element-link-prefetch.optional.sub.html (8479B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-link-prefetch.optional.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for HTML "link" element with rel="prefetch"</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/fetch/metadata/resources/helper.sub.js"></script> 15 <body> 16 <script> 17 'use strict'; 18 19 /** 20 * The `link` element supports a `load` event. That event would reliably 21 * indicate that the browser had received the request. Multiple major 22 * browsers do not implement the event, however, so in order to promote the 23 * visibility of this test, a less efficient polling-based detection 24 * mechanism is used. 25 * 26 * https://bugzilla.mozilla.org/show_bug.cgi?id=1638188 27 * https://bugs.chromium.org/p/chromium/issues/detail?id=1083034 28 */ 29 function induceRequest(t, url, attributes) { 30 const link = document.createElement('link'); 31 link.setAttribute('rel', 'prefetch'); 32 link.setAttribute('href', url); 33 34 for (const [ name, value ] of Object.entries(attributes)) { 35 link.setAttribute(name, value); 36 } 37 38 document.head.appendChild(link); 39 t.add_cleanup(() => link.remove()); 40 } 41 42 setup(() => { 43 assert_implements_optional(document.createElement('link').relList.supports('prefetch')); 44 }); 45 46 promise_test((t) => { 47 const key = '{{uuid()}}'; 48 49 induceRequest( 50 t, 51 makeRequestURL(key, ['httpOrigin']), 52 {} 53 ); 54 55 return retrieve(key, {poll:true}) 56 .then((headers) => { 57 assert_not_own_property(headers, 'sec-fetch-site'); 58 }); 59 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination no attributes'); 60 61 promise_test((t) => { 62 const key = '{{uuid()}}'; 63 64 induceRequest( 65 t, 66 makeRequestURL(key, ['httpSameSite']), 67 {} 68 ); 69 70 return retrieve(key, {poll:true}) 71 .then((headers) => { 72 assert_not_own_property(headers, 'sec-fetch-site'); 73 }); 74 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination no attributes'); 75 76 promise_test((t) => { 77 const key = '{{uuid()}}'; 78 79 induceRequest( 80 t, 81 makeRequestURL(key, ['httpCrossSite']), 82 {} 83 ); 84 85 return retrieve(key, {poll:true}) 86 .then((headers) => { 87 assert_not_own_property(headers, 'sec-fetch-site'); 88 }); 89 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination no attributes'); 90 91 promise_test((t) => { 92 const key = '{{uuid()}}'; 93 94 induceRequest( 95 t, 96 makeRequestURL(key, ['httpOrigin']), 97 {} 98 ); 99 100 return retrieve(key, {poll:true}) 101 .then((headers) => { 102 assert_not_own_property(headers, 'sec-fetch-mode'); 103 }); 104 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination no attributes'); 105 106 promise_test((t) => { 107 const key = '{{uuid()}}'; 108 109 induceRequest( 110 t, 111 makeRequestURL(key, ['httpSameSite']), 112 {} 113 ); 114 115 return retrieve(key, {poll:true}) 116 .then((headers) => { 117 assert_not_own_property(headers, 'sec-fetch-mode'); 118 }); 119 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination no attributes'); 120 121 promise_test((t) => { 122 const key = '{{uuid()}}'; 123 124 induceRequest( 125 t, 126 makeRequestURL(key, ['httpCrossSite']), 127 {} 128 ); 129 130 return retrieve(key, {poll:true}) 131 .then((headers) => { 132 assert_not_own_property(headers, 'sec-fetch-mode'); 133 }); 134 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination no attributes'); 135 136 promise_test((t) => { 137 const key = '{{uuid()}}'; 138 139 induceRequest( 140 t, 141 makeRequestURL(key, ['httpOrigin']), 142 {} 143 ); 144 145 return retrieve(key, {poll:true}) 146 .then((headers) => { 147 assert_not_own_property(headers, 'sec-fetch-dest'); 148 }); 149 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination no attributes'); 150 151 promise_test((t) => { 152 const key = '{{uuid()}}'; 153 154 induceRequest( 155 t, 156 makeRequestURL(key, ['httpSameSite']), 157 {} 158 ); 159 160 return retrieve(key, {poll:true}) 161 .then((headers) => { 162 assert_not_own_property(headers, 'sec-fetch-dest'); 163 }); 164 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination no attributes'); 165 166 promise_test((t) => { 167 const key = '{{uuid()}}'; 168 169 induceRequest( 170 t, 171 makeRequestURL(key, ['httpCrossSite']), 172 {} 173 ); 174 175 return retrieve(key, {poll:true}) 176 .then((headers) => { 177 assert_not_own_property(headers, 'sec-fetch-dest'); 178 }); 179 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination no attributes'); 180 181 promise_test((t) => { 182 const key = '{{uuid()}}'; 183 184 induceRequest( 185 t, 186 makeRequestURL(key, ['httpOrigin']), 187 {} 188 ); 189 190 return retrieve(key, {poll:true}) 191 .then((headers) => { 192 assert_not_own_property(headers, 'sec-fetch-user'); 193 }); 194 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination no attributes'); 195 196 promise_test((t) => { 197 const key = '{{uuid()}}'; 198 199 induceRequest( 200 t, 201 makeRequestURL(key, ['httpSameSite']), 202 {} 203 ); 204 205 return retrieve(key, {poll:true}) 206 .then((headers) => { 207 assert_not_own_property(headers, 'sec-fetch-user'); 208 }); 209 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination no attributes'); 210 211 promise_test((t) => { 212 const key = '{{uuid()}}'; 213 214 induceRequest( 215 t, 216 makeRequestURL(key, ['httpCrossSite']), 217 {} 218 ); 219 220 return retrieve(key, {poll:true}) 221 .then((headers) => { 222 assert_not_own_property(headers, 'sec-fetch-user'); 223 }); 224 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination no attributes'); 225 226 promise_test((t) => { 227 const key = '{{uuid()}}'; 228 229 induceRequest( 230 t, 231 makeRequestURL(key, ['httpOrigin']), 232 {} 233 ); 234 235 return retrieve(key, {poll:true}) 236 .then((headers) => { 237 assert_not_own_property(headers, 'sec-fetch-storage-access'); 238 }); 239 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination no attributes'); 240 241 promise_test((t) => { 242 const key = '{{uuid()}}'; 243 244 induceRequest( 245 t, 246 makeRequestURL(key, ['httpSameSite']), 247 {} 248 ); 249 250 return retrieve(key, {poll:true}) 251 .then((headers) => { 252 assert_not_own_property(headers, 'sec-fetch-storage-access'); 253 }); 254 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination no attributes'); 255 256 promise_test((t) => { 257 const key = '{{uuid()}}'; 258 259 induceRequest( 260 t, 261 makeRequestURL(key, ['httpCrossSite']), 262 {} 263 ); 264 265 return retrieve(key, {poll:true}) 266 .then((headers) => { 267 assert_not_own_property(headers, 'sec-fetch-storage-access'); 268 }); 269 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination no attributes'); 270 271 promise_test((t) => { 272 const key = '{{uuid()}}'; 273 274 induceRequest( 275 t, 276 makeRequestURL(key, ['httpsOrigin', 'httpOrigin']), 277 {} 278 ); 279 280 return retrieve(key, {poll:true}) 281 .then((headers) => { 282 assert_not_own_property(headers, 'sec-fetch-site'); 283 }); 284 }, 'sec-fetch-site - HTTPS downgrade (header not sent) no attributes'); 285 286 promise_test((t) => { 287 const key = '{{uuid()}}'; 288 289 induceRequest( 290 t, 291 makeRequestURL(key, ['httpOrigin', 'httpsOrigin']), 292 {} 293 ); 294 295 return retrieve(key, {poll:true}) 296 .then((headers) => { 297 assert_own_property(headers, 'sec-fetch-site'); 298 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 299 }); 300 }, 'sec-fetch-site - HTTPS upgrade no attributes'); 301 302 promise_test((t) => { 303 const key = '{{uuid()}}'; 304 305 induceRequest( 306 t, 307 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']), 308 {} 309 ); 310 311 return retrieve(key, {poll:true}) 312 .then((headers) => { 313 assert_own_property(headers, 'sec-fetch-site'); 314 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 315 }); 316 }, 'sec-fetch-site - HTTPS downgrade-upgrade no attributes'); 317 </script> 318 </body> 319 </html>