svg-image.https.sub.html (11487B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/svg-image.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for SVG "image" element source</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/fetch/metadata/resources/helper.sub.js"></script> 15 <body> 16 <script> 17 'use strict'; 18 19 const params = { 20 body: ` 21 <svg xmlns="http://www.w3.org/2000/svg" width="123" height="123"> 22 <rect fill="lime" width="123" height="123"/> 23 </svg> 24 `, 25 mime: 'image/svg+xml' 26 }; 27 28 function induceRequest(t, url, attributes) { 29 const svg = document.createElementNS("http://www.w3.org/2000/svg", "svg"); 30 svg.setAttributeNS( 31 "http://www.w3.org/2000/xmlns/", 32 "xmlns:xlink", 33 "http://www.w3.org/1999/xlink" 34 ); 35 const image = document.createElementNS("http://www.w3.org/2000/svg", "image"); 36 image.setAttribute("href", url); 37 svg.appendChild(image); 38 39 for (const [ name, value ] of Object.entries(attributes)) { 40 image.setAttribute(name, value); 41 } 42 43 document.body.appendChild(svg); 44 t.add_cleanup(() => svg.remove()); 45 46 return new Promise((resolve, reject) => { 47 image.onload = resolve; 48 image.onerror = reject; 49 }); 50 } 51 52 promise_test((t) => { 53 const key = '{{uuid()}}'; 54 55 return induceRequest( 56 t, 57 makeRequestURL(key, ['httpsOrigin'], params), 58 {} 59 ) 60 .then(() => retrieve(key)) 61 .then((headers) => { 62 assert_own_property(headers, 'sec-fetch-site'); 63 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 64 }); 65 }, 'sec-fetch-site - Same origin no attributes'); 66 67 promise_test((t) => { 68 const key = '{{uuid()}}'; 69 70 return induceRequest( 71 t, 72 makeRequestURL(key, ['httpsCrossSite'], params), 73 {} 74 ) 75 .then(() => retrieve(key)) 76 .then((headers) => { 77 assert_own_property(headers, 'sec-fetch-site'); 78 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 79 }); 80 }, 'sec-fetch-site - Cross-site no attributes'); 81 82 promise_test((t) => { 83 const key = '{{uuid()}}'; 84 85 return induceRequest( 86 t, 87 makeRequestURL(key, ['httpsSameSite'], params), 88 {} 89 ) 90 .then(() => retrieve(key)) 91 .then((headers) => { 92 assert_own_property(headers, 'sec-fetch-site'); 93 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 94 }); 95 }, 'sec-fetch-site - Same site no attributes'); 96 97 promise_test((t) => { 98 const key = '{{uuid()}}'; 99 100 return induceRequest( 101 t, 102 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite', 'httpsOrigin'], params), 103 {} 104 ) 105 .then(() => retrieve(key)) 106 .then((headers) => { 107 assert_own_property(headers, 'sec-fetch-site'); 108 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 109 }); 110 }, 'sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect no attributes'); 111 112 promise_test((t) => { 113 const key = '{{uuid()}}'; 114 115 return induceRequest( 116 t, 117 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite', 'httpsOrigin'], params), 118 {} 119 ) 120 .then(() => retrieve(key)) 121 .then((headers) => { 122 assert_own_property(headers, 'sec-fetch-site'); 123 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 124 }); 125 }, 'sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect no attributes'); 126 127 promise_test((t) => { 128 const key = '{{uuid()}}'; 129 130 return induceRequest( 131 t, 132 makeRequestURL(key, ['httpsCrossSite', 'httpsOrigin'], params), 133 {} 134 ) 135 .then(() => retrieve(key)) 136 .then((headers) => { 137 assert_own_property(headers, 'sec-fetch-site'); 138 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 139 }); 140 }, 'sec-fetch-site - Cross-Site -> Same Origin no attributes'); 141 142 promise_test((t) => { 143 const key = '{{uuid()}}'; 144 145 return induceRequest( 146 t, 147 makeRequestURL(key, ['httpsCrossSite', 'httpsSameSite'], params), 148 {} 149 ) 150 .then(() => retrieve(key)) 151 .then((headers) => { 152 assert_own_property(headers, 'sec-fetch-site'); 153 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 154 }); 155 }, 'sec-fetch-site - Cross-Site -> Same-Site no attributes'); 156 157 promise_test((t) => { 158 const key = '{{uuid()}}'; 159 160 return induceRequest( 161 t, 162 makeRequestURL(key, ['httpsCrossSite', 'httpsCrossSite'], params), 163 {} 164 ) 165 .then(() => retrieve(key)) 166 .then((headers) => { 167 assert_own_property(headers, 'sec-fetch-site'); 168 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 169 }); 170 }, 'sec-fetch-site - Cross-Site -> Cross-Site no attributes'); 171 172 promise_test((t) => { 173 const key = '{{uuid()}}'; 174 175 return induceRequest( 176 t, 177 makeRequestURL(key, ['httpsOrigin', 'httpsOrigin'], params), 178 {} 179 ) 180 .then(() => retrieve(key)) 181 .then((headers) => { 182 assert_own_property(headers, 'sec-fetch-site'); 183 assert_array_equals(headers['sec-fetch-site'], ['same-origin']); 184 }); 185 }, 'sec-fetch-site - Same-Origin -> Same Origin no attributes'); 186 187 promise_test((t) => { 188 const key = '{{uuid()}}'; 189 190 return induceRequest( 191 t, 192 makeRequestURL(key, ['httpsOrigin', 'httpsSameSite'], params), 193 {} 194 ) 195 .then(() => retrieve(key)) 196 .then((headers) => { 197 assert_own_property(headers, 'sec-fetch-site'); 198 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 199 }); 200 }, 'sec-fetch-site - Same-Origin -> Same-Site no attributes'); 201 202 promise_test((t) => { 203 const key = '{{uuid()}}'; 204 205 return induceRequest( 206 t, 207 makeRequestURL(key, ['httpsOrigin', 'httpsCrossSite'], params), 208 {} 209 ) 210 .then(() => retrieve(key)) 211 .then((headers) => { 212 assert_own_property(headers, 'sec-fetch-site'); 213 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 214 }); 215 }, 'sec-fetch-site - Same-Origin -> Cross-Site no attributes'); 216 217 promise_test((t) => { 218 const key = '{{uuid()}}'; 219 220 return induceRequest( 221 t, 222 makeRequestURL(key, ['httpsSameSite', 'httpsOrigin'], params), 223 {} 224 ) 225 .then(() => retrieve(key)) 226 .then((headers) => { 227 assert_own_property(headers, 'sec-fetch-site'); 228 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 229 }); 230 }, 'sec-fetch-site - Same-Site -> Same Origin no attributes'); 231 232 promise_test((t) => { 233 const key = '{{uuid()}}'; 234 235 return induceRequest( 236 t, 237 makeRequestURL(key, ['httpsSameSite', 'httpsSameSite'], params), 238 {} 239 ) 240 .then(() => retrieve(key)) 241 .then((headers) => { 242 assert_own_property(headers, 'sec-fetch-site'); 243 assert_array_equals(headers['sec-fetch-site'], ['same-site']); 244 }); 245 }, 'sec-fetch-site - Same-Site -> Same-Site no attributes'); 246 247 promise_test((t) => { 248 const key = '{{uuid()}}'; 249 250 return induceRequest( 251 t, 252 makeRequestURL(key, ['httpsSameSite', 'httpsCrossSite'], params), 253 {} 254 ) 255 .then(() => retrieve(key)) 256 .then((headers) => { 257 assert_own_property(headers, 'sec-fetch-site'); 258 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 259 }); 260 }, 'sec-fetch-site - Same-Site -> Cross-Site no attributes'); 261 262 promise_test((t) => { 263 const key = '{{uuid()}}'; 264 265 return induceRequest( 266 t, 267 makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], params), 268 {} 269 ) 270 .then(() => retrieve(key)) 271 .then((headers) => { 272 assert_own_property(headers, 'sec-fetch-site'); 273 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 274 }); 275 }, 'sec-fetch-site - HTTPS downgrade-upgrade no attributes'); 276 277 promise_test((t) => { 278 const key = '{{uuid()}}'; 279 280 return induceRequest( 281 t, 282 makeRequestURL(key, [], params), 283 {} 284 ) 285 .then(() => retrieve(key)) 286 .then((headers) => { 287 assert_own_property(headers, 'sec-fetch-mode'); 288 assert_array_equals(headers['sec-fetch-mode'], ['no-cors']); 289 }); 290 }, 'sec-fetch-mode no attributes'); 291 292 promise_test((t) => { 293 const key = '{{uuid()}}'; 294 295 return induceRequest( 296 t, 297 makeRequestURL(key, [], params), 298 {"crossorigin": ""} 299 ) 300 .then(() => retrieve(key)) 301 .then((headers) => { 302 assert_own_property(headers, 'sec-fetch-mode'); 303 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 304 }); 305 }, 'sec-fetch-mode attributes: crossorigin'); 306 307 promise_test((t) => { 308 const key = '{{uuid()}}'; 309 310 return induceRequest( 311 t, 312 makeRequestURL(key, [], params), 313 {"crossorigin": "anonymous"} 314 ) 315 .then(() => retrieve(key)) 316 .then((headers) => { 317 assert_own_property(headers, 'sec-fetch-mode'); 318 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 319 }); 320 }, 'sec-fetch-mode attributes: crossorigin=anonymous'); 321 322 promise_test((t) => { 323 const key = '{{uuid()}}'; 324 325 return induceRequest( 326 t, 327 makeRequestURL(key, [], params), 328 {"crossorigin": "use-credentials"} 329 ) 330 .then(() => retrieve(key)) 331 .then((headers) => { 332 assert_own_property(headers, 'sec-fetch-mode'); 333 assert_array_equals(headers['sec-fetch-mode'], ['cors']); 334 }); 335 }, 'sec-fetch-mode attributes: crossorigin=use-credentials'); 336 337 promise_test((t) => { 338 const key = '{{uuid()}}'; 339 340 return induceRequest( 341 t, 342 makeRequestURL(key, [], params), 343 {} 344 ) 345 .then(() => retrieve(key)) 346 .then((headers) => { 347 assert_own_property(headers, 'sec-fetch-dest'); 348 assert_array_equals(headers['sec-fetch-dest'], ['empty']); 349 }); 350 }, 'sec-fetch-dest no attributes'); 351 352 promise_test((t) => { 353 const key = '{{uuid()}}'; 354 355 return induceRequest( 356 t, 357 makeRequestURL(key, [], params), 358 {} 359 ) 360 .then(() => retrieve(key)) 361 .then((headers) => { 362 assert_not_own_property(headers, 'sec-fetch-user'); 363 }); 364 }, 'sec-fetch-user no attributes'); 365 366 promise_test((t) => { 367 const key = '{{uuid()}}'; 368 369 return induceRequest( 370 t, 371 makeRequestURL(key, ['httpsCrossSite'], params), 372 {} 373 ) 374 .then(() => retrieve(key)) 375 .then((headers) => { 376 assert_own_property(headers, 'sec-fetch-storage-access'); 377 assert_array_equals(headers['sec-fetch-storage-access'], ['none']); 378 }); 379 }, 'sec-fetch-storage-access - Cross-site no attributes'); 380 381 promise_test((t) => { 382 const key = '{{uuid()}}'; 383 384 return induceRequest( 385 t, 386 makeRequestURL(key, ['httpsSameSite'], params), 387 {} 388 ) 389 .then(() => retrieve(key)) 390 .then((headers) => { 391 assert_not_own_property(headers, 'sec-fetch-storage-access'); 392 }); 393 }, 'sec-fetch-storage-access - Same site no attributes'); 394 </script> 395 </body> 396 </html>