element-script.https.sub.html (19227B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-script.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for HTML "script" element source</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 function induceRequest(url, attributes) { 19 const script = document.createElement('script'); 20 script.setAttribute('src', url); 21 22 for (const [ name, value ] of Object.entries(attributes)) { 23 script.setAttribute(name, value); 24 } 25 26 return new Promise((resolve, reject) => { 27 script.onload = resolve; 28 script.onerror = () => reject('Failed to load script'); 29 document.body.appendChild(script); 30 }) 31 .then(() => script.remove()); 32 } 33 34 promise_test(() => { 35 const key = '{{uuid()}}'; 36 const url = makeRequestURL( 37 key, ['httpsOrigin'], { mime: 'application/javascript' } 38 ); 39 40 return induceRequest(url, 41 {} 42 ) 43 .then(() => retrieve(key)) 44 .then((headers) => { 45 assert_own_property(headers, 'sec-fetch-site'); 46 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 47 }); 48 }, 'sec-fetch-site - Same origin, no attributes'); 49 50 promise_test(() => { 51 const key = '{{uuid()}}'; 52 const url = makeRequestURL( 53 key, ['httpsOrigin'], { mime: 'application/javascript' } 54 ); 55 56 return induceRequest(url, 57 {"type": "module"} 58 ) 59 .then(() => retrieve(key)) 60 .then((headers) => { 61 assert_own_property(headers, 'sec-fetch-site'); 62 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 63 }); 64 }, 'sec-fetch-site - Same origin, attributes: type=module'); 65 66 promise_test(() => { 67 const key = '{{uuid()}}'; 68 const url = makeRequestURL( 69 key, ['httpsCrossSite'], { mime: 'application/javascript' } 70 ); 71 72 return induceRequest(url, 73 {} 74 ) 75 .then(() => retrieve(key)) 76 .then((headers) => { 77 assert_own_property(headers, 'sec-fetch-site'); 78 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 79 }); 80 }, 'sec-fetch-site - Cross-site, no attributes'); 81 82 promise_test(() => { 83 const key = '{{uuid()}}'; 84 const url = makeRequestURL( 85 key, ['httpsCrossSite'], { mime: 'application/javascript' } 86 ); 87 88 return induceRequest(url, 89 {"type": "module"} 90 ) 91 .then(() => retrieve(key)) 92 .then((headers) => { 93 assert_own_property(headers, 'sec-fetch-site'); 94 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 95 }); 96 }, 'sec-fetch-site - Cross-site, attributes: type=module'); 97 98 promise_test(() => { 99 const key = '{{uuid()}}'; 100 const url = makeRequestURL( 101 key, ['httpsSameSite'], { mime: 'application/javascript' } 102 ); 103 104 return induceRequest(url, 105 {} 106 ) 107 .then(() => retrieve(key)) 108 .then((headers) => { 109 assert_own_property(headers, 'sec-fetch-site'); 110 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 111 }); 112 }, 'sec-fetch-site - Same site, no attributes'); 113 114 promise_test(() => { 115 const key = '{{uuid()}}'; 116 const url = makeRequestURL( 117 key, ['httpsSameSite'], { mime: 'application/javascript' } 118 ); 119 120 return induceRequest(url, 121 {"type": "module"} 122 ) 123 .then(() => retrieve(key)) 124 .then((headers) => { 125 assert_own_property(headers, 'sec-fetch-site'); 126 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 127 }); 128 }, 'sec-fetch-site - Same site, attributes: type=module'); 129 130 promise_test(() => { 131 const key = '{{uuid()}}'; 132 const url = makeRequestURL( 133 key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin'], { mime: 'application/javascript' } 134 ); 135 136 return induceRequest(url, 137 {} 138 ) 139 .then(() => retrieve(key)) 140 .then((headers) => { 141 assert_own_property(headers, 'sec-fetch-site'); 142 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 143 }); 144 }, 'sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes'); 145 146 promise_test(() => { 147 const key = '{{uuid()}}'; 148 const url = makeRequestURL( 149 key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin'], { mime: 'application/javascript' } 150 ); 151 152 return induceRequest(url, 153 {"type": "module"} 154 ) 155 .then(() => retrieve(key)) 156 .then((headers) => { 157 assert_own_property(headers, 'sec-fetch-site'); 158 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 159 }); 160 }, 'sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, attributes: type=module'); 161 162 promise_test(() => { 163 const key = '{{uuid()}}'; 164 const url = makeRequestURL( 165 key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin'], { mime: 'application/javascript' } 166 ); 167 168 return induceRequest(url, 169 {} 170 ) 171 .then(() => retrieve(key)) 172 .then((headers) => { 173 assert_own_property(headers, 'sec-fetch-site'); 174 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 175 }); 176 }, 'sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes'); 177 178 promise_test(() => { 179 const key = '{{uuid()}}'; 180 const url = makeRequestURL( 181 key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin'], { mime: 'application/javascript' } 182 ); 183 184 return induceRequest(url, 185 {"type": "module"} 186 ) 187 .then(() => retrieve(key)) 188 .then((headers) => { 189 assert_own_property(headers, 'sec-fetch-site'); 190 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 191 }); 192 }, 'sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, attributes: type=module'); 193 194 promise_test(() => { 195 const key = '{{uuid()}}'; 196 const url = makeRequestURL( 197 key, ['httpsCrossSite', 'httpsOrigin'], { mime: 'application/javascript' } 198 ); 199 200 return induceRequest(url, 201 {} 202 ) 203 .then(() => retrieve(key)) 204 .then((headers) => { 205 assert_own_property(headers, 'sec-fetch-site'); 206 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 207 }); 208 }, 'sec-fetch-site - Cross-Site -> Same Origin, no attributes'); 209 210 promise_test(() => { 211 const key = '{{uuid()}}'; 212 const url = makeRequestURL( 213 key, ['httpsCrossSite', 'httpsOrigin'], { mime: 'application/javascript' } 214 ); 215 216 return induceRequest(url, 217 {"type": "module"} 218 ) 219 .then(() => retrieve(key)) 220 .then((headers) => { 221 assert_own_property(headers, 'sec-fetch-site'); 222 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 223 }); 224 }, 'sec-fetch-site - Cross-Site -> Same Origin, attributes: type=module'); 225 226 promise_test(() => { 227 const key = '{{uuid()}}'; 228 const url = makeRequestURL( 229 key, ['httpsCrossSite', 'httpsSameSite'], { mime: 'application/javascript' } 230 ); 231 232 return induceRequest(url, 233 {} 234 ) 235 .then(() => retrieve(key)) 236 .then((headers) => { 237 assert_own_property(headers, 'sec-fetch-site'); 238 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 239 }); 240 }, 'sec-fetch-site - Cross-Site -> Same-Site, no attributes'); 241 242 promise_test(() => { 243 const key = '{{uuid()}}'; 244 const url = makeRequestURL( 245 key, ['httpsCrossSite', 'httpsSameSite'], { mime: 'application/javascript' } 246 ); 247 248 return induceRequest(url, 249 {"type": "module"} 250 ) 251 .then(() => retrieve(key)) 252 .then((headers) => { 253 assert_own_property(headers, 'sec-fetch-site'); 254 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 255 }); 256 }, 'sec-fetch-site - Cross-Site -> Same-Site, attributes: type=module'); 257 258 promise_test(() => { 259 const key = '{{uuid()}}'; 260 const url = makeRequestURL( 261 key, ['httpsCrossSite', 'httpsCrossSite'], { mime: 'application/javascript' } 262 ); 263 264 return induceRequest(url, 265 {} 266 ) 267 .then(() => retrieve(key)) 268 .then((headers) => { 269 assert_own_property(headers, 'sec-fetch-site'); 270 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 271 }); 272 }, 'sec-fetch-site - Cross-Site -> Cross-Site, no attributes'); 273 274 promise_test(() => { 275 const key = '{{uuid()}}'; 276 const url = makeRequestURL( 277 key, ['httpsCrossSite', 'httpsCrossSite'], { mime: 'application/javascript' } 278 ); 279 280 return induceRequest(url, 281 {"type": "module"} 282 ) 283 .then(() => retrieve(key)) 284 .then((headers) => { 285 assert_own_property(headers, 'sec-fetch-site'); 286 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 287 }); 288 }, 'sec-fetch-site - Cross-Site -> Cross-Site, attributes: type=module'); 289 290 promise_test(() => { 291 const key = '{{uuid()}}'; 292 const url = makeRequestURL( 293 key, ['httpsOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 294 ); 295 296 return induceRequest(url, 297 {} 298 ) 299 .then(() => retrieve(key)) 300 .then((headers) => { 301 assert_own_property(headers, 'sec-fetch-site'); 302 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 303 }); 304 }, 'sec-fetch-site - Same-Origin -> Same Origin, no attributes'); 305 306 promise_test(() => { 307 const key = '{{uuid()}}'; 308 const url = makeRequestURL( 309 key, ['httpsOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 310 ); 311 312 return induceRequest(url, 313 {"type": "module"} 314 ) 315 .then(() => retrieve(key)) 316 .then((headers) => { 317 assert_own_property(headers, 'sec-fetch-site'); 318 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 319 }); 320 }, 'sec-fetch-site - Same-Origin -> Same Origin, attributes: type=module'); 321 322 promise_test(() => { 323 const key = '{{uuid()}}'; 324 const url = makeRequestURL( 325 key, ['httpsOrigin', 'httpsSameSite'], { mime: 'application/javascript' } 326 ); 327 328 return induceRequest(url, 329 {} 330 ) 331 .then(() => retrieve(key)) 332 .then((headers) => { 333 assert_own_property(headers, 'sec-fetch-site'); 334 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 335 }); 336 }, 'sec-fetch-site - Same-Origin -> Same-Site, no attributes'); 337 338 promise_test(() => { 339 const key = '{{uuid()}}'; 340 const url = makeRequestURL( 341 key, ['httpsOrigin', 'httpsSameSite'], { mime: 'application/javascript' } 342 ); 343 344 return induceRequest(url, 345 {"type": "module"} 346 ) 347 .then(() => retrieve(key)) 348 .then((headers) => { 349 assert_own_property(headers, 'sec-fetch-site'); 350 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 351 }); 352 }, 'sec-fetch-site - Same-Origin -> Same-Site, attributes: type=module'); 353 354 promise_test(() => { 355 const key = '{{uuid()}}'; 356 const url = makeRequestURL( 357 key, ['httpsOrigin', 'httpsCrossSite'], { mime: 'application/javascript' } 358 ); 359 360 return induceRequest(url, 361 {} 362 ) 363 .then(() => retrieve(key)) 364 .then((headers) => { 365 assert_own_property(headers, 'sec-fetch-site'); 366 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 367 }); 368 }, 'sec-fetch-site - Same-Origin -> Cross-Site, no attributes'); 369 370 promise_test(() => { 371 const key = '{{uuid()}}'; 372 const url = makeRequestURL( 373 key, ['httpsOrigin', 'httpsCrossSite'], { mime: 'application/javascript' } 374 ); 375 376 return induceRequest(url, 377 {"type": "module"} 378 ) 379 .then(() => retrieve(key)) 380 .then((headers) => { 381 assert_own_property(headers, 'sec-fetch-site'); 382 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 383 }); 384 }, 'sec-fetch-site - Same-Origin -> Cross-Site, attributes: type=module'); 385 386 promise_test(() => { 387 const key = '{{uuid()}}'; 388 const url = makeRequestURL( 389 key, ['httpsSameSite', 'httpsOrigin'], { mime: 'application/javascript' } 390 ); 391 392 return induceRequest(url, 393 {} 394 ) 395 .then(() => retrieve(key)) 396 .then((headers) => { 397 assert_own_property(headers, 'sec-fetch-site'); 398 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 399 }); 400 }, 'sec-fetch-site - Same-Site -> Same Origin, no attributes'); 401 402 promise_test(() => { 403 const key = '{{uuid()}}'; 404 const url = makeRequestURL( 405 key, ['httpsSameSite', 'httpsOrigin'], { mime: 'application/javascript' } 406 ); 407 408 return induceRequest(url, 409 {"type": "module"} 410 ) 411 .then(() => retrieve(key)) 412 .then((headers) => { 413 assert_own_property(headers, 'sec-fetch-site'); 414 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 415 }); 416 }, 'sec-fetch-site - Same-Site -> Same Origin, attributes: type=module'); 417 418 promise_test(() => { 419 const key = '{{uuid()}}'; 420 const url = makeRequestURL( 421 key, ['httpsSameSite', 'httpsSameSite'], { mime: 'application/javascript' } 422 ); 423 424 return induceRequest(url, 425 {} 426 ) 427 .then(() => retrieve(key)) 428 .then((headers) => { 429 assert_own_property(headers, 'sec-fetch-site'); 430 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 431 }); 432 }, 'sec-fetch-site - Same-Site -> Same-Site, no attributes'); 433 434 promise_test(() => { 435 const key = '{{uuid()}}'; 436 const url = makeRequestURL( 437 key, ['httpsSameSite', 'httpsSameSite'], { mime: 'application/javascript' } 438 ); 439 440 return induceRequest(url, 441 {"type": "module"} 442 ) 443 .then(() => retrieve(key)) 444 .then((headers) => { 445 assert_own_property(headers, 'sec-fetch-site'); 446 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 447 }); 448 }, 'sec-fetch-site - Same-Site -> Same-Site, attributes: type=module'); 449 450 promise_test(() => { 451 const key = '{{uuid()}}'; 452 const url = makeRequestURL( 453 key, ['httpsSameSite', 'httpsCrossSite'], { mime: 'application/javascript' } 454 ); 455 456 return induceRequest(url, 457 {} 458 ) 459 .then(() => retrieve(key)) 460 .then((headers) => { 461 assert_own_property(headers, 'sec-fetch-site'); 462 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 463 }); 464 }, 'sec-fetch-site - Same-Site -> Cross-Site, no attributes'); 465 466 promise_test(() => { 467 const key = '{{uuid()}}'; 468 const url = makeRequestURL( 469 key, ['httpsSameSite', 'httpsCrossSite'], { mime: 'application/javascript' } 470 ); 471 472 return induceRequest(url, 473 {"type": "module"} 474 ) 475 .then(() => retrieve(key)) 476 .then((headers) => { 477 assert_own_property(headers, 'sec-fetch-site'); 478 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 479 }); 480 }, 'sec-fetch-site - Same-Site -> Cross-Site, attributes: type=module'); 481 482 promise_test(() => { 483 const key = '{{uuid()}}'; 484 const url = makeRequestURL( 485 key, [], { mime: 'application/javascript' } 486 ); 487 488 return induceRequest(url, 489 {} 490 ) 491 .then(() => retrieve(key)) 492 .then((headers) => { 493 assert_own_property(headers, 'sec-fetch-mode'); 494 assert_array_equals(headers['sec-fetch-mode'], ['no-cors']); 495 }); 496 }, 'sec-fetch-mode - no attributes'); 497 498 promise_test(() => { 499 const key = '{{uuid()}}'; 500 const url = makeRequestURL( 501 key, [], { mime: 'application/javascript' } 502 ); 503 504 return induceRequest(url, 505 {"type": "module"} 506 ) 507 .then(() => retrieve(key)) 508 .then((headers) => { 509 assert_own_property(headers, 'sec-fetch-mode'); 510 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 511 }); 512 }, 'sec-fetch-mode - attributes: type=module'); 513 514 promise_test(() => { 515 const key = '{{uuid()}}'; 516 const url = makeRequestURL( 517 key, [], { mime: 'application/javascript' } 518 ); 519 520 return induceRequest(url, 521 {"crossorigin": ""} 522 ) 523 .then(() => retrieve(key)) 524 .then((headers) => { 525 assert_own_property(headers, 'sec-fetch-mode'); 526 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 527 }); 528 }, 'sec-fetch-mode - attributes: crossorigin'); 529 530 promise_test(() => { 531 const key = '{{uuid()}}'; 532 const url = makeRequestURL( 533 key, [], { mime: 'application/javascript' } 534 ); 535 536 return induceRequest(url, 537 {"crossorigin": "anonymous"} 538 ) 539 .then(() => retrieve(key)) 540 .then((headers) => { 541 assert_own_property(headers, 'sec-fetch-mode'); 542 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 543 }); 544 }, 'sec-fetch-mode - attributes: crossorigin=anonymous'); 545 546 promise_test(() => { 547 const key = '{{uuid()}}'; 548 const url = makeRequestURL( 549 key, [], { mime: 'application/javascript' } 550 ); 551 552 return induceRequest(url, 553 {"crossorigin": "use-credentials"} 554 ) 555 .then(() => retrieve(key)) 556 .then((headers) => { 557 assert_own_property(headers, 'sec-fetch-mode'); 558 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 559 }); 560 }, 'sec-fetch-mode - attributes: crossorigin=use-credentials'); 561 562 promise_test(() => { 563 const key = '{{uuid()}}'; 564 const url = makeRequestURL( 565 key, [], { mime: 'application/javascript' } 566 ); 567 568 return induceRequest(url, 569 {} 570 ) 571 .then(() => retrieve(key)) 572 .then((headers) => { 573 assert_own_property(headers, 'sec-fetch-dest'); 574 assert_array_equals(headers['sec-fetch-dest'], ['script']); 575 }); 576 }, 'sec-fetch-dest - no attributes'); 577 578 promise_test(() => { 579 const key = '{{uuid()}}'; 580 const url = makeRequestURL( 581 key, [], { mime: 'application/javascript' } 582 ); 583 584 return induceRequest(url, 585 {} 586 ) 587 .then(() => retrieve(key)) 588 .then((headers) => { 589 assert_not_own_property(headers, 'sec-fetch-user'); 590 }); 591 }, 'sec-fetch-user - no attributes'); 592 593 promise_test(() => { 594 const key = '{{uuid()}}'; 595 const url = makeRequestURL( 596 key, ['httpsCrossSite'], { mime: 'application/javascript' } 597 ); 598 599 return induceRequest(url, 600 {} 601 ) 602 .then(() => retrieve(key)) 603 .then((headers) => { 604 assert_own_property(headers, 'sec-fetch-storage-access'); 605 assert_array_equals(headers['sec-fetch-storage-access'], ['none']); 606 }); 607 }, 'sec-fetch-storage-access - Cross-site, no attributes'); 608 609 promise_test(() => { 610 const key = '{{uuid()}}'; 611 const url = makeRequestURL( 612 key, ['httpsSameSite'], { mime: 'application/javascript' } 613 ); 614 615 return induceRequest(url, 616 {} 617 ) 618 .then(() => retrieve(key)) 619 .then((headers) => { 620 assert_not_own_property(headers, 'sec-fetch-storage-access'); 621 }); 622 }, 'sec-fetch-storage-access - Same site, no attributes'); 623 </script> 624 </html>