script-module-import-dynamic.sub.html (7805B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/script-module-import-dynamic.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for dynamic ECMAScript module import</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <script type="module"> 15 'use strict'; 16 17 promise_test(() => { 18 const key = '{{uuid()}}'; 19 const url = makeRequestURL( 20 key, ['httpOrigin'], { mime: 'application/javascript' } 21 ); 22 23 return import(url) 24 .then(() => retrieve(key)) 25 .then((headers) => { 26 assert_not_own_property(headers, 'sec-fetch-site'); 27 }); 28 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 29 30 promise_test(() => { 31 const key = '{{uuid()}}'; 32 const url = makeRequestURL( 33 key, ['httpSameSite'], { mime: 'application/javascript' } 34 ); 35 36 return import(url) 37 .then(() => retrieve(key)) 38 .then((headers) => { 39 assert_not_own_property(headers, 'sec-fetch-site'); 40 }); 41 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 42 43 promise_test(() => { 44 const key = '{{uuid()}}'; 45 const url = makeRequestURL( 46 key, ['httpCrossSite'], { mime: 'application/javascript' } 47 ); 48 49 return import(url) 50 .then(() => retrieve(key)) 51 .then((headers) => { 52 assert_not_own_property(headers, 'sec-fetch-site'); 53 }); 54 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 55 56 promise_test(() => { 57 const key = '{{uuid()}}'; 58 const url = makeRequestURL( 59 key, ['httpOrigin'], { mime: 'application/javascript' } 60 ); 61 62 return import(url) 63 .then(() => retrieve(key)) 64 .then((headers) => { 65 assert_not_own_property(headers, 'sec-fetch-mode'); 66 }); 67 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 68 69 promise_test(() => { 70 const key = '{{uuid()}}'; 71 const url = makeRequestURL( 72 key, ['httpSameSite'], { mime: 'application/javascript' } 73 ); 74 75 return import(url) 76 .then(() => retrieve(key)) 77 .then((headers) => { 78 assert_not_own_property(headers, 'sec-fetch-mode'); 79 }); 80 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 81 82 promise_test(() => { 83 const key = '{{uuid()}}'; 84 const url = makeRequestURL( 85 key, ['httpCrossSite'], { mime: 'application/javascript' } 86 ); 87 88 return import(url) 89 .then(() => retrieve(key)) 90 .then((headers) => { 91 assert_not_own_property(headers, 'sec-fetch-mode'); 92 }); 93 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 94 95 promise_test(() => { 96 const key = '{{uuid()}}'; 97 const url = makeRequestURL( 98 key, ['httpOrigin'], { mime: 'application/javascript' } 99 ); 100 101 return import(url) 102 .then(() => retrieve(key)) 103 .then((headers) => { 104 assert_not_own_property(headers, 'sec-fetch-dest'); 105 }); 106 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 107 108 promise_test(() => { 109 const key = '{{uuid()}}'; 110 const url = makeRequestURL( 111 key, ['httpSameSite'], { mime: 'application/javascript' } 112 ); 113 114 return import(url) 115 .then(() => retrieve(key)) 116 .then((headers) => { 117 assert_not_own_property(headers, 'sec-fetch-dest'); 118 }); 119 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 120 121 promise_test(() => { 122 const key = '{{uuid()}}'; 123 const url = makeRequestURL( 124 key, ['httpCrossSite'], { mime: 'application/javascript' } 125 ); 126 127 return import(url) 128 .then(() => retrieve(key)) 129 .then((headers) => { 130 assert_not_own_property(headers, 'sec-fetch-dest'); 131 }); 132 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 133 134 promise_test(() => { 135 const key = '{{uuid()}}'; 136 const url = makeRequestURL( 137 key, ['httpOrigin'], { mime: 'application/javascript' } 138 ); 139 140 return import(url) 141 .then(() => retrieve(key)) 142 .then((headers) => { 143 assert_not_own_property(headers, 'sec-fetch-user'); 144 }); 145 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 146 147 promise_test(() => { 148 const key = '{{uuid()}}'; 149 const url = makeRequestURL( 150 key, ['httpSameSite'], { mime: 'application/javascript' } 151 ); 152 153 return import(url) 154 .then(() => retrieve(key)) 155 .then((headers) => { 156 assert_not_own_property(headers, 'sec-fetch-user'); 157 }); 158 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 159 160 promise_test(() => { 161 const key = '{{uuid()}}'; 162 const url = makeRequestURL( 163 key, ['httpCrossSite'], { mime: 'application/javascript' } 164 ); 165 166 return import(url) 167 .then(() => retrieve(key)) 168 .then((headers) => { 169 assert_not_own_property(headers, 'sec-fetch-user'); 170 }); 171 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 172 173 promise_test(() => { 174 const key = '{{uuid()}}'; 175 const url = makeRequestURL( 176 key, ['httpOrigin'], { mime: 'application/javascript' } 177 ); 178 179 return import(url) 180 .then(() => retrieve(key)) 181 .then((headers) => { 182 assert_not_own_property(headers, 'sec-fetch-storage-access'); 183 }); 184 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 185 186 promise_test(() => { 187 const key = '{{uuid()}}'; 188 const url = makeRequestURL( 189 key, ['httpSameSite'], { mime: 'application/javascript' } 190 ); 191 192 return import(url) 193 .then(() => retrieve(key)) 194 .then((headers) => { 195 assert_not_own_property(headers, 'sec-fetch-storage-access'); 196 }); 197 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 198 199 promise_test(() => { 200 const key = '{{uuid()}}'; 201 const url = makeRequestURL( 202 key, ['httpCrossSite'], { mime: 'application/javascript' } 203 ); 204 205 return import(url) 206 .then(() => retrieve(key)) 207 .then((headers) => { 208 assert_not_own_property(headers, 'sec-fetch-storage-access'); 209 }); 210 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 211 212 promise_test(() => { 213 const key = '{{uuid()}}'; 214 const url = makeRequestURL( 215 key, ['httpsOrigin', 'httpOrigin'], { mime: 'application/javascript' } 216 ); 217 218 return import(url) 219 .then(() => retrieve(key)) 220 .then((headers) => { 221 assert_not_own_property(headers, 'sec-fetch-site'); 222 }); 223 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 224 225 promise_test(() => { 226 const key = '{{uuid()}}'; 227 const url = makeRequestURL( 228 key, ['httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 229 ); 230 231 return import(url) 232 .then(() => retrieve(key)) 233 .then((headers) => { 234 assert_own_property(headers, 'sec-fetch-site'); 235 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 236 }); 237 }, 'sec-fetch-site - HTTPS upgrade'); 238 239 promise_test(() => { 240 const key = '{{uuid()}}'; 241 const url = makeRequestURL( 242 key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 243 ); 244 245 return import(url) 246 .then(() => retrieve(key)) 247 .then((headers) => { 248 assert_own_property(headers, 'sec-fetch-site'); 249 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 250 }); 251 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 252 </script> 253 </html>