[ tor-browser ].git.dasho

element-meta-refresh.optional.sub.html (7910B)
      1 <!DOCTYPE html>
      2 <!--
      3 This test was procedurally generated. Please do not modify it directly.
      4 Sources:
      5 - fetch/metadata/tools/fetch-metadata.conf.yml
      6 - fetch/metadata/tools/templates/element-meta-refresh.optional.sub.html
      7 -->
      8 <html lang="en">
      9  <meta charset="utf-8">
     10  <title>HTTP headers on request for HTML "meta" element with http-equiv="refresh"</title>
     11  <script src="/resources/testharness.js"></script>
     12  <script src="/resources/testharnessreport.js"></script>
     13  <script src="/fetch/metadata/resources/helper.sub.js"></script>
     14  <body>
     15  <script>
     16  'use strict';
     17 
     18  function induceRequest(url, test) {
     19    const win = window.open();
     20    test.add_cleanup(() => win.close());
     21 
     22    win.document.open();
     23    win.document.write(
     24      `<meta http-equiv="Refresh" content="0; URL=${url}">`
     25    );
     26    win.document.close();
     27 
     28    return new Promise((resolve) => {
     29      addEventListener('message', (event) => {
     30          if (event.source === win) {
     31            resolve();
     32          }
     33        });
     34    });
     35  }
     36 
     37  const responseParams = {
     38    mime: 'text/html',
     39    body: `<script>opener.postMessage(0, '*')</${''}script>`
     40  };
     41 
     42  promise_test((t) => {
     43    const key = '{{uuid()}}';
     44 
     45    return induceRequest(
     46        makeRequestURL(key, ['httpOrigin'], responseParams), t
     47      )
     48      .then(() => retrieve(key))
     49      .then((headers) => {
     50          assert_not_own_property(headers, 'sec-fetch-site');
     51        });
     52  }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination');
     53 
     54  promise_test((t) => {
     55    const key = '{{uuid()}}';
     56 
     57    return induceRequest(
     58        makeRequestURL(key, ['httpSameSite'], responseParams), t
     59      )
     60      .then(() => retrieve(key))
     61      .then((headers) => {
     62          assert_not_own_property(headers, 'sec-fetch-site');
     63        });
     64  }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination');
     65 
     66  promise_test((t) => {
     67    const key = '{{uuid()}}';
     68 
     69    return induceRequest(
     70        makeRequestURL(key, ['httpCrossSite'], responseParams), t
     71      )
     72      .then(() => retrieve(key))
     73      .then((headers) => {
     74          assert_not_own_property(headers, 'sec-fetch-site');
     75        });
     76  }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination');
     77 
     78  promise_test((t) => {
     79    const key = '{{uuid()}}';
     80 
     81    return induceRequest(
     82        makeRequestURL(key, ['httpOrigin'], responseParams), t
     83      )
     84      .then(() => retrieve(key))
     85      .then((headers) => {
     86          assert_not_own_property(headers, 'sec-fetch-mode');
     87        });
     88  }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination');
     89 
     90  promise_test((t) => {
     91    const key = '{{uuid()}}';
     92 
     93    return induceRequest(
     94        makeRequestURL(key, ['httpSameSite'], responseParams), t
     95      )
     96      .then(() => retrieve(key))
     97      .then((headers) => {
     98          assert_not_own_property(headers, 'sec-fetch-mode');
     99        });
    100  }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination');
    101 
    102  promise_test((t) => {
    103    const key = '{{uuid()}}';
    104 
    105    return induceRequest(
    106        makeRequestURL(key, ['httpCrossSite'], responseParams), t
    107      )
    108      .then(() => retrieve(key))
    109      .then((headers) => {
    110          assert_not_own_property(headers, 'sec-fetch-mode');
    111        });
    112  }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination');
    113 
    114  promise_test((t) => {
    115    const key = '{{uuid()}}';
    116 
    117    return induceRequest(
    118        makeRequestURL(key, ['httpOrigin'], responseParams), t
    119      )
    120      .then(() => retrieve(key))
    121      .then((headers) => {
    122          assert_not_own_property(headers, 'sec-fetch-dest');
    123        });
    124  }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination');
    125 
    126  promise_test((t) => {
    127    const key = '{{uuid()}}';
    128 
    129    return induceRequest(
    130        makeRequestURL(key, ['httpSameSite'], responseParams), t
    131      )
    132      .then(() => retrieve(key))
    133      .then((headers) => {
    134          assert_not_own_property(headers, 'sec-fetch-dest');
    135        });
    136  }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination');
    137 
    138  promise_test((t) => {
    139    const key = '{{uuid()}}';
    140 
    141    return induceRequest(
    142        makeRequestURL(key, ['httpCrossSite'], responseParams), t
    143      )
    144      .then(() => retrieve(key))
    145      .then((headers) => {
    146          assert_not_own_property(headers, 'sec-fetch-dest');
    147        });
    148  }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination');
    149 
    150  promise_test((t) => {
    151    const key = '{{uuid()}}';
    152 
    153    return induceRequest(
    154        makeRequestURL(key, ['httpOrigin'], responseParams), t
    155      )
    156      .then(() => retrieve(key))
    157      .then((headers) => {
    158          assert_not_own_property(headers, 'sec-fetch-user');
    159        });
    160  }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination');
    161 
    162  promise_test((t) => {
    163    const key = '{{uuid()}}';
    164 
    165    return induceRequest(
    166        makeRequestURL(key, ['httpSameSite'], responseParams), t
    167      )
    168      .then(() => retrieve(key))
    169      .then((headers) => {
    170          assert_not_own_property(headers, 'sec-fetch-user');
    171        });
    172  }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination');
    173 
    174  promise_test((t) => {
    175    const key = '{{uuid()}}';
    176 
    177    return induceRequest(
    178        makeRequestURL(key, ['httpCrossSite'], responseParams), t
    179      )
    180      .then(() => retrieve(key))
    181      .then((headers) => {
    182          assert_not_own_property(headers, 'sec-fetch-user');
    183        });
    184  }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
    185 
    186  promise_test((t) => {
    187    const key = '{{uuid()}}';
    188 
    189    return induceRequest(
    190        makeRequestURL(key, ['httpOrigin'], responseParams), t
    191      )
    192      .then(() => retrieve(key))
    193      .then((headers) => {
    194          assert_not_own_property(headers, 'sec-fetch-storage-access');
    195        });
    196  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
    197 
    198  promise_test((t) => {
    199    const key = '{{uuid()}}';
    200 
    201    return induceRequest(
    202        makeRequestURL(key, ['httpSameSite'], responseParams), t
    203      )
    204      .then(() => retrieve(key))
    205      .then((headers) => {
    206          assert_not_own_property(headers, 'sec-fetch-storage-access');
    207        });
    208  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
    209 
    210  promise_test((t) => {
    211    const key = '{{uuid()}}';
    212 
    213    return induceRequest(
    214        makeRequestURL(key, ['httpCrossSite'], responseParams), t
    215      )
    216      .then(() => retrieve(key))
    217      .then((headers) => {
    218          assert_not_own_property(headers, 'sec-fetch-storage-access');
    219        });
    220  }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
    221 
    222  promise_test((t) => {
    223    const key = '{{uuid()}}';
    224 
    225    return induceRequest(
    226        makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams), t
    227      )
    228      .then(() => retrieve(key))
    229      .then((headers) => {
    230          assert_not_own_property(headers, 'sec-fetch-site');
    231        });
    232  }, 'sec-fetch-site - HTTPS downgrade (header not sent)');
    233 
    234  promise_test((t) => {
    235    const key = '{{uuid()}}';
    236 
    237    return induceRequest(
    238        makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], responseParams), t
    239      )
    240      .then(() => retrieve(key))
    241      .then((headers) => {
    242          assert_own_property(headers, 'sec-fetch-site');
    243          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    244        });
    245  }, 'sec-fetch-site - HTTPS upgrade');
    246 
    247  promise_test((t) => {
    248    const key = '{{uuid()}}';
    249 
    250    return induceRequest(
    251        makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams), t
    252      )
    253      .then(() => retrieve(key))
    254      .then((headers) => {
    255          assert_own_property(headers, 'sec-fetch-site');
    256          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    257        });
    258  }, 'sec-fetch-site - HTTPS downgrade-upgrade');
    259  </script>
    260  </body>
    261 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE