[ tor-browser ].git.dasho

header-link.sub.html (16091B)
      1 <!DOCTYPE html>
      2 <!--
      3 This test was procedurally generated. Please do not modify it directly.
      4 Sources:
      5 - fetch/metadata/tools/fetch-metadata.conf.yml
      6 - fetch/metadata/tools/templates/header-link.sub.html
      7 -->
      8 <html lang="en">
      9  <meta charset="utf-8">
     10  <title>HTTP headers on request for HTTP "Link" header</title>
     11  <script src="/resources/testharness.js"></script>
     12  <script src="/resources/testharnessreport.js"></script>
     13  <script src="/fetch/metadata/resources/helper.sub.js"></script>
     14  <body>
     15  <script>
     16  'use strict';
     17 
     18  function induceRequest(url, rel, test) {
     19    const iframe = document.createElement('iframe');
     20 
     21    iframe.setAttribute(
     22      'src',
     23      '/fetch/metadata/resources/header-link.py' +
     24        `?location=${encodeURIComponent(url)}&rel=${rel}`
     25    );
     26 
     27    document.body.appendChild(iframe);
     28    test.add_cleanup(() => iframe.remove());
     29 
     30    return new Promise((resolve) => {
     31        iframe.onload = iframe.onerror = resolve;
     32      });
     33  }
     34 
     35  promise_test((t) => {
     36    const key = '{{uuid()}}';
     37 
     38    return induceRequest(
     39        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
     40        'icon',
     41        t
     42      )
     43      .then(() => retrieve(key))
     44      .then((headers) => {
     45          assert_not_own_property(headers, 'sec-fetch-site');
     46        });
     47  }, 'sec-fetch-site rel=icon - Not sent to non-trustworthy same-origin destination');
     48 
     49  promise_test((t) => {
     50    const key = '{{uuid()}}';
     51 
     52    return induceRequest(
     53        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
     54        'stylesheet',
     55        t
     56      )
     57      .then(() => retrieve(key))
     58      .then((headers) => {
     59          assert_not_own_property(headers, 'sec-fetch-site');
     60        });
     61  }, 'sec-fetch-site rel=stylesheet - Not sent to non-trustworthy same-origin destination');
     62 
     63  promise_test((t) => {
     64    const key = '{{uuid()}}';
     65 
     66    return induceRequest(
     67        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
     68        'icon',
     69        t
     70      )
     71      .then(() => retrieve(key))
     72      .then((headers) => {
     73          assert_not_own_property(headers, 'sec-fetch-site');
     74        });
     75  }, 'sec-fetch-site rel=icon - Not sent to non-trustworthy same-site destination');
     76 
     77  promise_test((t) => {
     78    const key = '{{uuid()}}';
     79 
     80    return induceRequest(
     81        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
     82        'stylesheet',
     83        t
     84      )
     85      .then(() => retrieve(key))
     86      .then((headers) => {
     87          assert_not_own_property(headers, 'sec-fetch-site');
     88        });
     89  }, 'sec-fetch-site rel=stylesheet - Not sent to non-trustworthy same-site destination');
     90 
     91  promise_test((t) => {
     92    const key = '{{uuid()}}';
     93 
     94    return induceRequest(
     95        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
     96        'icon',
     97        t
     98      )
     99      .then(() => retrieve(key))
    100      .then((headers) => {
    101          assert_not_own_property(headers, 'sec-fetch-site');
    102        });
    103  }, 'sec-fetch-site rel=icon - Not sent to non-trustworthy cross-site destination');
    104 
    105  promise_test((t) => {
    106    const key = '{{uuid()}}';
    107 
    108    return induceRequest(
    109        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    110        'stylesheet',
    111        t
    112      )
    113      .then(() => retrieve(key))
    114      .then((headers) => {
    115          assert_not_own_property(headers, 'sec-fetch-site');
    116        });
    117  }, 'sec-fetch-site rel=stylesheet - Not sent to non-trustworthy cross-site destination');
    118 
    119  promise_test((t) => {
    120    const key = '{{uuid()}}';
    121 
    122    return induceRequest(
    123        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    124        'icon',
    125        t
    126      )
    127      .then(() => retrieve(key))
    128      .then((headers) => {
    129          assert_not_own_property(headers, 'sec-fetch-mode');
    130        });
    131  }, 'sec-fetch-mode rel=icon - Not sent to non-trustworthy same-origin destination');
    132 
    133  promise_test((t) => {
    134    const key = '{{uuid()}}';
    135 
    136    return induceRequest(
    137        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    138        'stylesheet',
    139        t
    140      )
    141      .then(() => retrieve(key))
    142      .then((headers) => {
    143          assert_not_own_property(headers, 'sec-fetch-mode');
    144        });
    145  }, 'sec-fetch-mode rel=stylesheet - Not sent to non-trustworthy same-origin destination');
    146 
    147  promise_test((t) => {
    148    const key = '{{uuid()}}';
    149 
    150    return induceRequest(
    151        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    152        'icon',
    153        t
    154      )
    155      .then(() => retrieve(key))
    156      .then((headers) => {
    157          assert_not_own_property(headers, 'sec-fetch-mode');
    158        });
    159  }, 'sec-fetch-mode rel=icon - Not sent to non-trustworthy same-site destination');
    160 
    161  promise_test((t) => {
    162    const key = '{{uuid()}}';
    163 
    164    return induceRequest(
    165        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    166        'stylesheet',
    167        t
    168      )
    169      .then(() => retrieve(key))
    170      .then((headers) => {
    171          assert_not_own_property(headers, 'sec-fetch-mode');
    172        });
    173  }, 'sec-fetch-mode rel=stylesheet - Not sent to non-trustworthy same-site destination');
    174 
    175  promise_test((t) => {
    176    const key = '{{uuid()}}';
    177 
    178    return induceRequest(
    179        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    180        'icon',
    181        t
    182      )
    183      .then(() => retrieve(key))
    184      .then((headers) => {
    185          assert_not_own_property(headers, 'sec-fetch-mode');
    186        });
    187  }, 'sec-fetch-mode rel=icon - Not sent to non-trustworthy cross-site destination');
    188 
    189  promise_test((t) => {
    190    const key = '{{uuid()}}';
    191 
    192    return induceRequest(
    193        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    194        'stylesheet',
    195        t
    196      )
    197      .then(() => retrieve(key))
    198      .then((headers) => {
    199          assert_not_own_property(headers, 'sec-fetch-mode');
    200        });
    201  }, 'sec-fetch-mode rel=stylesheet - Not sent to non-trustworthy cross-site destination');
    202 
    203  promise_test((t) => {
    204    const key = '{{uuid()}}';
    205 
    206    return induceRequest(
    207        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    208        'icon',
    209        t
    210      )
    211      .then(() => retrieve(key))
    212      .then((headers) => {
    213          assert_not_own_property(headers, 'sec-fetch-dest');
    214        });
    215  }, 'sec-fetch-dest rel=icon - Not sent to non-trustworthy same-origin destination');
    216 
    217  promise_test((t) => {
    218    const key = '{{uuid()}}';
    219 
    220    return induceRequest(
    221        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    222        'stylesheet',
    223        t
    224      )
    225      .then(() => retrieve(key))
    226      .then((headers) => {
    227          assert_not_own_property(headers, 'sec-fetch-dest');
    228        });
    229  }, 'sec-fetch-dest rel=stylesheet - Not sent to non-trustworthy same-origin destination');
    230 
    231  promise_test((t) => {
    232    const key = '{{uuid()}}';
    233 
    234    return induceRequest(
    235        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    236        'icon',
    237        t
    238      )
    239      .then(() => retrieve(key))
    240      .then((headers) => {
    241          assert_not_own_property(headers, 'sec-fetch-dest');
    242        });
    243  }, 'sec-fetch-dest rel=icon - Not sent to non-trustworthy same-site destination');
    244 
    245  promise_test((t) => {
    246    const key = '{{uuid()}}';
    247 
    248    return induceRequest(
    249        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    250        'stylesheet',
    251        t
    252      )
    253      .then(() => retrieve(key))
    254      .then((headers) => {
    255          assert_not_own_property(headers, 'sec-fetch-dest');
    256        });
    257  }, 'sec-fetch-dest rel=stylesheet - Not sent to non-trustworthy same-site destination');
    258 
    259  promise_test((t) => {
    260    const key = '{{uuid()}}';
    261 
    262    return induceRequest(
    263        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    264        'icon',
    265        t
    266      )
    267      .then(() => retrieve(key))
    268      .then((headers) => {
    269          assert_not_own_property(headers, 'sec-fetch-dest');
    270        });
    271  }, 'sec-fetch-dest rel=icon - Not sent to non-trustworthy cross-site destination');
    272 
    273  promise_test((t) => {
    274    const key = '{{uuid()}}';
    275 
    276    return induceRequest(
    277        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    278        'stylesheet',
    279        t
    280      )
    281      .then(() => retrieve(key))
    282      .then((headers) => {
    283          assert_not_own_property(headers, 'sec-fetch-dest');
    284        });
    285  }, 'sec-fetch-dest rel=stylesheet - Not sent to non-trustworthy cross-site destination');
    286 
    287  promise_test((t) => {
    288    const key = '{{uuid()}}';
    289 
    290    return induceRequest(
    291        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    292        'icon',
    293        t
    294      )
    295      .then(() => retrieve(key))
    296      .then((headers) => {
    297          assert_not_own_property(headers, 'sec-fetch-user');
    298        });
    299  }, 'sec-fetch-user rel=icon - Not sent to non-trustworthy same-origin destination');
    300 
    301  promise_test((t) => {
    302    const key = '{{uuid()}}';
    303 
    304    return induceRequest(
    305        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    306        'stylesheet',
    307        t
    308      )
    309      .then(() => retrieve(key))
    310      .then((headers) => {
    311          assert_not_own_property(headers, 'sec-fetch-user');
    312        });
    313  }, 'sec-fetch-user rel=stylesheet - Not sent to non-trustworthy same-origin destination');
    314 
    315  promise_test((t) => {
    316    const key = '{{uuid()}}';
    317 
    318    return induceRequest(
    319        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    320        'icon',
    321        t
    322      )
    323      .then(() => retrieve(key))
    324      .then((headers) => {
    325          assert_not_own_property(headers, 'sec-fetch-user');
    326        });
    327  }, 'sec-fetch-user rel=icon - Not sent to non-trustworthy same-site destination');
    328 
    329  promise_test((t) => {
    330    const key = '{{uuid()}}';
    331 
    332    return induceRequest(
    333        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    334        'stylesheet',
    335        t
    336      )
    337      .then(() => retrieve(key))
    338      .then((headers) => {
    339          assert_not_own_property(headers, 'sec-fetch-user');
    340        });
    341  }, 'sec-fetch-user rel=stylesheet - Not sent to non-trustworthy same-site destination');
    342 
    343  promise_test((t) => {
    344    const key = '{{uuid()}}';
    345 
    346    return induceRequest(
    347        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    348        'icon',
    349        t
    350      )
    351      .then(() => retrieve(key))
    352      .then((headers) => {
    353          assert_not_own_property(headers, 'sec-fetch-user');
    354        });
    355  }, 'sec-fetch-user rel=icon - Not sent to non-trustworthy cross-site destination');
    356 
    357  promise_test((t) => {
    358    const key = '{{uuid()}}';
    359 
    360    return induceRequest(
    361        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    362        'stylesheet',
    363        t
    364      )
    365      .then(() => retrieve(key))
    366      .then((headers) => {
    367          assert_not_own_property(headers, 'sec-fetch-user');
    368        });
    369  }, 'sec-fetch-user rel=stylesheet - Not sent to non-trustworthy cross-site destination');
    370 
    371  promise_test((t) => {
    372    const key = '{{uuid()}}';
    373 
    374    return induceRequest(
    375        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    376        'icon',
    377        t
    378      )
    379      .then(() => retrieve(key))
    380      .then((headers) => {
    381          assert_not_own_property(headers, 'sec-fetch-storage-access');
    382        });
    383  }, 'sec-fetch-storage-access rel=icon - Not sent to non-trustworthy same-origin destination');
    384 
    385  promise_test((t) => {
    386    const key = '{{uuid()}}';
    387 
    388    return induceRequest(
    389        makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
    390        'stylesheet',
    391        t
    392      )
    393      .then(() => retrieve(key))
    394      .then((headers) => {
    395          assert_not_own_property(headers, 'sec-fetch-storage-access');
    396        });
    397  }, 'sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy same-origin destination');
    398 
    399  promise_test((t) => {
    400    const key = '{{uuid()}}';
    401 
    402    return induceRequest(
    403        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    404        'icon',
    405        t
    406      )
    407      .then(() => retrieve(key))
    408      .then((headers) => {
    409          assert_not_own_property(headers, 'sec-fetch-storage-access');
    410        });
    411  }, 'sec-fetch-storage-access rel=icon - Not sent to non-trustworthy same-site destination');
    412 
    413  promise_test((t) => {
    414    const key = '{{uuid()}}';
    415 
    416    return induceRequest(
    417        makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
    418        'stylesheet',
    419        t
    420      )
    421      .then(() => retrieve(key))
    422      .then((headers) => {
    423          assert_not_own_property(headers, 'sec-fetch-storage-access');
    424        });
    425  }, 'sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy same-site destination');
    426 
    427  promise_test((t) => {
    428    const key = '{{uuid()}}';
    429 
    430    return induceRequest(
    431        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    432        'icon',
    433        t
    434      )
    435      .then(() => retrieve(key))
    436      .then((headers) => {
    437          assert_not_own_property(headers, 'sec-fetch-storage-access');
    438        });
    439  }, 'sec-fetch-storage-access rel=icon - Not sent to non-trustworthy cross-site destination');
    440 
    441  promise_test((t) => {
    442    const key = '{{uuid()}}';
    443 
    444    return induceRequest(
    445        makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
    446        'stylesheet',
    447        t
    448      )
    449      .then(() => retrieve(key))
    450      .then((headers) => {
    451          assert_not_own_property(headers, 'sec-fetch-storage-access');
    452        });
    453  }, 'sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy cross-site destination');
    454 
    455  promise_test((t) => {
    456    const key = '{{uuid()}}';
    457 
    458    return induceRequest(
    459        makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], {mime: 'text/html'}),
    460        'icon',
    461        t
    462      )
    463      .then(() => retrieve(key))
    464      .then((headers) => {
    465          assert_not_own_property(headers, 'sec-fetch-site');
    466        });
    467  }, 'sec-fetch-site rel=icon - HTTPS downgrade (header not sent)');
    468 
    469  promise_test((t) => {
    470    const key = '{{uuid()}}';
    471 
    472    return induceRequest(
    473        makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], {mime: 'text/html'}),
    474        'stylesheet',
    475        t
    476      )
    477      .then(() => retrieve(key))
    478      .then((headers) => {
    479          assert_not_own_property(headers, 'sec-fetch-site');
    480        });
    481  }, 'sec-fetch-site rel=stylesheet - HTTPS downgrade (header not sent)');
    482 
    483  promise_test((t) => {
    484    const key = '{{uuid()}}';
    485 
    486    return induceRequest(
    487        makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], {mime: 'text/html'}),
    488        'icon',
    489        t
    490      )
    491      .then(() => retrieve(key))
    492      .then((headers) => {
    493          assert_own_property(headers, 'sec-fetch-site');
    494          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    495        });
    496  }, 'sec-fetch-site rel=icon - HTTPS upgrade');
    497 
    498  promise_test((t) => {
    499    const key = '{{uuid()}}';
    500 
    501    return induceRequest(
    502        makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], {mime: 'text/html'}),
    503        'stylesheet',
    504        t
    505      )
    506      .then(() => retrieve(key))
    507      .then((headers) => {
    508          assert_own_property(headers, 'sec-fetch-site');
    509          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    510        });
    511  }, 'sec-fetch-site rel=stylesheet - HTTPS upgrade');
    512 
    513  promise_test((t) => {
    514    const key = '{{uuid()}}';
    515 
    516    return induceRequest(
    517        makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], {mime: 'text/html'}),
    518        'icon',
    519        t
    520      )
    521      .then(() => retrieve(key))
    522      .then((headers) => {
    523          assert_own_property(headers, 'sec-fetch-site');
    524          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    525        });
    526  }, 'sec-fetch-site rel=icon - HTTPS downgrade-upgrade');
    527 
    528  promise_test((t) => {
    529    const key = '{{uuid()}}';
    530 
    531    return induceRequest(
    532        makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], {mime: 'text/html'}),
    533        'stylesheet',
    534        t
    535      )
    536      .then(() => retrieve(key))
    537      .then((headers) => {
    538          assert_own_property(headers, 'sec-fetch-site');
    539          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    540        });
    541  }, 'sec-fetch-site rel=stylesheet - HTTPS downgrade-upgrade');
    542  </script>
    543  </body>
    544 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE