element-link-icon.sub.html (8693B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-link-icon.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for HTML "link" element with rel="icon"</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/fetch/metadata/resources/helper.sub.js"></script> 15 <body> 16 <script> 17 'use strict'; 18 19 const params = { 20 body: ` 21 <svg xmlns="http://www.w3.org/2000/svg" width="123" height="123"> 22 <rect fill="lime" width="123" height="123"/> 23 </svg> 24 `, 25 mime: 'image/svg+xml' 26 }; 27 28 /** 29 * The `link` element supports a `load` event. That event would reliably 30 * indicate that the browser had received the request. Multiple major 31 * browsers do not implement the event, however, so in order to promote the 32 * visibility of this test, a less efficient polling-based detection 33 * mechanism is used. 34 * 35 * https://bugzilla.mozilla.org/show_bug.cgi?id=1638188 36 * https://bugs.chromium.org/p/chromium/issues/detail?id=1083034 37 */ 38 function induceRequest(t, url, attributes) { 39 const link = document.createElement('link'); 40 link.setAttribute('rel', 'icon'); 41 link.setAttribute('href', url); 42 43 for (const [ name, value ] of Object.entries(attributes)) { 44 link.setAttribute(name, value); 45 } 46 47 document.head.appendChild(link); 48 t.add_cleanup(() => link.remove()); 49 } 50 51 promise_test((t) => { 52 const key = '{{uuid()}}'; 53 54 induceRequest( 55 t, 56 makeRequestURL(key, ['httpOrigin'], params), 57 {} 58 ); 59 60 return retrieve(key, {poll:true}) 61 .then((headers) => { 62 assert_not_own_property(headers, 'sec-fetch-site'); 63 }); 64 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination no attributes'); 65 66 promise_test((t) => { 67 const key = '{{uuid()}}'; 68 69 induceRequest( 70 t, 71 makeRequestURL(key, ['httpSameSite'], params), 72 {} 73 ); 74 75 return retrieve(key, {poll:true}) 76 .then((headers) => { 77 assert_not_own_property(headers, 'sec-fetch-site'); 78 }); 79 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination no attributes'); 80 81 promise_test((t) => { 82 const key = '{{uuid()}}'; 83 84 induceRequest( 85 t, 86 makeRequestURL(key, ['httpCrossSite'], params), 87 {} 88 ); 89 90 return retrieve(key, {poll:true}) 91 .then((headers) => { 92 assert_not_own_property(headers, 'sec-fetch-site'); 93 }); 94 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination no attributes'); 95 96 promise_test((t) => { 97 const key = '{{uuid()}}'; 98 99 induceRequest( 100 t, 101 makeRequestURL(key, ['httpOrigin'], params), 102 {} 103 ); 104 105 return retrieve(key, {poll:true}) 106 .then((headers) => { 107 assert_not_own_property(headers, 'sec-fetch-mode'); 108 }); 109 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination no attributes'); 110 111 promise_test((t) => { 112 const key = '{{uuid()}}'; 113 114 induceRequest( 115 t, 116 makeRequestURL(key, ['httpSameSite'], params), 117 {} 118 ); 119 120 return retrieve(key, {poll:true}) 121 .then((headers) => { 122 assert_not_own_property(headers, 'sec-fetch-mode'); 123 }); 124 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination no attributes'); 125 126 promise_test((t) => { 127 const key = '{{uuid()}}'; 128 129 induceRequest( 130 t, 131 makeRequestURL(key, ['httpCrossSite'], params), 132 {} 133 ); 134 135 return retrieve(key, {poll:true}) 136 .then((headers) => { 137 assert_not_own_property(headers, 'sec-fetch-mode'); 138 }); 139 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination no attributes'); 140 141 promise_test((t) => { 142 const key = '{{uuid()}}'; 143 144 induceRequest( 145 t, 146 makeRequestURL(key, ['httpOrigin'], params), 147 {} 148 ); 149 150 return retrieve(key, {poll:true}) 151 .then((headers) => { 152 assert_not_own_property(headers, 'sec-fetch-dest'); 153 }); 154 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination no attributes'); 155 156 promise_test((t) => { 157 const key = '{{uuid()}}'; 158 159 induceRequest( 160 t, 161 makeRequestURL(key, ['httpSameSite'], params), 162 {} 163 ); 164 165 return retrieve(key, {poll:true}) 166 .then((headers) => { 167 assert_not_own_property(headers, 'sec-fetch-dest'); 168 }); 169 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination no attributes'); 170 171 promise_test((t) => { 172 const key = '{{uuid()}}'; 173 174 induceRequest( 175 t, 176 makeRequestURL(key, ['httpCrossSite'], params), 177 {} 178 ); 179 180 return retrieve(key, {poll:true}) 181 .then((headers) => { 182 assert_not_own_property(headers, 'sec-fetch-dest'); 183 }); 184 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination no attributes'); 185 186 promise_test((t) => { 187 const key = '{{uuid()}}'; 188 189 induceRequest( 190 t, 191 makeRequestURL(key, ['httpOrigin'], params), 192 {} 193 ); 194 195 return retrieve(key, {poll:true}) 196 .then((headers) => { 197 assert_not_own_property(headers, 'sec-fetch-user'); 198 }); 199 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination no attributes'); 200 201 promise_test((t) => { 202 const key = '{{uuid()}}'; 203 204 induceRequest( 205 t, 206 makeRequestURL(key, ['httpSameSite'], params), 207 {} 208 ); 209 210 return retrieve(key, {poll:true}) 211 .then((headers) => { 212 assert_not_own_property(headers, 'sec-fetch-user'); 213 }); 214 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination no attributes'); 215 216 promise_test((t) => { 217 const key = '{{uuid()}}'; 218 219 induceRequest( 220 t, 221 makeRequestURL(key, ['httpCrossSite'], params), 222 {} 223 ); 224 225 return retrieve(key, {poll:true}) 226 .then((headers) => { 227 assert_not_own_property(headers, 'sec-fetch-user'); 228 }); 229 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination no attributes'); 230 231 promise_test((t) => { 232 const key = '{{uuid()}}'; 233 234 induceRequest( 235 t, 236 makeRequestURL(key, ['httpOrigin'], params), 237 {} 238 ); 239 240 return retrieve(key, {poll:true}) 241 .then((headers) => { 242 assert_not_own_property(headers, 'sec-fetch-storage-access'); 243 }); 244 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination no attributes'); 245 246 promise_test((t) => { 247 const key = '{{uuid()}}'; 248 249 induceRequest( 250 t, 251 makeRequestURL(key, ['httpSameSite'], params), 252 {} 253 ); 254 255 return retrieve(key, {poll:true}) 256 .then((headers) => { 257 assert_not_own_property(headers, 'sec-fetch-storage-access'); 258 }); 259 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination no attributes'); 260 261 promise_test((t) => { 262 const key = '{{uuid()}}'; 263 264 induceRequest( 265 t, 266 makeRequestURL(key, ['httpCrossSite'], params), 267 {} 268 ); 269 270 return retrieve(key, {poll:true}) 271 .then((headers) => { 272 assert_not_own_property(headers, 'sec-fetch-storage-access'); 273 }); 274 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination no attributes'); 275 276 promise_test((t) => { 277 const key = '{{uuid()}}'; 278 279 induceRequest( 280 t, 281 makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], params), 282 {} 283 ); 284 285 return retrieve(key, {poll:true}) 286 .then((headers) => { 287 assert_not_own_property(headers, 'sec-fetch-site'); 288 }); 289 }, 'sec-fetch-site - HTTPS downgrade (header not sent) no attributes'); 290 291 promise_test((t) => { 292 const key = '{{uuid()}}'; 293 294 induceRequest( 295 t, 296 makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], params), 297 {} 298 ); 299 300 return retrieve(key, {poll:true}) 301 .then((headers) => { 302 assert_own_property(headers, 'sec-fetch-site'); 303 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 304 }); 305 }, 'sec-fetch-site - HTTPS upgrade no attributes'); 306 307 promise_test((t) => { 308 const key = '{{uuid()}}'; 309 310 induceRequest( 311 t, 312 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], params), 313 {} 314 ); 315 316 return retrieve(key, {poll:true}) 317 .then((headers) => { 318 assert_own_property(headers, 'sec-fetch-site'); 319 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 320 }); 321 }, 'sec-fetch-site - HTTPS downgrade-upgrade no attributes'); 322 </script> 323 </body> 324 </html>