header-refresh.optional.sub.html (7853B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/header-refresh.optional.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for HTTP "Refresh" header</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/fetch/metadata/resources/helper.sub.js"></script> 15 <body> 16 <script> 17 'use strict'; 18 19 function induceRequest(url, test) { 20 const win = window.open(); 21 test.add_cleanup(() => win.close()); 22 23 win.location = `/common/refresh.py?location=${encodeURIComponent(url)}` 24 25 return new Promise((resolve) => { 26 addEventListener('message', (event) => { 27 if (event.source === win) { 28 resolve(); 29 } 30 }); 31 }); 32 } 33 34 const responseParams = { 35 mime: 'text/html', 36 body: `<script>opener.postMessage(0, '*')</${''}script>` 37 }; 38 39 promise_test((t) => { 40 const key = '{{uuid()}}'; 41 42 return induceRequest( 43 makeRequestURL(key, ['httpOrigin'], responseParams), t 44 ) 45 .then(() => retrieve(key)) 46 .then((headers) => { 47 assert_not_own_property(headers, 'sec-fetch-site'); 48 }); 49 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 50 51 promise_test((t) => { 52 const key = '{{uuid()}}'; 53 54 return induceRequest( 55 makeRequestURL(key, ['httpSameSite'], responseParams), t 56 ) 57 .then(() => retrieve(key)) 58 .then((headers) => { 59 assert_not_own_property(headers, 'sec-fetch-site'); 60 }); 61 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 62 63 promise_test((t) => { 64 const key = '{{uuid()}}'; 65 66 return induceRequest( 67 makeRequestURL(key, ['httpCrossSite'], responseParams), t 68 ) 69 .then(() => retrieve(key)) 70 .then((headers) => { 71 assert_not_own_property(headers, 'sec-fetch-site'); 72 }); 73 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 74 75 promise_test((t) => { 76 const key = '{{uuid()}}'; 77 78 return induceRequest( 79 makeRequestURL(key, ['httpOrigin'], responseParams), t 80 ) 81 .then(() => retrieve(key)) 82 .then((headers) => { 83 assert_not_own_property(headers, 'sec-fetch-mode'); 84 }); 85 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 86 87 promise_test((t) => { 88 const key = '{{uuid()}}'; 89 90 return induceRequest( 91 makeRequestURL(key, ['httpSameSite'], responseParams), t 92 ) 93 .then(() => retrieve(key)) 94 .then((headers) => { 95 assert_not_own_property(headers, 'sec-fetch-mode'); 96 }); 97 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 98 99 promise_test((t) => { 100 const key = '{{uuid()}}'; 101 102 return induceRequest( 103 makeRequestURL(key, ['httpCrossSite'], responseParams), t 104 ) 105 .then(() => retrieve(key)) 106 .then((headers) => { 107 assert_not_own_property(headers, 'sec-fetch-mode'); 108 }); 109 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 110 111 promise_test((t) => { 112 const key = '{{uuid()}}'; 113 114 return induceRequest( 115 makeRequestURL(key, ['httpOrigin'], responseParams), t 116 ) 117 .then(() => retrieve(key)) 118 .then((headers) => { 119 assert_not_own_property(headers, 'sec-fetch-dest'); 120 }); 121 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 122 123 promise_test((t) => { 124 const key = '{{uuid()}}'; 125 126 return induceRequest( 127 makeRequestURL(key, ['httpSameSite'], responseParams), t 128 ) 129 .then(() => retrieve(key)) 130 .then((headers) => { 131 assert_not_own_property(headers, 'sec-fetch-dest'); 132 }); 133 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 134 135 promise_test((t) => { 136 const key = '{{uuid()}}'; 137 138 return induceRequest( 139 makeRequestURL(key, ['httpCrossSite'], responseParams), t 140 ) 141 .then(() => retrieve(key)) 142 .then((headers) => { 143 assert_not_own_property(headers, 'sec-fetch-dest'); 144 }); 145 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 146 147 promise_test((t) => { 148 const key = '{{uuid()}}'; 149 150 return induceRequest( 151 makeRequestURL(key, ['httpOrigin'], responseParams), t 152 ) 153 .then(() => retrieve(key)) 154 .then((headers) => { 155 assert_not_own_property(headers, 'sec-fetch-user'); 156 }); 157 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 158 159 promise_test((t) => { 160 const key = '{{uuid()}}'; 161 162 return induceRequest( 163 makeRequestURL(key, ['httpSameSite'], responseParams), t 164 ) 165 .then(() => retrieve(key)) 166 .then((headers) => { 167 assert_not_own_property(headers, 'sec-fetch-user'); 168 }); 169 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 170 171 promise_test((t) => { 172 const key = '{{uuid()}}'; 173 174 return induceRequest( 175 makeRequestURL(key, ['httpCrossSite'], responseParams), t 176 ) 177 .then(() => retrieve(key)) 178 .then((headers) => { 179 assert_not_own_property(headers, 'sec-fetch-user'); 180 }); 181 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 182 183 promise_test((t) => { 184 const key = '{{uuid()}}'; 185 186 return induceRequest( 187 makeRequestURL(key, ['httpOrigin'], responseParams), t 188 ) 189 .then(() => retrieve(key)) 190 .then((headers) => { 191 assert_not_own_property(headers, 'sec-fetch-storage-access'); 192 }); 193 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 194 195 promise_test((t) => { 196 const key = '{{uuid()}}'; 197 198 return induceRequest( 199 makeRequestURL(key, ['httpSameSite'], responseParams), t 200 ) 201 .then(() => retrieve(key)) 202 .then((headers) => { 203 assert_not_own_property(headers, 'sec-fetch-storage-access'); 204 }); 205 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 206 207 promise_test((t) => { 208 const key = '{{uuid()}}'; 209 210 return induceRequest( 211 makeRequestURL(key, ['httpCrossSite'], responseParams), t 212 ) 213 .then(() => retrieve(key)) 214 .then((headers) => { 215 assert_not_own_property(headers, 'sec-fetch-storage-access'); 216 }); 217 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 218 219 promise_test((t) => { 220 const key = '{{uuid()}}'; 221 222 return induceRequest( 223 makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams), t 224 ) 225 .then(() => retrieve(key)) 226 .then((headers) => { 227 assert_not_own_property(headers, 'sec-fetch-site'); 228 }); 229 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 230 231 promise_test((t) => { 232 const key = '{{uuid()}}'; 233 234 return induceRequest( 235 makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], responseParams), t 236 ) 237 .then(() => retrieve(key)) 238 .then((headers) => { 239 assert_own_property(headers, 'sec-fetch-site'); 240 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 241 }); 242 }, 'sec-fetch-site - HTTPS upgrade'); 243 244 promise_test((t) => { 245 const key = '{{uuid()}}'; 246 247 return induceRequest( 248 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams), t 249 ) 250 .then(() => retrieve(key)) 251 .then((headers) => { 252 assert_own_property(headers, 'sec-fetch-site'); 253 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 254 }); 255 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 256 </script> 257 </body> 258 </html>