element-picture.sub.html (24372B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-picture.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for HTML "picture" element source</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 function induceRequest(url, sourceEl, sourceAttr, attributes) { 19 const picture = document.createElement('picture'); 20 const els = { 21 img: document.createElement('img'), 22 source: document.createElement('source') 23 }; 24 picture.appendChild(els.source); 25 picture.appendChild(els.img); 26 document.body.appendChild(picture); 27 28 for (const [ name, value ] of Object.entries(attributes)) { 29 els.img.setAttribute(name, value); 30 } 31 32 return new Promise((resolve) => { 33 els[sourceEl].setAttribute(sourceAttr, url); 34 els.img.onload = els.img.onerror = resolve; 35 }); 36 } 37 38 promise_test(() => { 39 const key = '{{uuid()}}'; 40 41 return induceRequest( 42 makeRequestURL(key, ['httpOrigin']), 43 'img', 44 'src', 45 {} 46 ) 47 .then(() => retrieve(key)) 48 .then((headers) => { 49 assert_not_own_property(headers, 'sec-fetch-site'); 50 }); 51 }, 'sec-fetch-site - img[src] - Not sent to non-trustworthy same-origin destination, no attributes'); 52 53 promise_test(() => { 54 const key = '{{uuid()}}'; 55 56 return induceRequest( 57 makeRequestURL(key, ['httpOrigin']), 58 'img', 59 'srcset', 60 {} 61 ) 62 .then(() => retrieve(key)) 63 .then((headers) => { 64 assert_not_own_property(headers, 'sec-fetch-site'); 65 }); 66 }, 'sec-fetch-site - img[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 67 68 promise_test(() => { 69 const key = '{{uuid()}}'; 70 71 return induceRequest( 72 makeRequestURL(key, ['httpOrigin']), 73 'source', 74 'srcset', 75 {} 76 ) 77 .then(() => retrieve(key)) 78 .then((headers) => { 79 assert_not_own_property(headers, 'sec-fetch-site'); 80 }); 81 }, 'sec-fetch-site - source[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 82 83 promise_test(() => { 84 const key = '{{uuid()}}'; 85 86 return induceRequest( 87 makeRequestURL(key, ['httpSameSite']), 88 'img', 89 'src', 90 {} 91 ) 92 .then(() => retrieve(key)) 93 .then((headers) => { 94 assert_not_own_property(headers, 'sec-fetch-site'); 95 }); 96 }, 'sec-fetch-site - img[src] - Not sent to non-trustworthy same-site destination, no attributes'); 97 98 promise_test(() => { 99 const key = '{{uuid()}}'; 100 101 return induceRequest( 102 makeRequestURL(key, ['httpSameSite']), 103 'img', 104 'srcset', 105 {} 106 ) 107 .then(() => retrieve(key)) 108 .then((headers) => { 109 assert_not_own_property(headers, 'sec-fetch-site'); 110 }); 111 }, 'sec-fetch-site - img[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 112 113 promise_test(() => { 114 const key = '{{uuid()}}'; 115 116 return induceRequest( 117 makeRequestURL(key, ['httpSameSite']), 118 'source', 119 'srcset', 120 {} 121 ) 122 .then(() => retrieve(key)) 123 .then((headers) => { 124 assert_not_own_property(headers, 'sec-fetch-site'); 125 }); 126 }, 'sec-fetch-site - source[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 127 128 promise_test(() => { 129 const key = '{{uuid()}}'; 130 131 return induceRequest( 132 makeRequestURL(key, ['httpCrossSite']), 133 'img', 134 'src', 135 {} 136 ) 137 .then(() => retrieve(key)) 138 .then((headers) => { 139 assert_not_own_property(headers, 'sec-fetch-site'); 140 }); 141 }, 'sec-fetch-site - img[src] - Not sent to non-trustworthy cross-site destination, no attributes'); 142 143 promise_test(() => { 144 const key = '{{uuid()}}'; 145 146 return induceRequest( 147 makeRequestURL(key, ['httpCrossSite']), 148 'img', 149 'srcset', 150 {} 151 ) 152 .then(() => retrieve(key)) 153 .then((headers) => { 154 assert_not_own_property(headers, 'sec-fetch-site'); 155 }); 156 }, 'sec-fetch-site - img[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 157 158 promise_test(() => { 159 const key = '{{uuid()}}'; 160 161 return induceRequest( 162 makeRequestURL(key, ['httpCrossSite']), 163 'source', 164 'srcset', 165 {} 166 ) 167 .then(() => retrieve(key)) 168 .then((headers) => { 169 assert_not_own_property(headers, 'sec-fetch-site'); 170 }); 171 }, 'sec-fetch-site - source[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 172 173 promise_test(() => { 174 const key = '{{uuid()}}'; 175 176 return induceRequest( 177 makeRequestURL(key, ['httpOrigin']), 178 'img', 179 'src', 180 {} 181 ) 182 .then(() => retrieve(key)) 183 .then((headers) => { 184 assert_not_own_property(headers, 'sec-fetch-mode'); 185 }); 186 }, 'sec-fetch-mode - img[src] - Not sent to non-trustworthy same-origin destination, no attributes'); 187 188 promise_test(() => { 189 const key = '{{uuid()}}'; 190 191 return induceRequest( 192 makeRequestURL(key, ['httpOrigin']), 193 'img', 194 'srcset', 195 {} 196 ) 197 .then(() => retrieve(key)) 198 .then((headers) => { 199 assert_not_own_property(headers, 'sec-fetch-mode'); 200 }); 201 }, 'sec-fetch-mode - img[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 202 203 promise_test(() => { 204 const key = '{{uuid()}}'; 205 206 return induceRequest( 207 makeRequestURL(key, ['httpOrigin']), 208 'source', 209 'srcset', 210 {} 211 ) 212 .then(() => retrieve(key)) 213 .then((headers) => { 214 assert_not_own_property(headers, 'sec-fetch-mode'); 215 }); 216 }, 'sec-fetch-mode - source[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 217 218 promise_test(() => { 219 const key = '{{uuid()}}'; 220 221 return induceRequest( 222 makeRequestURL(key, ['httpSameSite']), 223 'img', 224 'src', 225 {} 226 ) 227 .then(() => retrieve(key)) 228 .then((headers) => { 229 assert_not_own_property(headers, 'sec-fetch-mode'); 230 }); 231 }, 'sec-fetch-mode - img[src] - Not sent to non-trustworthy same-site destination, no attributes'); 232 233 promise_test(() => { 234 const key = '{{uuid()}}'; 235 236 return induceRequest( 237 makeRequestURL(key, ['httpSameSite']), 238 'img', 239 'srcset', 240 {} 241 ) 242 .then(() => retrieve(key)) 243 .then((headers) => { 244 assert_not_own_property(headers, 'sec-fetch-mode'); 245 }); 246 }, 'sec-fetch-mode - img[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 247 248 promise_test(() => { 249 const key = '{{uuid()}}'; 250 251 return induceRequest( 252 makeRequestURL(key, ['httpSameSite']), 253 'source', 254 'srcset', 255 {} 256 ) 257 .then(() => retrieve(key)) 258 .then((headers) => { 259 assert_not_own_property(headers, 'sec-fetch-mode'); 260 }); 261 }, 'sec-fetch-mode - source[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 262 263 promise_test(() => { 264 const key = '{{uuid()}}'; 265 266 return induceRequest( 267 makeRequestURL(key, ['httpCrossSite']), 268 'img', 269 'src', 270 {} 271 ) 272 .then(() => retrieve(key)) 273 .then((headers) => { 274 assert_not_own_property(headers, 'sec-fetch-mode'); 275 }); 276 }, 'sec-fetch-mode - img[src] - Not sent to non-trustworthy cross-site destination, no attributes'); 277 278 promise_test(() => { 279 const key = '{{uuid()}}'; 280 281 return induceRequest( 282 makeRequestURL(key, ['httpCrossSite']), 283 'img', 284 'srcset', 285 {} 286 ) 287 .then(() => retrieve(key)) 288 .then((headers) => { 289 assert_not_own_property(headers, 'sec-fetch-mode'); 290 }); 291 }, 'sec-fetch-mode - img[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 292 293 promise_test(() => { 294 const key = '{{uuid()}}'; 295 296 return induceRequest( 297 makeRequestURL(key, ['httpCrossSite']), 298 'source', 299 'srcset', 300 {} 301 ) 302 .then(() => retrieve(key)) 303 .then((headers) => { 304 assert_not_own_property(headers, 'sec-fetch-mode'); 305 }); 306 }, 'sec-fetch-mode - source[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 307 308 promise_test(() => { 309 const key = '{{uuid()}}'; 310 311 return induceRequest( 312 makeRequestURL(key, ['httpOrigin']), 313 'img', 314 'src', 315 {} 316 ) 317 .then(() => retrieve(key)) 318 .then((headers) => { 319 assert_not_own_property(headers, 'sec-fetch-dest'); 320 }); 321 }, 'sec-fetch-dest - img[src] - Not sent to non-trustworthy same-origin destination, no attributes'); 322 323 promise_test(() => { 324 const key = '{{uuid()}}'; 325 326 return induceRequest( 327 makeRequestURL(key, ['httpOrigin']), 328 'img', 329 'srcset', 330 {} 331 ) 332 .then(() => retrieve(key)) 333 .then((headers) => { 334 assert_not_own_property(headers, 'sec-fetch-dest'); 335 }); 336 }, 'sec-fetch-dest - img[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 337 338 promise_test(() => { 339 const key = '{{uuid()}}'; 340 341 return induceRequest( 342 makeRequestURL(key, ['httpOrigin']), 343 'source', 344 'srcset', 345 {} 346 ) 347 .then(() => retrieve(key)) 348 .then((headers) => { 349 assert_not_own_property(headers, 'sec-fetch-dest'); 350 }); 351 }, 'sec-fetch-dest - source[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 352 353 promise_test(() => { 354 const key = '{{uuid()}}'; 355 356 return induceRequest( 357 makeRequestURL(key, ['httpSameSite']), 358 'img', 359 'src', 360 {} 361 ) 362 .then(() => retrieve(key)) 363 .then((headers) => { 364 assert_not_own_property(headers, 'sec-fetch-dest'); 365 }); 366 }, 'sec-fetch-dest - img[src] - Not sent to non-trustworthy same-site destination, no attributes'); 367 368 promise_test(() => { 369 const key = '{{uuid()}}'; 370 371 return induceRequest( 372 makeRequestURL(key, ['httpSameSite']), 373 'img', 374 'srcset', 375 {} 376 ) 377 .then(() => retrieve(key)) 378 .then((headers) => { 379 assert_not_own_property(headers, 'sec-fetch-dest'); 380 }); 381 }, 'sec-fetch-dest - img[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 382 383 promise_test(() => { 384 const key = '{{uuid()}}'; 385 386 return induceRequest( 387 makeRequestURL(key, ['httpSameSite']), 388 'source', 389 'srcset', 390 {} 391 ) 392 .then(() => retrieve(key)) 393 .then((headers) => { 394 assert_not_own_property(headers, 'sec-fetch-dest'); 395 }); 396 }, 'sec-fetch-dest - source[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 397 398 promise_test(() => { 399 const key = '{{uuid()}}'; 400 401 return induceRequest( 402 makeRequestURL(key, ['httpCrossSite']), 403 'img', 404 'src', 405 {} 406 ) 407 .then(() => retrieve(key)) 408 .then((headers) => { 409 assert_not_own_property(headers, 'sec-fetch-dest'); 410 }); 411 }, 'sec-fetch-dest - img[src] - Not sent to non-trustworthy cross-site destination, no attributes'); 412 413 promise_test(() => { 414 const key = '{{uuid()}}'; 415 416 return induceRequest( 417 makeRequestURL(key, ['httpCrossSite']), 418 'img', 419 'srcset', 420 {} 421 ) 422 .then(() => retrieve(key)) 423 .then((headers) => { 424 assert_not_own_property(headers, 'sec-fetch-dest'); 425 }); 426 }, 'sec-fetch-dest - img[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 427 428 promise_test(() => { 429 const key = '{{uuid()}}'; 430 431 return induceRequest( 432 makeRequestURL(key, ['httpCrossSite']), 433 'source', 434 'srcset', 435 {} 436 ) 437 .then(() => retrieve(key)) 438 .then((headers) => { 439 assert_not_own_property(headers, 'sec-fetch-dest'); 440 }); 441 }, 'sec-fetch-dest - source[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 442 443 promise_test(() => { 444 const key = '{{uuid()}}'; 445 446 return induceRequest( 447 makeRequestURL(key, ['httpOrigin']), 448 'img', 449 'src', 450 {} 451 ) 452 .then(() => retrieve(key)) 453 .then((headers) => { 454 assert_not_own_property(headers, 'sec-fetch-user'); 455 }); 456 }, 'sec-fetch-user - img[src] - Not sent to non-trustworthy same-origin destination, no attributes'); 457 458 promise_test(() => { 459 const key = '{{uuid()}}'; 460 461 return induceRequest( 462 makeRequestURL(key, ['httpOrigin']), 463 'img', 464 'srcset', 465 {} 466 ) 467 .then(() => retrieve(key)) 468 .then((headers) => { 469 assert_not_own_property(headers, 'sec-fetch-user'); 470 }); 471 }, 'sec-fetch-user - img[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 472 473 promise_test(() => { 474 const key = '{{uuid()}}'; 475 476 return induceRequest( 477 makeRequestURL(key, ['httpOrigin']), 478 'source', 479 'srcset', 480 {} 481 ) 482 .then(() => retrieve(key)) 483 .then((headers) => { 484 assert_not_own_property(headers, 'sec-fetch-user'); 485 }); 486 }, 'sec-fetch-user - source[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 487 488 promise_test(() => { 489 const key = '{{uuid()}}'; 490 491 return induceRequest( 492 makeRequestURL(key, ['httpSameSite']), 493 'img', 494 'src', 495 {} 496 ) 497 .then(() => retrieve(key)) 498 .then((headers) => { 499 assert_not_own_property(headers, 'sec-fetch-user'); 500 }); 501 }, 'sec-fetch-user - img[src] - Not sent to non-trustworthy same-site destination, no attributes'); 502 503 promise_test(() => { 504 const key = '{{uuid()}}'; 505 506 return induceRequest( 507 makeRequestURL(key, ['httpSameSite']), 508 'img', 509 'srcset', 510 {} 511 ) 512 .then(() => retrieve(key)) 513 .then((headers) => { 514 assert_not_own_property(headers, 'sec-fetch-user'); 515 }); 516 }, 'sec-fetch-user - img[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 517 518 promise_test(() => { 519 const key = '{{uuid()}}'; 520 521 return induceRequest( 522 makeRequestURL(key, ['httpSameSite']), 523 'source', 524 'srcset', 525 {} 526 ) 527 .then(() => retrieve(key)) 528 .then((headers) => { 529 assert_not_own_property(headers, 'sec-fetch-user'); 530 }); 531 }, 'sec-fetch-user - source[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 532 533 promise_test(() => { 534 const key = '{{uuid()}}'; 535 536 return induceRequest( 537 makeRequestURL(key, ['httpCrossSite']), 538 'img', 539 'src', 540 {} 541 ) 542 .then(() => retrieve(key)) 543 .then((headers) => { 544 assert_not_own_property(headers, 'sec-fetch-user'); 545 }); 546 }, 'sec-fetch-user - img[src] - Not sent to non-trustworthy cross-site destination, no attributes'); 547 548 promise_test(() => { 549 const key = '{{uuid()}}'; 550 551 return induceRequest( 552 makeRequestURL(key, ['httpCrossSite']), 553 'img', 554 'srcset', 555 {} 556 ) 557 .then(() => retrieve(key)) 558 .then((headers) => { 559 assert_not_own_property(headers, 'sec-fetch-user'); 560 }); 561 }, 'sec-fetch-user - img[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 562 563 promise_test(() => { 564 const key = '{{uuid()}}'; 565 566 return induceRequest( 567 makeRequestURL(key, ['httpCrossSite']), 568 'source', 569 'srcset', 570 {} 571 ) 572 .then(() => retrieve(key)) 573 .then((headers) => { 574 assert_not_own_property(headers, 'sec-fetch-user'); 575 }); 576 }, 'sec-fetch-user - source[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 577 578 promise_test(() => { 579 const key = '{{uuid()}}'; 580 581 return induceRequest( 582 makeRequestURL(key, ['httpOrigin']), 583 'img', 584 'src', 585 {} 586 ) 587 .then(() => retrieve(key)) 588 .then((headers) => { 589 assert_not_own_property(headers, 'sec-fetch-storage-access'); 590 }); 591 }, 'sec-fetch-storage-access - img[src] - Not sent to non-trustworthy same-origin destination, no attributes'); 592 593 promise_test(() => { 594 const key = '{{uuid()}}'; 595 596 return induceRequest( 597 makeRequestURL(key, ['httpOrigin']), 598 'img', 599 'srcset', 600 {} 601 ) 602 .then(() => retrieve(key)) 603 .then((headers) => { 604 assert_not_own_property(headers, 'sec-fetch-storage-access'); 605 }); 606 }, 'sec-fetch-storage-access - img[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 607 608 promise_test(() => { 609 const key = '{{uuid()}}'; 610 611 return induceRequest( 612 makeRequestURL(key, ['httpOrigin']), 613 'source', 614 'srcset', 615 {} 616 ) 617 .then(() => retrieve(key)) 618 .then((headers) => { 619 assert_not_own_property(headers, 'sec-fetch-storage-access'); 620 }); 621 }, 'sec-fetch-storage-access - source[srcset] - Not sent to non-trustworthy same-origin destination, no attributes'); 622 623 promise_test(() => { 624 const key = '{{uuid()}}'; 625 626 return induceRequest( 627 makeRequestURL(key, ['httpSameSite']), 628 'img', 629 'src', 630 {} 631 ) 632 .then(() => retrieve(key)) 633 .then((headers) => { 634 assert_not_own_property(headers, 'sec-fetch-storage-access'); 635 }); 636 }, 'sec-fetch-storage-access - img[src] - Not sent to non-trustworthy same-site destination, no attributes'); 637 638 promise_test(() => { 639 const key = '{{uuid()}}'; 640 641 return induceRequest( 642 makeRequestURL(key, ['httpSameSite']), 643 'img', 644 'srcset', 645 {} 646 ) 647 .then(() => retrieve(key)) 648 .then((headers) => { 649 assert_not_own_property(headers, 'sec-fetch-storage-access'); 650 }); 651 }, 'sec-fetch-storage-access - img[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 652 653 promise_test(() => { 654 const key = '{{uuid()}}'; 655 656 return induceRequest( 657 makeRequestURL(key, ['httpSameSite']), 658 'source', 659 'srcset', 660 {} 661 ) 662 .then(() => retrieve(key)) 663 .then((headers) => { 664 assert_not_own_property(headers, 'sec-fetch-storage-access'); 665 }); 666 }, 'sec-fetch-storage-access - source[srcset] - Not sent to non-trustworthy same-site destination, no attributes'); 667 668 promise_test(() => { 669 const key = '{{uuid()}}'; 670 671 return induceRequest( 672 makeRequestURL(key, ['httpCrossSite']), 673 'img', 674 'src', 675 {} 676 ) 677 .then(() => retrieve(key)) 678 .then((headers) => { 679 assert_not_own_property(headers, 'sec-fetch-storage-access'); 680 }); 681 }, 'sec-fetch-storage-access - img[src] - Not sent to non-trustworthy cross-site destination, no attributes'); 682 683 promise_test(() => { 684 const key = '{{uuid()}}'; 685 686 return induceRequest( 687 makeRequestURL(key, ['httpCrossSite']), 688 'img', 689 'srcset', 690 {} 691 ) 692 .then(() => retrieve(key)) 693 .then((headers) => { 694 assert_not_own_property(headers, 'sec-fetch-storage-access'); 695 }); 696 }, 'sec-fetch-storage-access - img[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 697 698 promise_test(() => { 699 const key = '{{uuid()}}'; 700 701 return induceRequest( 702 makeRequestURL(key, ['httpCrossSite']), 703 'source', 704 'srcset', 705 {} 706 ) 707 .then(() => retrieve(key)) 708 .then((headers) => { 709 assert_not_own_property(headers, 'sec-fetch-storage-access'); 710 }); 711 }, 'sec-fetch-storage-access - source[srcset] - Not sent to non-trustworthy cross-site destination, no attributes'); 712 713 promise_test(() => { 714 const key = '{{uuid()}}'; 715 716 return induceRequest( 717 makeRequestURL(key, ['httpsOrigin', 'httpOrigin']), 718 'img', 719 'src', 720 {} 721 ) 722 .then(() => retrieve(key)) 723 .then((headers) => { 724 assert_not_own_property(headers, 'sec-fetch-site'); 725 }); 726 }, 'sec-fetch-site - img[src] - HTTPS downgrade (header not sent), no attributes'); 727 728 promise_test(() => { 729 const key = '{{uuid()}}'; 730 731 return induceRequest( 732 makeRequestURL(key, ['httpsOrigin', 'httpOrigin']), 733 'img', 734 'srcset', 735 {} 736 ) 737 .then(() => retrieve(key)) 738 .then((headers) => { 739 assert_not_own_property(headers, 'sec-fetch-site'); 740 }); 741 }, 'sec-fetch-site - img[srcset] - HTTPS downgrade (header not sent), no attributes'); 742 743 promise_test(() => { 744 const key = '{{uuid()}}'; 745 746 return induceRequest( 747 makeRequestURL(key, ['httpsOrigin', 'httpOrigin']), 748 'source', 749 'srcset', 750 {} 751 ) 752 .then(() => retrieve(key)) 753 .then((headers) => { 754 assert_not_own_property(headers, 'sec-fetch-site'); 755 }); 756 }, 'sec-fetch-site - source[srcset] - HTTPS downgrade (header not sent), no attributes'); 757 758 promise_test(() => { 759 const key = '{{uuid()}}'; 760 761 return induceRequest( 762 makeRequestURL(key, ['httpOrigin', 'httpsOrigin']), 763 'img', 764 'src', 765 {} 766 ) 767 .then(() => retrieve(key)) 768 .then((headers) => { 769 assert_own_property(headers, 'sec-fetch-site'); 770 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 771 }); 772 }, 'sec-fetch-site - img[src] - HTTPS upgrade, no attributes'); 773 774 promise_test(() => { 775 const key = '{{uuid()}}'; 776 777 return induceRequest( 778 makeRequestURL(key, ['httpOrigin', 'httpsOrigin']), 779 'img', 780 'srcset', 781 {} 782 ) 783 .then(() => retrieve(key)) 784 .then((headers) => { 785 assert_own_property(headers, 'sec-fetch-site'); 786 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 787 }); 788 }, 'sec-fetch-site - img[srcset] - HTTPS upgrade, no attributes'); 789 790 promise_test(() => { 791 const key = '{{uuid()}}'; 792 793 return induceRequest( 794 makeRequestURL(key, ['httpOrigin', 'httpsOrigin']), 795 'source', 796 'srcset', 797 {} 798 ) 799 .then(() => retrieve(key)) 800 .then((headers) => { 801 assert_own_property(headers, 'sec-fetch-site'); 802 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 803 }); 804 }, 'sec-fetch-site - source[srcset] - HTTPS upgrade, no attributes'); 805 806 promise_test(() => { 807 const key = '{{uuid()}}'; 808 809 return induceRequest( 810 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']), 811 'img', 812 'src', 813 {} 814 ) 815 .then(() => retrieve(key)) 816 .then((headers) => { 817 assert_own_property(headers, 'sec-fetch-site'); 818 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 819 }); 820 }, 'sec-fetch-site - img[src] - HTTPS downgrade-upgrade, no attributes'); 821 822 promise_test(() => { 823 const key = '{{uuid()}}'; 824 825 return induceRequest( 826 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']), 827 'img', 828 'srcset', 829 {} 830 ) 831 .then(() => retrieve(key)) 832 .then((headers) => { 833 assert_own_property(headers, 'sec-fetch-site'); 834 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 835 }); 836 }, 'sec-fetch-site - img[srcset] - HTTPS downgrade-upgrade, no attributes'); 837 838 promise_test(() => { 839 const key = '{{uuid()}}'; 840 841 return induceRequest( 842 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']), 843 'source', 844 'srcset', 845 {} 846 ) 847 .then(() => retrieve(key)) 848 .then((headers) => { 849 assert_own_property(headers, 'sec-fetch-site'); 850 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 851 }); 852 }, 'sec-fetch-site - source[srcset] - HTTPS downgrade-upgrade, no attributes'); 853 </script> 854 </body> 855 </html>