element-video-poster.sub.html (7482B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/element-video-poster.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for HTML "video" element "poster"</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 const params = { 19 body: ` 20 <svg xmlns="http://www.w3.org/2000/svg" width="123" height="123"> 21 <rect fill="lime" width="123" height="123"/> 22 </svg> 23 `, 24 mime: 'image/svg+xml' 25 }; 26 27 function induceRequest(t, url) { 28 var video = document.createElement('video'); 29 video.setAttribute('poster', url); 30 document.body.appendChild(video); 31 32 const poll = () => { 33 if (video.clientWidth === 123) { 34 return; 35 } 36 37 return new Promise((resolve) => t.step_timeout(resolve, 0)) 38 .then(poll); 39 }; 40 t.add_cleanup(() => video.remove()); 41 42 return poll(); 43 } 44 45 promise_test((t) => { 46 const key = '{{uuid()}}'; 47 48 return induceRequest(t, makeRequestURL(key, ['httpOrigin'], params)) 49 .then(() => retrieve(key)) 50 .then((headers) => { 51 assert_not_own_property(headers, 'sec-fetch-site'); 52 }); 53 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 54 55 promise_test((t) => { 56 const key = '{{uuid()}}'; 57 58 return induceRequest(t, makeRequestURL(key, ['httpSameSite'], params)) 59 .then(() => retrieve(key)) 60 .then((headers) => { 61 assert_not_own_property(headers, 'sec-fetch-site'); 62 }); 63 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 64 65 promise_test((t) => { 66 const key = '{{uuid()}}'; 67 68 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'], params)) 69 .then(() => retrieve(key)) 70 .then((headers) => { 71 assert_not_own_property(headers, 'sec-fetch-site'); 72 }); 73 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 74 75 promise_test((t) => { 76 const key = '{{uuid()}}'; 77 78 return induceRequest(t, makeRequestURL(key, ['httpOrigin'], params)) 79 .then(() => retrieve(key)) 80 .then((headers) => { 81 assert_not_own_property(headers, 'sec-fetch-mode'); 82 }); 83 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 84 85 promise_test((t) => { 86 const key = '{{uuid()}}'; 87 88 return induceRequest(t, makeRequestURL(key, ['httpSameSite'], params)) 89 .then(() => retrieve(key)) 90 .then((headers) => { 91 assert_not_own_property(headers, 'sec-fetch-mode'); 92 }); 93 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 94 95 promise_test((t) => { 96 const key = '{{uuid()}}'; 97 98 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'], params)) 99 .then(() => retrieve(key)) 100 .then((headers) => { 101 assert_not_own_property(headers, 'sec-fetch-mode'); 102 }); 103 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 104 105 promise_test((t) => { 106 const key = '{{uuid()}}'; 107 108 return induceRequest(t, makeRequestURL(key, ['httpOrigin'], params)) 109 .then(() => retrieve(key)) 110 .then((headers) => { 111 assert_not_own_property(headers, 'sec-fetch-dest'); 112 }); 113 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 114 115 promise_test((t) => { 116 const key = '{{uuid()}}'; 117 118 return induceRequest(t, makeRequestURL(key, ['httpSameSite'], params)) 119 .then(() => retrieve(key)) 120 .then((headers) => { 121 assert_not_own_property(headers, 'sec-fetch-dest'); 122 }); 123 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 124 125 promise_test((t) => { 126 const key = '{{uuid()}}'; 127 128 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'], params)) 129 .then(() => retrieve(key)) 130 .then((headers) => { 131 assert_not_own_property(headers, 'sec-fetch-dest'); 132 }); 133 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 134 135 promise_test((t) => { 136 const key = '{{uuid()}}'; 137 138 return induceRequest(t, makeRequestURL(key, ['httpOrigin'], params)) 139 .then(() => retrieve(key)) 140 .then((headers) => { 141 assert_not_own_property(headers, 'sec-fetch-user'); 142 }); 143 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 144 145 promise_test((t) => { 146 const key = '{{uuid()}}'; 147 148 return induceRequest(t, makeRequestURL(key, ['httpSameSite'], params)) 149 .then(() => retrieve(key)) 150 .then((headers) => { 151 assert_not_own_property(headers, 'sec-fetch-user'); 152 }); 153 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 154 155 promise_test((t) => { 156 const key = '{{uuid()}}'; 157 158 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'], params)) 159 .then(() => retrieve(key)) 160 .then((headers) => { 161 assert_not_own_property(headers, 'sec-fetch-user'); 162 }); 163 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 164 165 promise_test((t) => { 166 const key = '{{uuid()}}'; 167 168 return induceRequest(t, makeRequestURL(key, ['httpOrigin'], params)) 169 .then(() => retrieve(key)) 170 .then((headers) => { 171 assert_not_own_property(headers, 'sec-fetch-storage-access'); 172 }); 173 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 174 175 promise_test((t) => { 176 const key = '{{uuid()}}'; 177 178 return induceRequest(t, makeRequestURL(key, ['httpSameSite'], params)) 179 .then(() => retrieve(key)) 180 .then((headers) => { 181 assert_not_own_property(headers, 'sec-fetch-storage-access'); 182 }); 183 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 184 185 promise_test((t) => { 186 const key = '{{uuid()}}'; 187 188 return induceRequest(t, makeRequestURL(key, ['httpCrossSite'], params)) 189 .then(() => retrieve(key)) 190 .then((headers) => { 191 assert_not_own_property(headers, 'sec-fetch-storage-access'); 192 }); 193 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 194 195 promise_test((t) => { 196 const key = '{{uuid()}}'; 197 198 return induceRequest(t, makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], params)) 199 .then(() => retrieve(key)) 200 .then((headers) => { 201 assert_not_own_property(headers, 'sec-fetch-site'); 202 }); 203 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 204 205 promise_test((t) => { 206 const key = '{{uuid()}}'; 207 208 return induceRequest(t, makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], params)) 209 .then(() => retrieve(key)) 210 .then((headers) => { 211 assert_own_property(headers, 'sec-fetch-site'); 212 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 213 }); 214 }, 'sec-fetch-site - HTTPS upgrade'); 215 216 promise_test((t) => { 217 const key = '{{uuid()}}'; 218 219 return induceRequest(t, makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], params)) 220 .then(() => retrieve(key)) 221 .then((headers) => { 222 assert_own_property(headers, 'sec-fetch-site'); 223 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 224 }); 225 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 226 </script> 227 </body> 228 </html>