }); 39 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination, no attributes'); 40 41 promise_test((t) => { 42 const key = '{{uuid()}}'; 43 44 return induceRequest(makeRequestURL(key, ['httpSameSite']), t) 45 .then(() => retrieve(key)) 46 .then((headers) => { 47 assert_not_own_property(headers, 'sec-fetch-site'); 48 }); 49 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination, no attributes'); 50 51 promise_test((t) => { 52 const key = '{{uuid()}}'; 53 54 return induceRequest(makeRequestURL(key, ['httpCrossSite']), t) 55 .then(() => retrieve(key)) 56 .then((headers) => { 57 assert_not_own_property(headers, 'sec-fetch-site'); 58 }); 59 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination, no attributes'); 60 61 promise_test((t) => { 62 const key = '{{uuid()}}'; 63 64 return induceRequest(makeRequestURL(key, ['httpOrigin']), t) 65 .then(() => retrieve(key)) 66 .then((headers) => { 67 assert_not_own_property(headers, 'sec-fetch-mode'); 68 }); 69 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination, no attributes'); 70 71 promise_test((t) => { 72 const key = '{{uuid()}}'; 73 74 return induceRequest(makeRequestURL(key, ['httpSameSite']), t) 75 .then(() => retrieve(key)) 76 .then((headers) => { 77 assert_not_own_property(headers, 'sec-fetch-mode'); 78 }); 79 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination, no attributes'); 80 81 promise_test((t) => { 82 const key = '{{uuid()}}'; 83 84 return induceRequest(makeRequestURL(key, ['httpCrossSite']), t) 85 .then(() => retrieve(key)) 86 .then((headers) => { 87 assert_not_own_property(headers, 'sec-fetch-mode'); 88 }); 89 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination, no attributes'); 90 91 promise_test((t) => { 92 const key = '{{uuid()}}'; 93 94 return induceRequest(makeRequestURL(key, ['httpOrigin']), t) 95 .then(() => retrieve(key)) 96 .then((headers) => { 97 assert_not_own_property(headers, 'sec-fetch-dest'); 98 }); 99 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination, no attributes'); 100 101 promise_test((t) => { 102 const key = '{{uuid()}}'; 103 104 return induceRequest(makeRequestURL(key, ['httpSameSite']), t) 105 .then(() => retrieve(key)) 106 .then((headers) => { 107 assert_not_own_property(headers, 'sec-fetch-dest'); 108 }); 109 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination, no attributes'); 110 111 promise_test((t) => { 112 const key = '{{uuid()}}'; 113 114 return induceRequest(makeRequestURL(key, ['httpCrossSite']), t) 115 .then(() => retrieve(key)) 116 .then((headers) => { 117 assert_not_own_property(headers, 'sec-fetch-dest'); 118 }); 119 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination, no attributes'); 120 121 promise_test((t) => { 122 const key = '{{uuid()}}'; 123 124 return induceRequest(makeRequestURL(key, ['httpOrigin']), t) 125 .then(() => retrieve(key)) 126 .then((headers) => { 127 assert_not_own_property(headers, 'sec-fetch-user'); 128 }); 129 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination, no attributes'); 130 131 promise_test((t) => { 132 const key = '{{uuid()}}'; 133 134 return induceRequest(makeRequestURL(key, ['httpSameSite']), t) 135 .then(() => retrieve(key)) 136 .then((headers) => { 137 assert_not_own_property(headers, 'sec-fetch-user'); 138 }); 139 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination, no attributes'); 140 141 promise_test((t) => { 142 const key = '{{uuid()}}'; 143 144 return induceRequest(makeRequestURL(key, ['httpCrossSite']), t) 145 .then(() => retrieve(key)) 146 .then((headers) => { 147 assert_not_own_property(headers, 'sec-fetch-user'); 148 }); 149 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no attributes'); 150 151 promise_test((t) => { 152 const key = '{{uuid()}}'; 153 154 return induceRequest(makeRequestURL(key, ['httpOrigin']), t) 155 .then(() => retrieve(key)) 156 .then((headers) => { 157 assert_not_own_property(headers, 'sec-fetch-storage-access'); 158 }); 159 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes'); 160 161 promise_test((t) => { 162 const key = '{{uuid()}}'; 163 164 return induceRequest(makeRequestURL(key, ['httpSameSite']), t) 165 .then(() => retrieve(key)) 166 .then((headers) => { 167 assert_not_own_property(headers, 'sec-fetch-storage-access'); 168 }); 169 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes'); 170 171 promise_test((t) => { 172 const key = '{{uuid()}}'; 173 174 return induceRequest(makeRequestURL(key, ['httpCrossSite']), t) 175 .then(() => retrieve(key)) 176 .then((headers) => { 177 assert_not_own_property(headers, 'sec-fetch-storage-access'); 178 }); 179 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes'); 180 181 promise_test((t) => { 182 const key = '{{uuid()}}'; 183 184 return induceRequest(makeRequestURL(key, ['httpsOrigin', 'httpOrigin']), t) 185 .then(() => retrieve(key)) 186 .then((headers) => { 187 assert_not_own_property(headers, 'sec-fetch-site'); 188 }); 189 }, 'sec-fetch-site - HTTPS downgrade (header not sent), no attributes'); 190 191 promise_test((t) => { 192 const key = '{{uuid()}}'; 193 194 return induceRequest(makeRequestURL(key, ['httpOrigin', 'httpsOrigin']), t) 195 .then(() => retrieve(key)) 196 .then((headers) => { 197 assert_own_property(headers, 'sec-fetch-site'); 198 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 199 }); 200 }, 'sec-fetch-site - HTTPS upgrade, no attributes'); 201 202 promise_test((t) => { 203 const key = '{{uuid()}}'; 204 205 return induceRequest(makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']), t) 206 .then(() => retrieve(key)) 207 .then((headers) => { 208 assert_own_property(headers, 'sec-fetch-site'); 209 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 210 }); 211 }, 'sec-fetch-site - HTTPS downgrade-upgrade, no attributes'); 212 </script> 213 </body> 214 </html>