script-json-module-import-static.sub.html (8120B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/script-json-module-import-static.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for static ECMAScript module import</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 function induceRequest(url) { 19 const script = document.createElement('script'); 20 script.setAttribute('type', 'module'); 21 script.setAttribute( 22 'src', 23 '/fetch/metadata/resources/es-json-module.sub.js?moduleId=' + encodeURIComponent(url) 24 ); 25 26 return new Promise((resolve, reject) => { 27 script.onload = resolve; 28 script.onerror = () => reject('Failed to load script'); 29 document.body.appendChild(script); 30 }) 31 .then(() => script.remove()); 32 } 33 34 promise_test(() => { 35 const key = '{{uuid()}}'; 36 37 return induceRequest( 38 makeRequestURL( 39 key, 40 ['httpOrigin'], 41 { 42 mime: 'application/json', 43 body: '{}' 44 } 45 ) 46 ) 47 .then(() => retrieve(key)) 48 .then((headers) => { 49 assert_not_own_property(headers, 'sec-fetch-site'); 50 }); 51 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 52 53 promise_test(() => { 54 const key = '{{uuid()}}'; 55 56 return induceRequest( 57 makeRequestURL( 58 key, 59 ['httpSameSite'], 60 { 61 mime: 'application/json', 62 body: '{}' 63 } 64 ) 65 ) 66 .then(() => retrieve(key)) 67 .then((headers) => { 68 assert_not_own_property(headers, 'sec-fetch-site'); 69 }); 70 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 71 72 promise_test(() => { 73 const key = '{{uuid()}}'; 74 75 return induceRequest( 76 makeRequestURL( 77 key, 78 ['httpCrossSite'], 79 { 80 mime: 'application/json', 81 body: '{}' 82 } 83 ) 84 ) 85 .then(() => retrieve(key)) 86 .then((headers) => { 87 assert_not_own_property(headers, 'sec-fetch-site'); 88 }); 89 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 90 91 promise_test(() => { 92 const key = '{{uuid()}}'; 93 94 return induceRequest( 95 makeRequestURL( 96 key, 97 ['httpOrigin'], 98 { 99 mime: 'application/json', 100 body: '{}' 101 } 102 ) 103 ) 104 .then(() => retrieve(key)) 105 .then((headers) => { 106 assert_not_own_property(headers, 'sec-fetch-mode'); 107 }); 108 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 109 110 promise_test(() => { 111 const key = '{{uuid()}}'; 112 113 return induceRequest( 114 makeRequestURL( 115 key, 116 ['httpSameSite'], 117 { 118 mime: 'application/json', 119 body: '{}' 120 } 121 ) 122 ) 123 .then(() => retrieve(key)) 124 .then((headers) => { 125 assert_not_own_property(headers, 'sec-fetch-mode'); 126 }); 127 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 128 129 promise_test(() => { 130 const key = '{{uuid()}}'; 131 132 return induceRequest( 133 makeRequestURL( 134 key, 135 ['httpCrossSite'], 136 { 137 mime: 'application/json', 138 body: '{}' 139 } 140 ) 141 ) 142 .then(() => retrieve(key)) 143 .then((headers) => { 144 assert_not_own_property(headers, 'sec-fetch-mode'); 145 }); 146 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 147 148 promise_test(() => { 149 const key = '{{uuid()}}'; 150 151 return induceRequest( 152 makeRequestURL( 153 key, 154 ['httpOrigin'], 155 { 156 mime: 'application/json', 157 body: '{}' 158 } 159 ) 160 ) 161 .then(() => retrieve(key)) 162 .then((headers) => { 163 assert_not_own_property(headers, 'sec-fetch-dest'); 164 }); 165 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 166 167 promise_test(() => { 168 const key = '{{uuid()}}'; 169 170 return induceRequest( 171 makeRequestURL( 172 key, 173 ['httpSameSite'], 174 { 175 mime: 'application/json', 176 body: '{}' 177 } 178 ) 179 ) 180 .then(() => retrieve(key)) 181 .then((headers) => { 182 assert_not_own_property(headers, 'sec-fetch-dest'); 183 }); 184 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 185 186 promise_test(() => { 187 const key = '{{uuid()}}'; 188 189 return induceRequest( 190 makeRequestURL( 191 key, 192 ['httpCrossSite'], 193 { 194 mime: 'application/json', 195 body: '{}' 196 } 197 ) 198 ) 199 .then(() => retrieve(key)) 200 .then((headers) => { 201 assert_not_own_property(headers, 'sec-fetch-dest'); 202 }); 203 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 204 205 promise_test(() => { 206 const key = '{{uuid()}}'; 207 208 return induceRequest( 209 makeRequestURL( 210 key, 211 ['httpOrigin'], 212 { 213 mime: 'application/json', 214 body: '{}' 215 } 216 ) 217 ) 218 .then(() => retrieve(key)) 219 .then((headers) => { 220 assert_not_own_property(headers, 'sec-fetch-user'); 221 }); 222 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 223 224 promise_test(() => { 225 const key = '{{uuid()}}'; 226 227 return induceRequest( 228 makeRequestURL( 229 key, 230 ['httpSameSite'], 231 { 232 mime: 'application/json', 233 body: '{}' 234 } 235 ) 236 ) 237 .then(() => retrieve(key)) 238 .then((headers) => { 239 assert_not_own_property(headers, 'sec-fetch-user'); 240 }); 241 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 242 243 promise_test(() => { 244 const key = '{{uuid()}}'; 245 246 return induceRequest( 247 makeRequestURL( 248 key, 249 ['httpCrossSite'], 250 { 251 mime: 'application/json', 252 body: '{}' 253 } 254 ) 255 ) 256 .then(() => retrieve(key)) 257 .then((headers) => { 258 assert_not_own_property(headers, 'sec-fetch-user'); 259 }); 260 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 261 262 promise_test(() => { 263 const key = '{{uuid()}}'; 264 265 return induceRequest( 266 makeRequestURL( 267 key, 268 ['httpsOrigin', 'httpOrigin'], 269 { 270 mime: 'application/json', 271 body: '{}' 272 } 273 ) 274 ) 275 .then(() => retrieve(key)) 276 .then((headers) => { 277 assert_not_own_property(headers, 'sec-fetch-site'); 278 }); 279 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 280 281 promise_test(() => { 282 const key = '{{uuid()}}'; 283 284 return induceRequest( 285 makeRequestURL( 286 key, 287 ['httpOrigin', 'httpsOrigin'], 288 { 289 mime: 'application/json', 290 body: '{}' 291 } 292 ) 293 ) 294 .then(() => retrieve(key)) 295 .then((headers) => { 296 assert_own_property(headers, 'sec-fetch-site'); 297 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 298 }); 299 }, 'sec-fetch-site - HTTPS upgrade'); 300 301 promise_test(() => { 302 const key = '{{uuid()}}'; 303 304 return induceRequest( 305 makeRequestURL( 306 key, 307 ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], 308 { 309 mime: 'application/json', 310 body: '{}' 311 } 312 ) 313 ) 314 .then(() => retrieve(key)) 315 .then((headers) => { 316 assert_own_property(headers, 'sec-fetch-site'); 317 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 318 }); 319 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 320 </script> 321 </html>