form-submission.https.sub.html (21788B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/form-submission.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for HTML form navigation</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/resources/testdriver.js"></script> 15 <script src="/resources/testdriver-vendor.js"></script> 16 <script src="/fetch/metadata/resources/helper.sub.js"></script> 17 <body> 18 <script> 19 'use strict'; 20 21 function induceRequest(method, url, userActivated) { 22 const windowName = String(Math.random()); 23 const form = document.createElement('form'); 24 const submit = document.createElement('input'); 25 submit.setAttribute('type', 'submit'); 26 form.appendChild(submit); 27 const win = open('about:blank', windowName); 28 form.setAttribute('method', method); 29 form.setAttribute('action', url); 30 form.setAttribute('target', windowName); 31 document.body.appendChild(form); 32 33 // Query parameters must be expressed as form values so that they are sent 34 // with the submission of forms whose method is POST. 35 Array.from(new URL(url, location.origin).searchParams) 36 .forEach(([name, value]) => { 37 const input = document.createElement('input'); 38 input.setAttribute('type', 'hidden'); 39 input.setAttribute('name', name); 40 input.setAttribute('value', value); 41 form.appendChild(input); 42 }); 43 44 return new Promise((resolve) => { 45 addEventListener('message', function(event) { 46 if (event.source === win) { 47 resolve(); 48 } 49 }); 50 51 if (userActivated) { 52 test_driver.click(submit); 53 } else { 54 submit.click(); 55 } 56 }) 57 .then(() => { 58 form.remove(); 59 win.close(); 60 }); 61 } 62 const responseParams = { 63 mime: 'text/html', 64 body: `<script>opener.postMessage('done', '*')</${''}script>` 65 }; 66 67 promise_test(() => { 68 const key = '{{uuid()}}'; 69 const url = makeRequestURL(key, ['httpsOrigin'], responseParams); 70 const userActivated = false; 71 return induceRequest('GET', url, userActivated) 72 .then(() => retrieve(key)) 73 .then((headers) => { 74 assert_own_property(headers, 'sec-fetch-site'); 75 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 76 }); 77 }, 'sec-fetch-site - Same origin - GET'); 78 79 promise_test(() => { 80 const key = '{{uuid()}}'; 81 const url = makeRequestURL(key, ['httpsOrigin'], responseParams); 82 const userActivated = false; 83 return induceRequest('POST', url, userActivated) 84 .then(() => retrieve(key)) 85 .then((headers) => { 86 assert_own_property(headers, 'sec-fetch-site'); 87 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 88 }); 89 }, 'sec-fetch-site - Same origin - POST'); 90 91 promise_test(() => { 92 const key = '{{uuid()}}'; 93 const url = makeRequestURL(key, ['httpsCrossSite'], responseParams); 94 const userActivated = false; 95 return induceRequest('GET', url, userActivated) 96 .then(() => retrieve(key)) 97 .then((headers) => { 98 assert_own_property(headers, 'sec-fetch-site'); 99 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 100 }); 101 }, 'sec-fetch-site - Cross-site - GET'); 102 103 promise_test(() => { 104 const key = '{{uuid()}}'; 105 const url = makeRequestURL(key, ['httpsCrossSite'], responseParams); 106 const userActivated = false; 107 return induceRequest('POST', url, userActivated) 108 .then(() => retrieve(key)) 109 .then((headers) => { 110 assert_own_property(headers, 'sec-fetch-site'); 111 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 112 }); 113 }, 'sec-fetch-site - Cross-site - POST'); 114 115 promise_test(() => { 116 const key = '{{uuid()}}'; 117 const url = makeRequestURL(key, ['httpsSameSite'], responseParams); 118 const userActivated = false; 119 return induceRequest('GET', url, userActivated) 120 .then(() => retrieve(key)) 121 .then((headers) => { 122 assert_own_property(headers, 'sec-fetch-site'); 123 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 124 }); 125 }, 'sec-fetch-site - Same site - GET'); 126 127 promise_test(() => { 128 const key = '{{uuid()}}'; 129 const url = makeRequestURL(key, ['httpsSameSite'], responseParams); 130 const userActivated = false; 131 return induceRequest('POST', url, userActivated) 132 .then(() => retrieve(key)) 133 .then((headers) => { 134 assert_own_property(headers, 'sec-fetch-site'); 135 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 136 }); 137 }, 'sec-fetch-site - Same site - POST'); 138 139 promise_test(() => { 140 const key = '{{uuid()}}'; 141 const url = makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin'], responseParams); 142 const userActivated = false; 143 return induceRequest('GET', url, userActivated) 144 .then(() => retrieve(key)) 145 .then((headers) => { 146 assert_own_property(headers, 'sec-fetch-site'); 147 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 148 }); 149 }, 'sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect - GET'); 150 151 promise_test(() => { 152 const key = '{{uuid()}}'; 153 const url = makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin'], responseParams); 154 const userActivated = false; 155 return induceRequest('POST', url, userActivated) 156 .then(() => retrieve(key)) 157 .then((headers) => { 158 assert_own_property(headers, 'sec-fetch-site'); 159 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 160 }); 161 }, 'sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect - POST'); 162 163 promise_test(() => { 164 const key = '{{uuid()}}'; 165 const url = makeRequestURL(key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin'], responseParams); 166 const userActivated = false; 167 return induceRequest('GET', url, userActivated) 168 .then(() => retrieve(key)) 169 .then((headers) => { 170 assert_own_property(headers, 'sec-fetch-site'); 171 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 172 }); 173 }, 'sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect - GET'); 174 175 promise_test(() => { 176 const key = '{{uuid()}}'; 177 const url = makeRequestURL(key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin'], responseParams); 178 const userActivated = false; 179 return induceRequest('POST', url, userActivated) 180 .then(() => retrieve(key)) 181 .then((headers) => { 182 assert_own_property(headers, 'sec-fetch-site'); 183 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 184 }); 185 }, 'sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect - POST'); 186 187 promise_test(() => { 188 const key = '{{uuid()}}'; 189 const url = makeRequestURL(key, ['httpsCrossSite', 'httpsOrigin'], responseParams); 190 const userActivated = false; 191 return induceRequest('GET', url, userActivated) 192 .then(() => retrieve(key)) 193 .then((headers) => { 194 assert_own_property(headers, 'sec-fetch-site'); 195 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 196 }); 197 }, 'sec-fetch-site - Cross-Site -> Same Origin - GET'); 198 199 promise_test(() => { 200 const key = '{{uuid()}}'; 201 const url = makeRequestURL(key, ['httpsCrossSite', 'httpsOrigin'], responseParams); 202 const userActivated = false; 203 return induceRequest('POST', url, userActivated) 204 .then(() => retrieve(key)) 205 .then((headers) => { 206 assert_own_property(headers, 'sec-fetch-site'); 207 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 208 }); 209 }, 'sec-fetch-site - Cross-Site -> Same Origin - POST'); 210 211 promise_test(() => { 212 const key = '{{uuid()}}'; 213 const url = makeRequestURL(key, ['httpsCrossSite', 'httpsSameSite'], responseParams); 214 const userActivated = false; 215 return induceRequest('GET', url, userActivated) 216 .then(() => retrieve(key)) 217 .then((headers) => { 218 assert_own_property(headers, 'sec-fetch-site'); 219 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 220 }); 221 }, 'sec-fetch-site - Cross-Site -> Same-Site - GET'); 222 223 promise_test(() => { 224 const key = '{{uuid()}}'; 225 const url = makeRequestURL(key, ['httpsCrossSite', 'httpsSameSite'], responseParams); 226 const userActivated = false; 227 return induceRequest('POST', url, userActivated) 228 .then(() => retrieve(key)) 229 .then((headers) => { 230 assert_own_property(headers, 'sec-fetch-site'); 231 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 232 }); 233 }, 'sec-fetch-site - Cross-Site -> Same-Site - POST'); 234 235 promise_test(() => { 236 const key = '{{uuid()}}'; 237 const url = makeRequestURL(key, ['httpsCrossSite', 'httpsCrossSite'], responseParams); 238 const userActivated = false; 239 return induceRequest('GET', url, userActivated) 240 .then(() => retrieve(key)) 241 .then((headers) => { 242 assert_own_property(headers, 'sec-fetch-site'); 243 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 244 }); 245 }, 'sec-fetch-site - Cross-Site -> Cross-Site - GET'); 246 247 promise_test(() => { 248 const key = '{{uuid()}}'; 249 const url = makeRequestURL(key, ['httpsCrossSite', 'httpsCrossSite'], responseParams); 250 const userActivated = false; 251 return induceRequest('POST', url, userActivated) 252 .then(() => retrieve(key)) 253 .then((headers) => { 254 assert_own_property(headers, 'sec-fetch-site'); 255 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 256 }); 257 }, 'sec-fetch-site - Cross-Site -> Cross-Site - POST'); 258 259 promise_test(() => { 260 const key = '{{uuid()}}'; 261 const url = makeRequestURL(key, ['httpsOrigin', 'httpsOrigin'], responseParams); 262 const userActivated = false; 263 return induceRequest('GET', url, userActivated) 264 .then(() => retrieve(key)) 265 .then((headers) => { 266 assert_own_property(headers, 'sec-fetch-site'); 267 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 268 }); 269 }, 'sec-fetch-site - Same-Origin -> Same Origin - GET'); 270 271 promise_test(() => { 272 const key = '{{uuid()}}'; 273 const url = makeRequestURL(key, ['httpsOrigin', 'httpsOrigin'], responseParams); 274 const userActivated = false; 275 return induceRequest('POST', url, userActivated) 276 .then(() => retrieve(key)) 277 .then((headers) => { 278 assert_own_property(headers, 'sec-fetch-site'); 279 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 280 }); 281 }, 'sec-fetch-site - Same-Origin -> Same Origin - POST'); 282 283 promise_test(() => { 284 const key = '{{uuid()}}'; 285 const url = makeRequestURL(key, ['httpsOrigin', 'httpsSameSite'], responseParams); 286 const userActivated = false; 287 return induceRequest('GET', url, userActivated) 288 .then(() => retrieve(key)) 289 .then((headers) => { 290 assert_own_property(headers, 'sec-fetch-site'); 291 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 292 }); 293 }, 'sec-fetch-site - Same-Origin -> Same-Site - GET'); 294 295 promise_test(() => { 296 const key = '{{uuid()}}'; 297 const url = makeRequestURL(key, ['httpsOrigin', 'httpsSameSite'], responseParams); 298 const userActivated = false; 299 return induceRequest('POST', url, userActivated) 300 .then(() => retrieve(key)) 301 .then((headers) => { 302 assert_own_property(headers, 'sec-fetch-site'); 303 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 304 }); 305 }, 'sec-fetch-site - Same-Origin -> Same-Site - POST'); 306 307 promise_test(() => { 308 const key = '{{uuid()}}'; 309 const url = makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite'], responseParams); 310 const userActivated = false; 311 return induceRequest('GET', url, userActivated) 312 .then(() => retrieve(key)) 313 .then((headers) => { 314 assert_own_property(headers, 'sec-fetch-site'); 315 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 316 }); 317 }, 'sec-fetch-site - Same-Origin -> Cross-Site - GET'); 318 319 promise_test(() => { 320 const key = '{{uuid()}}'; 321 const url = makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite'], responseParams); 322 const userActivated = false; 323 return induceRequest('POST', url, userActivated) 324 .then(() => retrieve(key)) 325 .then((headers) => { 326 assert_own_property(headers, 'sec-fetch-site'); 327 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 328 }); 329 }, 'sec-fetch-site - Same-Origin -> Cross-Site - POST'); 330 331 promise_test(() => { 332 const key = '{{uuid()}}'; 333 const url = makeRequestURL(key, ['httpsSameSite', 'httpsOrigin'], responseParams); 334 const userActivated = false; 335 return induceRequest('GET', url, userActivated) 336 .then(() => retrieve(key)) 337 .then((headers) => { 338 assert_own_property(headers, 'sec-fetch-site'); 339 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 340 }); 341 }, 'sec-fetch-site - Same-Site -> Same Origin - GET'); 342 343 promise_test(() => { 344 const key = '{{uuid()}}'; 345 const url = makeRequestURL(key, ['httpsSameSite', 'httpsOrigin'], responseParams); 346 const userActivated = false; 347 return induceRequest('POST', url, userActivated) 348 .then(() => retrieve(key)) 349 .then((headers) => { 350 assert_own_property(headers, 'sec-fetch-site'); 351 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 352 }); 353 }, 'sec-fetch-site - Same-Site -> Same Origin - POST'); 354 355 promise_test(() => { 356 const key = '{{uuid()}}'; 357 const url = makeRequestURL(key, ['httpsSameSite', 'httpsSameSite'], responseParams); 358 const userActivated = false; 359 return induceRequest('GET', url, userActivated) 360 .then(() => retrieve(key)) 361 .then((headers) => { 362 assert_own_property(headers, 'sec-fetch-site'); 363 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 364 }); 365 }, 'sec-fetch-site - Same-Site -> Same-Site - GET'); 366 367 promise_test(() => { 368 const key = '{{uuid()}}'; 369 const url = makeRequestURL(key, ['httpsSameSite', 'httpsSameSite'], responseParams); 370 const userActivated = false; 371 return induceRequest('POST', url, userActivated) 372 .then(() => retrieve(key)) 373 .then((headers) => { 374 assert_own_property(headers, 'sec-fetch-site'); 375 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 376 }); 377 }, 'sec-fetch-site - Same-Site -> Same-Site - POST'); 378 379 promise_test(() => { 380 const key = '{{uuid()}}'; 381 const url = makeRequestURL(key, ['httpsSameSite', 'httpsCrossSite'], responseParams); 382 const userActivated = false; 383 return induceRequest('GET', url, userActivated) 384 .then(() => retrieve(key)) 385 .then((headers) => { 386 assert_own_property(headers, 'sec-fetch-site'); 387 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 388 }); 389 }, 'sec-fetch-site - Same-Site -> Cross-Site - GET'); 390 391 promise_test(() => { 392 const key = '{{uuid()}}'; 393 const url = makeRequestURL(key, ['httpsSameSite', 'httpsCrossSite'], responseParams); 394 const userActivated = false; 395 return induceRequest('POST', url, userActivated) 396 .then(() => retrieve(key)) 397 .then((headers) => { 398 assert_own_property(headers, 'sec-fetch-site'); 399 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 400 }); 401 }, 'sec-fetch-site - Same-Site -> Cross-Site - POST'); 402 403 promise_test(() => { 404 const key = '{{uuid()}}'; 405 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams); 406 const userActivated = false; 407 return induceRequest('GET', url, userActivated) 408 .then(() => retrieve(key)) 409 .then((headers) => { 410 assert_own_property(headers, 'sec-fetch-site'); 411 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 412 }); 413 }, 'sec-fetch-site - HTTPS downgrade-upgrade - GET'); 414 415 promise_test(() => { 416 const key = '{{uuid()}}'; 417 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams); 418 const userActivated = false; 419 return induceRequest('POST', url, userActivated) 420 .then(() => retrieve(key)) 421 .then((headers) => { 422 assert_own_property(headers, 'sec-fetch-site'); 423 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 424 }); 425 }, 'sec-fetch-site - HTTPS downgrade-upgrade - POST'); 426 427 promise_test(() => { 428 const key = '{{uuid()}}'; 429 const url = makeRequestURL(key, [], responseParams); 430 const userActivated = false; 431 return induceRequest('GET', url, userActivated) 432 .then(() => retrieve(key)) 433 .then((headers) => { 434 assert_own_property(headers, 'sec-fetch-mode'); 435 assert_array_equals(headers['sec-fetch-mode'], ['navigate']); 436 }); 437 }, 'sec-fetch-mode - GET'); 438 439 promise_test(() => { 440 const key = '{{uuid()}}'; 441 const url = makeRequestURL(key, [], responseParams); 442 const userActivated = false; 443 return induceRequest('POST', url, userActivated) 444 .then(() => retrieve(key)) 445 .then((headers) => { 446 assert_own_property(headers, 'sec-fetch-mode'); 447 assert_array_equals(headers['sec-fetch-mode'], ['navigate']); 448 }); 449 }, 'sec-fetch-mode - POST'); 450 451 promise_test(() => { 452 const key = '{{uuid()}}'; 453 const url = makeRequestURL(key, [], responseParams); 454 const userActivated = false; 455 return induceRequest('GET', url, userActivated) 456 .then(() => retrieve(key)) 457 .then((headers) => { 458 assert_own_property(headers, 'sec-fetch-dest'); 459 assert_array_equals(headers['sec-fetch-dest'], ['document']); 460 }); 461 }, 'sec-fetch-dest - GET'); 462 463 promise_test(() => { 464 const key = '{{uuid()}}'; 465 const url = makeRequestURL(key, [], responseParams); 466 const userActivated = false; 467 return induceRequest('POST', url, userActivated) 468 .then(() => retrieve(key)) 469 .then((headers) => { 470 assert_own_property(headers, 'sec-fetch-dest'); 471 assert_array_equals(headers['sec-fetch-dest'], ['document']); 472 }); 473 }, 'sec-fetch-dest - POST'); 474 475 promise_test(() => { 476 const key = '{{uuid()}}'; 477 const url = makeRequestURL(key, [], responseParams); 478 const userActivated = false; 479 return induceRequest('GET', url, userActivated) 480 .then(() => retrieve(key)) 481 .then((headers) => { 482 assert_not_own_property(headers, 'sec-fetch-user'); 483 }); 484 }, 'sec-fetch-user - GET'); 485 486 promise_test(() => { 487 const key = '{{uuid()}}'; 488 const url = makeRequestURL(key, [], responseParams); 489 const userActivated = true; 490 return induceRequest('GET', url, userActivated) 491 .then(() => retrieve(key)) 492 .then((headers) => { 493 assert_own_property(headers, 'sec-fetch-user'); 494 assert_array_equals(headers['sec-fetch-user'], ['?1']); 495 }); 496 }, 'sec-fetch-user - GET with user activation'); 497 498 promise_test(() => { 499 const key = '{{uuid()}}'; 500 const url = makeRequestURL(key, [], responseParams); 501 const userActivated = false; 502 return induceRequest('POST', url, userActivated) 503 .then(() => retrieve(key)) 504 .then((headers) => { 505 assert_not_own_property(headers, 'sec-fetch-user'); 506 }); 507 }, 'sec-fetch-user - POST'); 508 509 promise_test(() => { 510 const key = '{{uuid()}}'; 511 const url = makeRequestURL(key, [], responseParams); 512 const userActivated = true; 513 return induceRequest('POST', url, userActivated) 514 .then(() => retrieve(key)) 515 .then((headers) => { 516 assert_own_property(headers, 'sec-fetch-user'); 517 assert_array_equals(headers['sec-fetch-user'], ['?1']); 518 }); 519 }, 'sec-fetch-user - POST with user activation'); 520 521 promise_test(() => { 522 const key = '{{uuid()}}'; 523 const url = makeRequestURL(key, ['httpsCrossSite'], responseParams); 524 const userActivated = false; 525 return induceRequest('GET', url, userActivated) 526 .then(() => retrieve(key)) 527 .then((headers) => { 528 assert_not_own_property(headers, 'sec-fetch-storage-access'); 529 }); 530 }, 'sec-fetch-storage-access - Cross-site - GET'); 531 532 promise_test(() => { 533 const key = '{{uuid()}}'; 534 const url = makeRequestURL(key, ['httpsCrossSite'], responseParams); 535 const userActivated = false; 536 return induceRequest('POST', url, userActivated) 537 .then(() => retrieve(key)) 538 .then((headers) => { 539 assert_not_own_property(headers, 'sec-fetch-storage-access'); 540 }); 541 }, 'sec-fetch-storage-access - Cross-site - POST'); 542 543 promise_test(() => { 544 const key = '{{uuid()}}'; 545 const url = makeRequestURL(key, ['httpsSameSite'], responseParams); 546 const userActivated = false; 547 return induceRequest('GET', url, userActivated) 548 .then(() => retrieve(key)) 549 .then((headers) => { 550 assert_not_own_property(headers, 'sec-fetch-storage-access'); 551 }); 552 }, 'sec-fetch-storage-access - Same site - GET'); 553 554 promise_test(() => { 555 const key = '{{uuid()}}'; 556 const url = makeRequestURL(key, ['httpsSameSite'], responseParams); 557 const userActivated = false; 558 return induceRequest('POST', url, userActivated) 559 .then(() => retrieve(key)) 560 .then((headers) => { 561 assert_not_own_property(headers, 'sec-fetch-storage-access'); 562 }); 563 }, 'sec-fetch-storage-access - Same site - POST'); 564 </script> 565 </body> 566 </html>