script-module-import-static.sub.html (8475B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/script-module-import-static.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for static ECMAScript module import</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <body> 15 <script> 16 'use strict'; 17 18 function induceRequest(url) { 19 const script = document.createElement('script'); 20 script.setAttribute('type', 'module'); 21 script.setAttribute( 22 'src', 23 '/fetch/metadata/resources/es-module.sub.js?moduleId=' + encodeURIComponent(url) 24 ); 25 26 return new Promise((resolve, reject) => { 27 script.onload = resolve; 28 script.onerror = () => reject('Failed to load script'); 29 document.body.appendChild(script); 30 }) 31 .then(() => script.remove()); 32 } 33 34 promise_test(() => { 35 const key = '{{uuid()}}'; 36 37 return induceRequest( 38 makeRequestURL( 39 key, ['httpOrigin'], { mime: 'application/javascript' } 40 ) 41 ) 42 .then(() => retrieve(key)) 43 .then((headers) => { 44 assert_not_own_property(headers, 'sec-fetch-site'); 45 }); 46 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 47 48 promise_test(() => { 49 const key = '{{uuid()}}'; 50 51 return induceRequest( 52 makeRequestURL( 53 key, ['httpSameSite'], { mime: 'application/javascript' } 54 ) 55 ) 56 .then(() => retrieve(key)) 57 .then((headers) => { 58 assert_not_own_property(headers, 'sec-fetch-site'); 59 }); 60 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 61 62 promise_test(() => { 63 const key = '{{uuid()}}'; 64 65 return induceRequest( 66 makeRequestURL( 67 key, ['httpCrossSite'], { mime: 'application/javascript' } 68 ) 69 ) 70 .then(() => retrieve(key)) 71 .then((headers) => { 72 assert_not_own_property(headers, 'sec-fetch-site'); 73 }); 74 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 75 76 promise_test(() => { 77 const key = '{{uuid()}}'; 78 79 return induceRequest( 80 makeRequestURL( 81 key, ['httpOrigin'], { mime: 'application/javascript' } 82 ) 83 ) 84 .then(() => retrieve(key)) 85 .then((headers) => { 86 assert_not_own_property(headers, 'sec-fetch-mode'); 87 }); 88 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 89 90 promise_test(() => { 91 const key = '{{uuid()}}'; 92 93 return induceRequest( 94 makeRequestURL( 95 key, ['httpSameSite'], { mime: 'application/javascript' } 96 ) 97 ) 98 .then(() => retrieve(key)) 99 .then((headers) => { 100 assert_not_own_property(headers, 'sec-fetch-mode'); 101 }); 102 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 103 104 promise_test(() => { 105 const key = '{{uuid()}}'; 106 107 return induceRequest( 108 makeRequestURL( 109 key, ['httpCrossSite'], { mime: 'application/javascript' } 110 ) 111 ) 112 .then(() => retrieve(key)) 113 .then((headers) => { 114 assert_not_own_property(headers, 'sec-fetch-mode'); 115 }); 116 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 117 118 promise_test(() => { 119 const key = '{{uuid()}}'; 120 121 return induceRequest( 122 makeRequestURL( 123 key, ['httpOrigin'], { mime: 'application/javascript' } 124 ) 125 ) 126 .then(() => retrieve(key)) 127 .then((headers) => { 128 assert_not_own_property(headers, 'sec-fetch-dest'); 129 }); 130 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 131 132 promise_test(() => { 133 const key = '{{uuid()}}'; 134 135 return induceRequest( 136 makeRequestURL( 137 key, ['httpSameSite'], { mime: 'application/javascript' } 138 ) 139 ) 140 .then(() => retrieve(key)) 141 .then((headers) => { 142 assert_not_own_property(headers, 'sec-fetch-dest'); 143 }); 144 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 145 146 promise_test(() => { 147 const key = '{{uuid()}}'; 148 149 return induceRequest( 150 makeRequestURL( 151 key, ['httpCrossSite'], { mime: 'application/javascript' } 152 ) 153 ) 154 .then(() => retrieve(key)) 155 .then((headers) => { 156 assert_not_own_property(headers, 'sec-fetch-dest'); 157 }); 158 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 159 160 promise_test(() => { 161 const key = '{{uuid()}}'; 162 163 return induceRequest( 164 makeRequestURL( 165 key, ['httpOrigin'], { mime: 'application/javascript' } 166 ) 167 ) 168 .then(() => retrieve(key)) 169 .then((headers) => { 170 assert_not_own_property(headers, 'sec-fetch-user'); 171 }); 172 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 173 174 promise_test(() => { 175 const key = '{{uuid()}}'; 176 177 return induceRequest( 178 makeRequestURL( 179 key, ['httpSameSite'], { mime: 'application/javascript' } 180 ) 181 ) 182 .then(() => retrieve(key)) 183 .then((headers) => { 184 assert_not_own_property(headers, 'sec-fetch-user'); 185 }); 186 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 187 188 promise_test(() => { 189 const key = '{{uuid()}}'; 190 191 return induceRequest( 192 makeRequestURL( 193 key, ['httpCrossSite'], { mime: 'application/javascript' } 194 ) 195 ) 196 .then(() => retrieve(key)) 197 .then((headers) => { 198 assert_not_own_property(headers, 'sec-fetch-user'); 199 }); 200 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 201 202 promise_test(() => { 203 const key = '{{uuid()}}'; 204 205 return induceRequest( 206 makeRequestURL( 207 key, ['httpOrigin'], { mime: 'application/javascript' } 208 ) 209 ) 210 .then(() => retrieve(key)) 211 .then((headers) => { 212 assert_not_own_property(headers, 'sec-fetch-storage-access'); 213 }); 214 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 215 216 promise_test(() => { 217 const key = '{{uuid()}}'; 218 219 return induceRequest( 220 makeRequestURL( 221 key, ['httpSameSite'], { mime: 'application/javascript' } 222 ) 223 ) 224 .then(() => retrieve(key)) 225 .then((headers) => { 226 assert_not_own_property(headers, 'sec-fetch-storage-access'); 227 }); 228 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 229 230 promise_test(() => { 231 const key = '{{uuid()}}'; 232 233 return induceRequest( 234 makeRequestURL( 235 key, ['httpCrossSite'], { mime: 'application/javascript' } 236 ) 237 ) 238 .then(() => retrieve(key)) 239 .then((headers) => { 240 assert_not_own_property(headers, 'sec-fetch-storage-access'); 241 }); 242 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 243 244 promise_test(() => { 245 const key = '{{uuid()}}'; 246 247 return induceRequest( 248 makeRequestURL( 249 key, ['httpsOrigin', 'httpOrigin'], { mime: 'application/javascript' } 250 ) 251 ) 252 .then(() => retrieve(key)) 253 .then((headers) => { 254 assert_not_own_property(headers, 'sec-fetch-site'); 255 }); 256 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 257 258 promise_test(() => { 259 const key = '{{uuid()}}'; 260 261 return induceRequest( 262 makeRequestURL( 263 key, ['httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 264 ) 265 ) 266 .then(() => retrieve(key)) 267 .then((headers) => { 268 assert_own_property(headers, 'sec-fetch-site'); 269 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 270 }); 271 }, 'sec-fetch-site - HTTPS upgrade'); 272 273 promise_test(() => { 274 const key = '{{uuid()}}'; 275 276 return induceRequest( 277 makeRequestURL( 278 key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 279 ) 280 ) 281 .then(() => retrieve(key)) 282 .then((headers) => { 283 assert_own_property(headers, 'sec-fetch-site'); 284 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 285 }); 286 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 287 </script> 288 </html>