[ tor-browser ].git.dasho

element-script.sub.html (17432B)
      1 <!DOCTYPE html>
      2 <!--
      3 This test was procedurally generated. Please do not modify it directly.
      4 Sources:
      5 - fetch/metadata/tools/fetch-metadata.conf.yml
      6 - fetch/metadata/tools/templates/element-script.sub.html
      7 -->
      8 <html lang="en">
      9  <meta charset="utf-8">
     10  <title>HTTP headers on request for HTML "script" element source</title>
     11  <script src="/resources/testharness.js"></script>
     12  <script src="/resources/testharnessreport.js"></script>
     13  <script src="/fetch/metadata/resources/helper.sub.js"></script>
     14  <body>
     15  <script>
     16  'use strict';
     17 
     18  function induceRequest(url, attributes) {
     19    const script = document.createElement('script');
     20    script.setAttribute('src', url);
     21 
     22    for (const [ name, value ] of Object.entries(attributes)) {
     23      script.setAttribute(name, value);
     24    }
     25 
     26    return new Promise((resolve, reject) => {
     27        script.onload = resolve;
     28        script.onerror = () => reject('Failed to load script');
     29        document.body.appendChild(script);
     30      })
     31      .then(() => script.remove());
     32  }
     33 
     34  promise_test(() => {
     35    const key = '{{uuid()}}';
     36    const url = makeRequestURL(
     37      key, ['httpOrigin'], { mime: 'application/javascript' }
     38    );
     39 
     40    return induceRequest(url,
     41        {}
     42      )
     43      .then(() => retrieve(key))
     44      .then((headers) => {
     45          assert_not_own_property(headers, 'sec-fetch-site');
     46        });
     47  }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination, no attributes');
     48 
     49  promise_test(() => {
     50    const key = '{{uuid()}}';
     51    const url = makeRequestURL(
     52      key, ['httpOrigin'], { mime: 'application/javascript' }
     53    );
     54 
     55    return induceRequest(url,
     56        {"type": "module"}
     57      )
     58      .then(() => retrieve(key))
     59      .then((headers) => {
     60          assert_not_own_property(headers, 'sec-fetch-site');
     61        });
     62  }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination, attributes: type=module');
     63 
     64  promise_test(() => {
     65    const key = '{{uuid()}}';
     66    const url = makeRequestURL(
     67      key, ['httpSameSite'], { mime: 'application/javascript' }
     68    );
     69 
     70    return induceRequest(url,
     71        {}
     72      )
     73      .then(() => retrieve(key))
     74      .then((headers) => {
     75          assert_not_own_property(headers, 'sec-fetch-site');
     76        });
     77  }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination, no attributes');
     78 
     79  promise_test(() => {
     80    const key = '{{uuid()}}';
     81    const url = makeRequestURL(
     82      key, ['httpSameSite'], { mime: 'application/javascript' }
     83    );
     84 
     85    return induceRequest(url,
     86        {"type": "module"}
     87      )
     88      .then(() => retrieve(key))
     89      .then((headers) => {
     90          assert_not_own_property(headers, 'sec-fetch-site');
     91        });
     92  }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination, attributes: type=module');
     93 
     94  promise_test(() => {
     95    const key = '{{uuid()}}';
     96    const url = makeRequestURL(
     97      key, ['httpCrossSite'], { mime: 'application/javascript' }
     98    );
     99 
    100    return induceRequest(url,
    101        {}
    102      )
    103      .then(() => retrieve(key))
    104      .then((headers) => {
    105          assert_not_own_property(headers, 'sec-fetch-site');
    106        });
    107  }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination, no attributes');
    108 
    109  promise_test(() => {
    110    const key = '{{uuid()}}';
    111    const url = makeRequestURL(
    112      key, ['httpCrossSite'], { mime: 'application/javascript' }
    113    );
    114 
    115    return induceRequest(url,
    116        {"type": "module"}
    117      )
    118      .then(() => retrieve(key))
    119      .then((headers) => {
    120          assert_not_own_property(headers, 'sec-fetch-site');
    121        });
    122  }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination, attributes: type=module');
    123 
    124  promise_test(() => {
    125    const key = '{{uuid()}}';
    126    const url = makeRequestURL(
    127      key, ['httpOrigin'], { mime: 'application/javascript' }
    128    );
    129 
    130    return induceRequest(url,
    131        {}
    132      )
    133      .then(() => retrieve(key))
    134      .then((headers) => {
    135          assert_not_own_property(headers, 'sec-fetch-mode');
    136        });
    137  }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination, no attributes');
    138 
    139  promise_test(() => {
    140    const key = '{{uuid()}}';
    141    const url = makeRequestURL(
    142      key, ['httpOrigin'], { mime: 'application/javascript' }
    143    );
    144 
    145    return induceRequest(url,
    146        {"type": "module"}
    147      )
    148      .then(() => retrieve(key))
    149      .then((headers) => {
    150          assert_not_own_property(headers, 'sec-fetch-mode');
    151        });
    152  }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination, attributes: type=module');
    153 
    154  promise_test(() => {
    155    const key = '{{uuid()}}';
    156    const url = makeRequestURL(
    157      key, ['httpSameSite'], { mime: 'application/javascript' }
    158    );
    159 
    160    return induceRequest(url,
    161        {}
    162      )
    163      .then(() => retrieve(key))
    164      .then((headers) => {
    165          assert_not_own_property(headers, 'sec-fetch-mode');
    166        });
    167  }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination, no attributes');
    168 
    169  promise_test(() => {
    170    const key = '{{uuid()}}';
    171    const url = makeRequestURL(
    172      key, ['httpSameSite'], { mime: 'application/javascript' }
    173    );
    174 
    175    return induceRequest(url,
    176        {"type": "module"}
    177      )
    178      .then(() => retrieve(key))
    179      .then((headers) => {
    180          assert_not_own_property(headers, 'sec-fetch-mode');
    181        });
    182  }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination, attributes: type=module');
    183 
    184  promise_test(() => {
    185    const key = '{{uuid()}}';
    186    const url = makeRequestURL(
    187      key, ['httpCrossSite'], { mime: 'application/javascript' }
    188    );
    189 
    190    return induceRequest(url,
    191        {}
    192      )
    193      .then(() => retrieve(key))
    194      .then((headers) => {
    195          assert_not_own_property(headers, 'sec-fetch-mode');
    196        });
    197  }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination, no attributes');
    198 
    199  promise_test(() => {
    200    const key = '{{uuid()}}';
    201    const url = makeRequestURL(
    202      key, ['httpCrossSite'], { mime: 'application/javascript' }
    203    );
    204 
    205    return induceRequest(url,
    206        {"type": "module"}
    207      )
    208      .then(() => retrieve(key))
    209      .then((headers) => {
    210          assert_not_own_property(headers, 'sec-fetch-mode');
    211        });
    212  }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination, attributes: type=module');
    213 
    214  promise_test(() => {
    215    const key = '{{uuid()}}';
    216    const url = makeRequestURL(
    217      key, ['httpOrigin'], { mime: 'application/javascript' }
    218    );
    219 
    220    return induceRequest(url,
    221        {}
    222      )
    223      .then(() => retrieve(key))
    224      .then((headers) => {
    225          assert_not_own_property(headers, 'sec-fetch-dest');
    226        });
    227  }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination, no attributes');
    228 
    229  promise_test(() => {
    230    const key = '{{uuid()}}';
    231    const url = makeRequestURL(
    232      key, ['httpOrigin'], { mime: 'application/javascript' }
    233    );
    234 
    235    return induceRequest(url,
    236        {"type": "module"}
    237      )
    238      .then(() => retrieve(key))
    239      .then((headers) => {
    240          assert_not_own_property(headers, 'sec-fetch-dest');
    241        });
    242  }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination, attributes: type=module');
    243 
    244  promise_test(() => {
    245    const key = '{{uuid()}}';
    246    const url = makeRequestURL(
    247      key, ['httpSameSite'], { mime: 'application/javascript' }
    248    );
    249 
    250    return induceRequest(url,
    251        {}
    252      )
    253      .then(() => retrieve(key))
    254      .then((headers) => {
    255          assert_not_own_property(headers, 'sec-fetch-dest');
    256        });
    257  }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination, no attributes');
    258 
    259  promise_test(() => {
    260    const key = '{{uuid()}}';
    261    const url = makeRequestURL(
    262      key, ['httpSameSite'], { mime: 'application/javascript' }
    263    );
    264 
    265    return induceRequest(url,
    266        {"type": "module"}
    267      )
    268      .then(() => retrieve(key))
    269      .then((headers) => {
    270          assert_not_own_property(headers, 'sec-fetch-dest');
    271        });
    272  }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination, attributes: type=module');
    273 
    274  promise_test(() => {
    275    const key = '{{uuid()}}';
    276    const url = makeRequestURL(
    277      key, ['httpCrossSite'], { mime: 'application/javascript' }
    278    );
    279 
    280    return induceRequest(url,
    281        {}
    282      )
    283      .then(() => retrieve(key))
    284      .then((headers) => {
    285          assert_not_own_property(headers, 'sec-fetch-dest');
    286        });
    287  }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination, no attributes');
    288 
    289  promise_test(() => {
    290    const key = '{{uuid()}}';
    291    const url = makeRequestURL(
    292      key, ['httpCrossSite'], { mime: 'application/javascript' }
    293    );
    294 
    295    return induceRequest(url,
    296        {"type": "module"}
    297      )
    298      .then(() => retrieve(key))
    299      .then((headers) => {
    300          assert_not_own_property(headers, 'sec-fetch-dest');
    301        });
    302  }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination, attributes: type=module');
    303 
    304  promise_test(() => {
    305    const key = '{{uuid()}}';
    306    const url = makeRequestURL(
    307      key, ['httpOrigin'], { mime: 'application/javascript' }
    308    );
    309 
    310    return induceRequest(url,
    311        {}
    312      )
    313      .then(() => retrieve(key))
    314      .then((headers) => {
    315          assert_not_own_property(headers, 'sec-fetch-user');
    316        });
    317  }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination, no attributes');
    318 
    319  promise_test(() => {
    320    const key = '{{uuid()}}';
    321    const url = makeRequestURL(
    322      key, ['httpOrigin'], { mime: 'application/javascript' }
    323    );
    324 
    325    return induceRequest(url,
    326        {"type": "module"}
    327      )
    328      .then(() => retrieve(key))
    329      .then((headers) => {
    330          assert_not_own_property(headers, 'sec-fetch-user');
    331        });
    332  }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination, attributes: type=module');
    333 
    334  promise_test(() => {
    335    const key = '{{uuid()}}';
    336    const url = makeRequestURL(
    337      key, ['httpSameSite'], { mime: 'application/javascript' }
    338    );
    339 
    340    return induceRequest(url,
    341        {}
    342      )
    343      .then(() => retrieve(key))
    344      .then((headers) => {
    345          assert_not_own_property(headers, 'sec-fetch-user');
    346        });
    347  }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination, no attributes');
    348 
    349  promise_test(() => {
    350    const key = '{{uuid()}}';
    351    const url = makeRequestURL(
    352      key, ['httpSameSite'], { mime: 'application/javascript' }
    353    );
    354 
    355    return induceRequest(url,
    356        {"type": "module"}
    357      )
    358      .then(() => retrieve(key))
    359      .then((headers) => {
    360          assert_not_own_property(headers, 'sec-fetch-user');
    361        });
    362  }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination, attributes: type=module');
    363 
    364  promise_test(() => {
    365    const key = '{{uuid()}}';
    366    const url = makeRequestURL(
    367      key, ['httpCrossSite'], { mime: 'application/javascript' }
    368    );
    369 
    370    return induceRequest(url,
    371        {}
    372      )
    373      .then(() => retrieve(key))
    374      .then((headers) => {
    375          assert_not_own_property(headers, 'sec-fetch-user');
    376        });
    377  }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no attributes');
    378 
    379  promise_test(() => {
    380    const key = '{{uuid()}}';
    381    const url = makeRequestURL(
    382      key, ['httpCrossSite'], { mime: 'application/javascript' }
    383    );
    384 
    385    return induceRequest(url,
    386        {"type": "module"}
    387      )
    388      .then(() => retrieve(key))
    389      .then((headers) => {
    390          assert_not_own_property(headers, 'sec-fetch-user');
    391        });
    392  }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, attributes: type=module');
    393 
    394  promise_test(() => {
    395    const key = '{{uuid()}}';
    396    const url = makeRequestURL(
    397      key, ['httpOrigin'], { mime: 'application/javascript' }
    398    );
    399 
    400    return induceRequest(url,
    401        {}
    402      )
    403      .then(() => retrieve(key))
    404      .then((headers) => {
    405          assert_not_own_property(headers, 'sec-fetch-storage-access');
    406        });
    407  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes');
    408 
    409  promise_test(() => {
    410    const key = '{{uuid()}}';
    411    const url = makeRequestURL(
    412      key, ['httpOrigin'], { mime: 'application/javascript' }
    413    );
    414 
    415    return induceRequest(url,
    416        {"type": "module"}
    417      )
    418      .then(() => retrieve(key))
    419      .then((headers) => {
    420          assert_not_own_property(headers, 'sec-fetch-storage-access');
    421        });
    422  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, attributes: type=module');
    423 
    424  promise_test(() => {
    425    const key = '{{uuid()}}';
    426    const url = makeRequestURL(
    427      key, ['httpSameSite'], { mime: 'application/javascript' }
    428    );
    429 
    430    return induceRequest(url,
    431        {}
    432      )
    433      .then(() => retrieve(key))
    434      .then((headers) => {
    435          assert_not_own_property(headers, 'sec-fetch-storage-access');
    436        });
    437  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes');
    438 
    439  promise_test(() => {
    440    const key = '{{uuid()}}';
    441    const url = makeRequestURL(
    442      key, ['httpSameSite'], { mime: 'application/javascript' }
    443    );
    444 
    445    return induceRequest(url,
    446        {"type": "module"}
    447      )
    448      .then(() => retrieve(key))
    449      .then((headers) => {
    450          assert_not_own_property(headers, 'sec-fetch-storage-access');
    451        });
    452  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, attributes: type=module');
    453 
    454  promise_test(() => {
    455    const key = '{{uuid()}}';
    456    const url = makeRequestURL(
    457      key, ['httpCrossSite'], { mime: 'application/javascript' }
    458    );
    459 
    460    return induceRequest(url,
    461        {}
    462      )
    463      .then(() => retrieve(key))
    464      .then((headers) => {
    465          assert_not_own_property(headers, 'sec-fetch-storage-access');
    466        });
    467  }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes');
    468 
    469  promise_test(() => {
    470    const key = '{{uuid()}}';
    471    const url = makeRequestURL(
    472      key, ['httpCrossSite'], { mime: 'application/javascript' }
    473    );
    474 
    475    return induceRequest(url,
    476        {"type": "module"}
    477      )
    478      .then(() => retrieve(key))
    479      .then((headers) => {
    480          assert_not_own_property(headers, 'sec-fetch-storage-access');
    481        });
    482  }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, attributes: type=module');
    483 
    484  promise_test(() => {
    485    const key = '{{uuid()}}';
    486    const url = makeRequestURL(
    487      key, ['httpsOrigin', 'httpOrigin'], { mime: 'application/javascript' }
    488    );
    489 
    490    return induceRequest(url,
    491        {}
    492      )
    493      .then(() => retrieve(key))
    494      .then((headers) => {
    495          assert_not_own_property(headers, 'sec-fetch-site');
    496        });
    497  }, 'sec-fetch-site - HTTPS downgrade (header not sent), no attributes');
    498 
    499  promise_test(() => {
    500    const key = '{{uuid()}}';
    501    const url = makeRequestURL(
    502      key, ['httpsOrigin', 'httpOrigin'], { mime: 'application/javascript' }
    503    );
    504 
    505    return induceRequest(url,
    506        {"type": "module"}
    507      )
    508      .then(() => retrieve(key))
    509      .then((headers) => {
    510          assert_not_own_property(headers, 'sec-fetch-site');
    511        });
    512  }, 'sec-fetch-site - HTTPS downgrade (header not sent), attributes: type=module');
    513 
    514  promise_test(() => {
    515    const key = '{{uuid()}}';
    516    const url = makeRequestURL(
    517      key, ['httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' }
    518    );
    519 
    520    return induceRequest(url,
    521        {}
    522      )
    523      .then(() => retrieve(key))
    524      .then((headers) => {
    525          assert_own_property(headers, 'sec-fetch-site');
    526          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    527        });
    528  }, 'sec-fetch-site - HTTPS upgrade, no attributes');
    529 
    530  promise_test(() => {
    531    const key = '{{uuid()}}';
    532    const url = makeRequestURL(
    533      key, ['httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' }
    534    );
    535 
    536    return induceRequest(url,
    537        {"type": "module"}
    538      )
    539      .then(() => retrieve(key))
    540      .then((headers) => {
    541          assert_own_property(headers, 'sec-fetch-site');
    542          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    543        });
    544  }, 'sec-fetch-site - HTTPS upgrade, attributes: type=module');
    545 
    546  promise_test(() => {
    547    const key = '{{uuid()}}';
    548    const url = makeRequestURL(
    549      key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' }
    550    );
    551 
    552    return induceRequest(url,
    553        {}
    554      )
    555      .then(() => retrieve(key))
    556      .then((headers) => {
    557          assert_own_property(headers, 'sec-fetch-site');
    558          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    559        });
    560  }, 'sec-fetch-site - HTTPS downgrade-upgrade, no attributes');
    561 
    562  promise_test(() => {
    563    const key = '{{uuid()}}';
    564    const url = makeRequestURL(
    565      key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' }
    566    );
    567 
    568    return induceRequest(url,
    569        {"type": "module"}
    570      )
    571      .then(() => retrieve(key))
    572      .then((headers) => {
    573          assert_own_property(headers, 'sec-fetch-site');
    574          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    575        });
    576  }, 'sec-fetch-site - HTTPS downgrade-upgrade, attributes: type=module');
    577  </script>
    578 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE