tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

svg-image.sub.html (8704B)

      1 <!DOCTYPE html>
      2 <!--
      3 This test was procedurally generated. Please do not modify it directly.
      4 Sources:
      5 - fetch/metadata/tools/fetch-metadata.conf.yml
      6 - fetch/metadata/tools/templates/svg-image.sub.html
      7 -->
      8 <html lang="en">
      9  <meta charset="utf-8">
     10  <meta name="timeout" content="long">
     11  <title>HTTP headers on request for SVG "image" element source</title>
     12  <script src="/resources/testharness.js"></script>
     13  <script src="/resources/testharnessreport.js"></script>
     14  <script src="/fetch/metadata/resources/helper.sub.js"></script>
     15  <body>
     16  <script>
     17  'use strict';
     18 
     19  const params = {
     20    body: `
     21      <svg xmlns="http://www.w3.org/2000/svg" width="123" height="123">
     22        <rect fill="lime" width="123" height="123"/>
     23      </svg>
     24    `,
     25    mime: 'image/svg+xml'
     26  };
     27 
     28  function induceRequest(t, url, attributes) {
     29    const svg = document.createElementNS("http://www.w3.org/2000/svg", "svg");
     30    svg.setAttributeNS(
     31      "http://www.w3.org/2000/xmlns/",
     32      "xmlns:xlink",
     33      "http://www.w3.org/1999/xlink"
     34    );
     35    const image = document.createElementNS("http://www.w3.org/2000/svg", "image");
     36    image.setAttribute("href", url);
     37    svg.appendChild(image);
     38 
     39    for (const [ name, value ] of Object.entries(attributes)) {
     40      image.setAttribute(name, value);
     41    }
     42 
     43    document.body.appendChild(svg);
     44    t.add_cleanup(() => svg.remove());
     45 
     46    return new Promise((resolve, reject) => {
     47      image.onload = resolve;
     48      image.onerror = reject;
     49    });
     50  }
     51 
     52  promise_test((t) => {
     53    const key = '{{uuid()}}';
     54 
     55    return induceRequest(
     56        t,
     57        makeRequestURL(key, ['httpOrigin'], params),
     58        {}
     59      )
     60      .then(() => retrieve(key))
     61      .then((headers) => {
     62          assert_not_own_property(headers, 'sec-fetch-site');
     63      });
     64  }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination no attributes');
     65 
     66  promise_test((t) => {
     67    const key = '{{uuid()}}';
     68 
     69    return induceRequest(
     70        t,
     71        makeRequestURL(key, ['httpSameSite'], params),
     72        {}
     73      )
     74      .then(() => retrieve(key))
     75      .then((headers) => {
     76          assert_not_own_property(headers, 'sec-fetch-site');
     77      });
     78  }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination no attributes');
     79 
     80  promise_test((t) => {
     81    const key = '{{uuid()}}';
     82 
     83    return induceRequest(
     84        t,
     85        makeRequestURL(key, ['httpCrossSite'], params),
     86        {}
     87      )
     88      .then(() => retrieve(key))
     89      .then((headers) => {
     90          assert_not_own_property(headers, 'sec-fetch-site');
     91      });
     92  }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination no attributes');
     93 
     94  promise_test((t) => {
     95    const key = '{{uuid()}}';
     96 
     97    return induceRequest(
     98        t,
     99        makeRequestURL(key, ['httpOrigin'], params),
    100        {}
    101      )
    102      .then(() => retrieve(key))
    103      .then((headers) => {
    104          assert_not_own_property(headers, 'sec-fetch-mode');
    105      });
    106  }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination no attributes');
    107 
    108  promise_test((t) => {
    109    const key = '{{uuid()}}';
    110 
    111    return induceRequest(
    112        t,
    113        makeRequestURL(key, ['httpSameSite'], params),
    114        {}
    115      )
    116      .then(() => retrieve(key))
    117      .then((headers) => {
    118          assert_not_own_property(headers, 'sec-fetch-mode');
    119      });
    120  }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination no attributes');
    121 
    122  promise_test((t) => {
    123    const key = '{{uuid()}}';
    124 
    125    return induceRequest(
    126        t,
    127        makeRequestURL(key, ['httpCrossSite'], params),
    128        {}
    129      )
    130      .then(() => retrieve(key))
    131      .then((headers) => {
    132          assert_not_own_property(headers, 'sec-fetch-mode');
    133      });
    134  }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination no attributes');
    135 
    136  promise_test((t) => {
    137    const key = '{{uuid()}}';
    138 
    139    return induceRequest(
    140        t,
    141        makeRequestURL(key, ['httpOrigin'], params),
    142        {}
    143      )
    144      .then(() => retrieve(key))
    145      .then((headers) => {
    146          assert_not_own_property(headers, 'sec-fetch-dest');
    147      });
    148  }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination no attributes');
    149 
    150  promise_test((t) => {
    151    const key = '{{uuid()}}';
    152 
    153    return induceRequest(
    154        t,
    155        makeRequestURL(key, ['httpSameSite'], params),
    156        {}
    157      )
    158      .then(() => retrieve(key))
    159      .then((headers) => {
    160          assert_not_own_property(headers, 'sec-fetch-dest');
    161      });
    162  }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination no attributes');
    163 
    164  promise_test((t) => {
    165    const key = '{{uuid()}}';
    166 
    167    return induceRequest(
    168        t,
    169        makeRequestURL(key, ['httpCrossSite'], params),
    170        {}
    171      )
    172      .then(() => retrieve(key))
    173      .then((headers) => {
    174          assert_not_own_property(headers, 'sec-fetch-dest');
    175      });
    176  }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination no attributes');
    177 
    178  promise_test((t) => {
    179    const key = '{{uuid()}}';
    180 
    181    return induceRequest(
    182        t,
    183        makeRequestURL(key, ['httpOrigin'], params),
    184        {}
    185      )
    186      .then(() => retrieve(key))
    187      .then((headers) => {
    188          assert_not_own_property(headers, 'sec-fetch-user');
    189      });
    190  }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination no attributes');
    191 
    192  promise_test((t) => {
    193    const key = '{{uuid()}}';
    194 
    195    return induceRequest(
    196        t,
    197        makeRequestURL(key, ['httpSameSite'], params),
    198        {}
    199      )
    200      .then(() => retrieve(key))
    201      .then((headers) => {
    202          assert_not_own_property(headers, 'sec-fetch-user');
    203      });
    204  }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination no attributes');
    205 
    206  promise_test((t) => {
    207    const key = '{{uuid()}}';
    208 
    209    return induceRequest(
    210        t,
    211        makeRequestURL(key, ['httpCrossSite'], params),
    212        {}
    213      )
    214      .then(() => retrieve(key))
    215      .then((headers) => {
    216          assert_not_own_property(headers, 'sec-fetch-user');
    217      });
    218  }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination no attributes');
    219 
    220  promise_test((t) => {
    221    const key = '{{uuid()}}';
    222 
    223    return induceRequest(
    224        t,
    225        makeRequestURL(key, ['httpOrigin'], params),
    226        {}
    227      )
    228      .then(() => retrieve(key))
    229      .then((headers) => {
    230          assert_not_own_property(headers, 'sec-fetch-storage-access');
    231      });
    232  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination no attributes');
    233 
    234  promise_test((t) => {
    235    const key = '{{uuid()}}';
    236 
    237    return induceRequest(
    238        t,
    239        makeRequestURL(key, ['httpSameSite'], params),
    240        {}
    241      )
    242      .then(() => retrieve(key))
    243      .then((headers) => {
    244          assert_not_own_property(headers, 'sec-fetch-storage-access');
    245      });
    246  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination no attributes');
    247 
    248  promise_test((t) => {
    249    const key = '{{uuid()}}';
    250 
    251    return induceRequest(
    252        t,
    253        makeRequestURL(key, ['httpCrossSite'], params),
    254        {}
    255      )
    256      .then(() => retrieve(key))
    257      .then((headers) => {
    258          assert_not_own_property(headers, 'sec-fetch-storage-access');
    259      });
    260  }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination no attributes');
    261 
    262  promise_test((t) => {
    263    const key = '{{uuid()}}';
    264 
    265    return induceRequest(
    266        t,
    267        makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], params),
    268        {}
    269      )
    270      .then(() => retrieve(key))
    271      .then((headers) => {
    272          assert_not_own_property(headers, 'sec-fetch-site');
    273      });
    274  }, 'sec-fetch-site - HTTPS downgrade (header not sent) no attributes');
    275 
    276  promise_test((t) => {
    277    const key = '{{uuid()}}';
    278 
    279    return induceRequest(
    280        t,
    281        makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], params),
    282        {}
    283      )
    284      .then(() => retrieve(key))
    285      .then((headers) => {
    286          assert_own_property(headers, 'sec-fetch-site');
    287          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    288      });
    289  }, 'sec-fetch-site - HTTPS upgrade no attributes');
    290 
    291  promise_test((t) => {
    292    const key = '{{uuid()}}';
    293 
    294    return induceRequest(
    295        t,
    296        makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], params),
    297        {}
    298      )
    299      .then(() => retrieve(key))
    300      .then((headers) => {
    301          assert_own_property(headers, 'sec-fetch-site');
    302          assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
    303      });
    304  }, 'sec-fetch-site - HTTPS downgrade-upgrade no attributes');
    305  </script>
    306  </body>
    307 </html>