window-location.sub.html (36225B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/window-location.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <meta name="timeout" content="long"> 11 <title>HTTP headers on request for navigation via the HTML Location API</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src="/fetch/metadata/resources/helper.sub.js"></script> 15 <body> 16 <script> 17 'use strict'; 18 19 function induceRequest(url, navigate, userActivated) { 20 const win = window.open(); 21 22 return new Promise((resolve) => { 23 addEventListener('message', function(event) { 24 if (event.source === win) { 25 resolve(); 26 } 27 }); 28 29 if (userActivated) { 30 test_driver.bless('enable user activation', () => { 31 navigate(win, url); 32 }); 33 } else { 34 navigate(win, url); 35 } 36 }) 37 .then(() => win.close()); 38 } 39 40 const responseParams = { 41 mime: 'text/html', 42 body: `<script>opener.postMessage('done', '*')</${''}script>` 43 }; 44 45 promise_test(() => { 46 const key = '{{uuid()}}'; 47 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 48 49 const navigate = (win, path) => { 50 win.location = path; 51 }; 52 return induceRequest(url, navigate, false) 53 .then(() => retrieve(key)) 54 .then((headers) => { 55 assert_not_own_property(headers, 'sec-fetch-site'); 56 }); 57 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination - location'); 58 59 promise_test(() => { 60 const key = '{{uuid()}}'; 61 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 62 63 const navigate = (win, path) => { 64 win.location.href = path; 65 }; 66 return induceRequest(url, navigate, false) 67 .then(() => retrieve(key)) 68 .then((headers) => { 69 assert_not_own_property(headers, 'sec-fetch-site'); 70 }); 71 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination - location.href'); 72 73 promise_test(() => { 74 const key = '{{uuid()}}'; 75 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 76 77 const navigate = (win, path) => { 78 win.location.assign(path); 79 }; 80 return induceRequest(url, navigate, false) 81 .then(() => retrieve(key)) 82 .then((headers) => { 83 assert_not_own_property(headers, 'sec-fetch-site'); 84 }); 85 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination - location.assign'); 86 87 promise_test(() => { 88 const key = '{{uuid()}}'; 89 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 90 91 const navigate = (win, path) => { 92 win.location.replace(path); 93 }; 94 return induceRequest(url, navigate, false) 95 .then(() => retrieve(key)) 96 .then((headers) => { 97 assert_not_own_property(headers, 'sec-fetch-site'); 98 }); 99 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination - location.replace'); 100 101 promise_test(() => { 102 const key = '{{uuid()}}'; 103 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 104 105 const navigate = (win, path) => { 106 win.location = path; 107 }; 108 return induceRequest(url, navigate, false) 109 .then(() => retrieve(key)) 110 .then((headers) => { 111 assert_not_own_property(headers, 'sec-fetch-site'); 112 }); 113 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination - location'); 114 115 promise_test(() => { 116 const key = '{{uuid()}}'; 117 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 118 119 const navigate = (win, path) => { 120 win.location.href = path; 121 }; 122 return induceRequest(url, navigate, false) 123 .then(() => retrieve(key)) 124 .then((headers) => { 125 assert_not_own_property(headers, 'sec-fetch-site'); 126 }); 127 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination - location.href'); 128 129 promise_test(() => { 130 const key = '{{uuid()}}'; 131 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 132 133 const navigate = (win, path) => { 134 win.location.assign(path); 135 }; 136 return induceRequest(url, navigate, false) 137 .then(() => retrieve(key)) 138 .then((headers) => { 139 assert_not_own_property(headers, 'sec-fetch-site'); 140 }); 141 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination - location.assign'); 142 143 promise_test(() => { 144 const key = '{{uuid()}}'; 145 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 146 147 const navigate = (win, path) => { 148 win.location.replace(path); 149 }; 150 return induceRequest(url, navigate, false) 151 .then(() => retrieve(key)) 152 .then((headers) => { 153 assert_not_own_property(headers, 'sec-fetch-site'); 154 }); 155 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination - location.replace'); 156 157 promise_test(() => { 158 const key = '{{uuid()}}'; 159 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 160 161 const navigate = (win, path) => { 162 win.location = path; 163 }; 164 return induceRequest(url, navigate, false) 165 .then(() => retrieve(key)) 166 .then((headers) => { 167 assert_not_own_property(headers, 'sec-fetch-site'); 168 }); 169 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination - location'); 170 171 promise_test(() => { 172 const key = '{{uuid()}}'; 173 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 174 175 const navigate = (win, path) => { 176 win.location.href = path; 177 }; 178 return induceRequest(url, navigate, false) 179 .then(() => retrieve(key)) 180 .then((headers) => { 181 assert_not_own_property(headers, 'sec-fetch-site'); 182 }); 183 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination - location.href'); 184 185 promise_test(() => { 186 const key = '{{uuid()}}'; 187 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 188 189 const navigate = (win, path) => { 190 win.location.assign(path); 191 }; 192 return induceRequest(url, navigate, false) 193 .then(() => retrieve(key)) 194 .then((headers) => { 195 assert_not_own_property(headers, 'sec-fetch-site'); 196 }); 197 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination - location.assign'); 198 199 promise_test(() => { 200 const key = '{{uuid()}}'; 201 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 202 203 const navigate = (win, path) => { 204 win.location.replace(path); 205 }; 206 return induceRequest(url, navigate, false) 207 .then(() => retrieve(key)) 208 .then((headers) => { 209 assert_not_own_property(headers, 'sec-fetch-site'); 210 }); 211 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination - location.replace'); 212 213 promise_test(() => { 214 const key = '{{uuid()}}'; 215 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 216 217 const navigate = (win, path) => { 218 win.location = path; 219 }; 220 return induceRequest(url, navigate, false) 221 .then(() => retrieve(key)) 222 .then((headers) => { 223 assert_not_own_property(headers, 'sec-fetch-mode'); 224 }); 225 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination - location'); 226 227 promise_test(() => { 228 const key = '{{uuid()}}'; 229 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 230 231 const navigate = (win, path) => { 232 win.location.href = path; 233 }; 234 return induceRequest(url, navigate, false) 235 .then(() => retrieve(key)) 236 .then((headers) => { 237 assert_not_own_property(headers, 'sec-fetch-mode'); 238 }); 239 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination - location.href'); 240 241 promise_test(() => { 242 const key = '{{uuid()}}'; 243 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 244 245 const navigate = (win, path) => { 246 win.location.assign(path); 247 }; 248 return induceRequest(url, navigate, false) 249 .then(() => retrieve(key)) 250 .then((headers) => { 251 assert_not_own_property(headers, 'sec-fetch-mode'); 252 }); 253 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination - location.assign'); 254 255 promise_test(() => { 256 const key = '{{uuid()}}'; 257 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 258 259 const navigate = (win, path) => { 260 win.location.replace(path); 261 }; 262 return induceRequest(url, navigate, false) 263 .then(() => retrieve(key)) 264 .then((headers) => { 265 assert_not_own_property(headers, 'sec-fetch-mode'); 266 }); 267 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination - location.replace'); 268 269 promise_test(() => { 270 const key = '{{uuid()}}'; 271 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 272 273 const navigate = (win, path) => { 274 win.location = path; 275 }; 276 return induceRequest(url, navigate, false) 277 .then(() => retrieve(key)) 278 .then((headers) => { 279 assert_not_own_property(headers, 'sec-fetch-mode'); 280 }); 281 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination - location'); 282 283 promise_test(() => { 284 const key = '{{uuid()}}'; 285 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 286 287 const navigate = (win, path) => { 288 win.location.href = path; 289 }; 290 return induceRequest(url, navigate, false) 291 .then(() => retrieve(key)) 292 .then((headers) => { 293 assert_not_own_property(headers, 'sec-fetch-mode'); 294 }); 295 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination - location.href'); 296 297 promise_test(() => { 298 const key = '{{uuid()}}'; 299 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 300 301 const navigate = (win, path) => { 302 win.location.assign(path); 303 }; 304 return induceRequest(url, navigate, false) 305 .then(() => retrieve(key)) 306 .then((headers) => { 307 assert_not_own_property(headers, 'sec-fetch-mode'); 308 }); 309 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination - location.assign'); 310 311 promise_test(() => { 312 const key = '{{uuid()}}'; 313 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 314 315 const navigate = (win, path) => { 316 win.location.replace(path); 317 }; 318 return induceRequest(url, navigate, false) 319 .then(() => retrieve(key)) 320 .then((headers) => { 321 assert_not_own_property(headers, 'sec-fetch-mode'); 322 }); 323 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination - location.replace'); 324 325 promise_test(() => { 326 const key = '{{uuid()}}'; 327 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 328 329 const navigate = (win, path) => { 330 win.location = path; 331 }; 332 return induceRequest(url, navigate, false) 333 .then(() => retrieve(key)) 334 .then((headers) => { 335 assert_not_own_property(headers, 'sec-fetch-mode'); 336 }); 337 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination - location'); 338 339 promise_test(() => { 340 const key = '{{uuid()}}'; 341 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 342 343 const navigate = (win, path) => { 344 win.location.href = path; 345 }; 346 return induceRequest(url, navigate, false) 347 .then(() => retrieve(key)) 348 .then((headers) => { 349 assert_not_own_property(headers, 'sec-fetch-mode'); 350 }); 351 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination - location.href'); 352 353 promise_test(() => { 354 const key = '{{uuid()}}'; 355 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 356 357 const navigate = (win, path) => { 358 win.location.assign(path); 359 }; 360 return induceRequest(url, navigate, false) 361 .then(() => retrieve(key)) 362 .then((headers) => { 363 assert_not_own_property(headers, 'sec-fetch-mode'); 364 }); 365 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination - location.assign'); 366 367 promise_test(() => { 368 const key = '{{uuid()}}'; 369 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 370 371 const navigate = (win, path) => { 372 win.location.replace(path); 373 }; 374 return induceRequest(url, navigate, false) 375 .then(() => retrieve(key)) 376 .then((headers) => { 377 assert_not_own_property(headers, 'sec-fetch-mode'); 378 }); 379 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination - location.replace'); 380 381 promise_test(() => { 382 const key = '{{uuid()}}'; 383 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 384 385 const navigate = (win, path) => { 386 win.location = path; 387 }; 388 return induceRequest(url, navigate, false) 389 .then(() => retrieve(key)) 390 .then((headers) => { 391 assert_not_own_property(headers, 'sec-fetch-dest'); 392 }); 393 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination - location'); 394 395 promise_test(() => { 396 const key = '{{uuid()}}'; 397 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 398 399 const navigate = (win, path) => { 400 win.location.href = path; 401 }; 402 return induceRequest(url, navigate, false) 403 .then(() => retrieve(key)) 404 .then((headers) => { 405 assert_not_own_property(headers, 'sec-fetch-dest'); 406 }); 407 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination - location.href'); 408 409 promise_test(() => { 410 const key = '{{uuid()}}'; 411 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 412 413 const navigate = (win, path) => { 414 win.location.assign(path); 415 }; 416 return induceRequest(url, navigate, false) 417 .then(() => retrieve(key)) 418 .then((headers) => { 419 assert_not_own_property(headers, 'sec-fetch-dest'); 420 }); 421 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination - location.assign'); 422 423 promise_test(() => { 424 const key = '{{uuid()}}'; 425 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 426 427 const navigate = (win, path) => { 428 win.location.replace(path); 429 }; 430 return induceRequest(url, navigate, false) 431 .then(() => retrieve(key)) 432 .then((headers) => { 433 assert_not_own_property(headers, 'sec-fetch-dest'); 434 }); 435 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination - location.replace'); 436 437 promise_test(() => { 438 const key = '{{uuid()}}'; 439 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 440 441 const navigate = (win, path) => { 442 win.location = path; 443 }; 444 return induceRequest(url, navigate, false) 445 .then(() => retrieve(key)) 446 .then((headers) => { 447 assert_not_own_property(headers, 'sec-fetch-dest'); 448 }); 449 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination - location'); 450 451 promise_test(() => { 452 const key = '{{uuid()}}'; 453 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 454 455 const navigate = (win, path) => { 456 win.location.href = path; 457 }; 458 return induceRequest(url, navigate, false) 459 .then(() => retrieve(key)) 460 .then((headers) => { 461 assert_not_own_property(headers, 'sec-fetch-dest'); 462 }); 463 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination - location.href'); 464 465 promise_test(() => { 466 const key = '{{uuid()}}'; 467 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 468 469 const navigate = (win, path) => { 470 win.location.assign(path); 471 }; 472 return induceRequest(url, navigate, false) 473 .then(() => retrieve(key)) 474 .then((headers) => { 475 assert_not_own_property(headers, 'sec-fetch-dest'); 476 }); 477 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination - location.assign'); 478 479 promise_test(() => { 480 const key = '{{uuid()}}'; 481 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 482 483 const navigate = (win, path) => { 484 win.location.replace(path); 485 }; 486 return induceRequest(url, navigate, false) 487 .then(() => retrieve(key)) 488 .then((headers) => { 489 assert_not_own_property(headers, 'sec-fetch-dest'); 490 }); 491 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination - location.replace'); 492 493 promise_test(() => { 494 const key = '{{uuid()}}'; 495 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 496 497 const navigate = (win, path) => { 498 win.location = path; 499 }; 500 return induceRequest(url, navigate, false) 501 .then(() => retrieve(key)) 502 .then((headers) => { 503 assert_not_own_property(headers, 'sec-fetch-dest'); 504 }); 505 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination - location'); 506 507 promise_test(() => { 508 const key = '{{uuid()}}'; 509 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 510 511 const navigate = (win, path) => { 512 win.location.href = path; 513 }; 514 return induceRequest(url, navigate, false) 515 .then(() => retrieve(key)) 516 .then((headers) => { 517 assert_not_own_property(headers, 'sec-fetch-dest'); 518 }); 519 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination - location.href'); 520 521 promise_test(() => { 522 const key = '{{uuid()}}'; 523 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 524 525 const navigate = (win, path) => { 526 win.location.assign(path); 527 }; 528 return induceRequest(url, navigate, false) 529 .then(() => retrieve(key)) 530 .then((headers) => { 531 assert_not_own_property(headers, 'sec-fetch-dest'); 532 }); 533 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination - location.assign'); 534 535 promise_test(() => { 536 const key = '{{uuid()}}'; 537 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 538 539 const navigate = (win, path) => { 540 win.location.replace(path); 541 }; 542 return induceRequest(url, navigate, false) 543 .then(() => retrieve(key)) 544 .then((headers) => { 545 assert_not_own_property(headers, 'sec-fetch-dest'); 546 }); 547 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination - location.replace'); 548 549 promise_test(() => { 550 const key = '{{uuid()}}'; 551 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 552 553 const navigate = (win, path) => { 554 win.location = path; 555 }; 556 return induceRequest(url, navigate, false) 557 .then(() => retrieve(key)) 558 .then((headers) => { 559 assert_not_own_property(headers, 'sec-fetch-user'); 560 }); 561 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination - location'); 562 563 promise_test(() => { 564 const key = '{{uuid()}}'; 565 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 566 567 const navigate = (win, path) => { 568 win.location.href = path; 569 }; 570 return induceRequest(url, navigate, false) 571 .then(() => retrieve(key)) 572 .then((headers) => { 573 assert_not_own_property(headers, 'sec-fetch-user'); 574 }); 575 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination - location.href'); 576 577 promise_test(() => { 578 const key = '{{uuid()}}'; 579 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 580 581 const navigate = (win, path) => { 582 win.location.assign(path); 583 }; 584 return induceRequest(url, navigate, false) 585 .then(() => retrieve(key)) 586 .then((headers) => { 587 assert_not_own_property(headers, 'sec-fetch-user'); 588 }); 589 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination - location.assign'); 590 591 promise_test(() => { 592 const key = '{{uuid()}}'; 593 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 594 595 const navigate = (win, path) => { 596 win.location.replace(path); 597 }; 598 return induceRequest(url, navigate, false) 599 .then(() => retrieve(key)) 600 .then((headers) => { 601 assert_not_own_property(headers, 'sec-fetch-user'); 602 }); 603 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination - location.replace'); 604 605 promise_test(() => { 606 const key = '{{uuid()}}'; 607 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 608 609 const navigate = (win, path) => { 610 win.location = path; 611 }; 612 return induceRequest(url, navigate, false) 613 .then(() => retrieve(key)) 614 .then((headers) => { 615 assert_not_own_property(headers, 'sec-fetch-user'); 616 }); 617 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination - location'); 618 619 promise_test(() => { 620 const key = '{{uuid()}}'; 621 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 622 623 const navigate = (win, path) => { 624 win.location.href = path; 625 }; 626 return induceRequest(url, navigate, false) 627 .then(() => retrieve(key)) 628 .then((headers) => { 629 assert_not_own_property(headers, 'sec-fetch-user'); 630 }); 631 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination - location.href'); 632 633 promise_test(() => { 634 const key = '{{uuid()}}'; 635 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 636 637 const navigate = (win, path) => { 638 win.location.assign(path); 639 }; 640 return induceRequest(url, navigate, false) 641 .then(() => retrieve(key)) 642 .then((headers) => { 643 assert_not_own_property(headers, 'sec-fetch-user'); 644 }); 645 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination - location.assign'); 646 647 promise_test(() => { 648 const key = '{{uuid()}}'; 649 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 650 651 const navigate = (win, path) => { 652 win.location.replace(path); 653 }; 654 return induceRequest(url, navigate, false) 655 .then(() => retrieve(key)) 656 .then((headers) => { 657 assert_not_own_property(headers, 'sec-fetch-user'); 658 }); 659 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination - location.replace'); 660 661 promise_test(() => { 662 const key = '{{uuid()}}'; 663 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 664 665 const navigate = (win, path) => { 666 win.location = path; 667 }; 668 return induceRequest(url, navigate, false) 669 .then(() => retrieve(key)) 670 .then((headers) => { 671 assert_not_own_property(headers, 'sec-fetch-user'); 672 }); 673 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - location'); 674 675 promise_test(() => { 676 const key = '{{uuid()}}'; 677 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 678 679 const navigate = (win, path) => { 680 win.location.href = path; 681 }; 682 return induceRequest(url, navigate, false) 683 .then(() => retrieve(key)) 684 .then((headers) => { 685 assert_not_own_property(headers, 'sec-fetch-user'); 686 }); 687 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - location.href'); 688 689 promise_test(() => { 690 const key = '{{uuid()}}'; 691 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 692 693 const navigate = (win, path) => { 694 win.location.assign(path); 695 }; 696 return induceRequest(url, navigate, false) 697 .then(() => retrieve(key)) 698 .then((headers) => { 699 assert_not_own_property(headers, 'sec-fetch-user'); 700 }); 701 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - location.assign'); 702 703 promise_test(() => { 704 const key = '{{uuid()}}'; 705 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 706 707 const navigate = (win, path) => { 708 win.location.replace(path); 709 }; 710 return induceRequest(url, navigate, false) 711 .then(() => retrieve(key)) 712 .then((headers) => { 713 assert_not_own_property(headers, 'sec-fetch-user'); 714 }); 715 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - location.replace'); 716 717 promise_test(() => { 718 const key = '{{uuid()}}'; 719 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 720 721 const navigate = (win, path) => { 722 win.location = path; 723 }; 724 return induceRequest(url, navigate, false) 725 .then(() => retrieve(key)) 726 .then((headers) => { 727 assert_not_own_property(headers, 'sec-fetch-storage-access'); 728 }); 729 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location'); 730 731 promise_test(() => { 732 const key = '{{uuid()}}'; 733 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 734 735 const navigate = (win, path) => { 736 win.location.href = path; 737 }; 738 return induceRequest(url, navigate, false) 739 .then(() => retrieve(key)) 740 .then((headers) => { 741 assert_not_own_property(headers, 'sec-fetch-storage-access'); 742 }); 743 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location.href'); 744 745 promise_test(() => { 746 const key = '{{uuid()}}'; 747 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 748 749 const navigate = (win, path) => { 750 win.location.assign(path); 751 }; 752 return induceRequest(url, navigate, false) 753 .then(() => retrieve(key)) 754 .then((headers) => { 755 assert_not_own_property(headers, 'sec-fetch-storage-access'); 756 }); 757 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location.assign'); 758 759 promise_test(() => { 760 const key = '{{uuid()}}'; 761 const url = makeRequestURL(key, ['httpOrigin'], responseParams); 762 763 const navigate = (win, path) => { 764 win.location.replace(path); 765 }; 766 return induceRequest(url, navigate, false) 767 .then(() => retrieve(key)) 768 .then((headers) => { 769 assert_not_own_property(headers, 'sec-fetch-storage-access'); 770 }); 771 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location.replace'); 772 773 promise_test(() => { 774 const key = '{{uuid()}}'; 775 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 776 777 const navigate = (win, path) => { 778 win.location = path; 779 }; 780 return induceRequest(url, navigate, false) 781 .then(() => retrieve(key)) 782 .then((headers) => { 783 assert_not_own_property(headers, 'sec-fetch-storage-access'); 784 }); 785 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location'); 786 787 promise_test(() => { 788 const key = '{{uuid()}}'; 789 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 790 791 const navigate = (win, path) => { 792 win.location.href = path; 793 }; 794 return induceRequest(url, navigate, false) 795 .then(() => retrieve(key)) 796 .then((headers) => { 797 assert_not_own_property(headers, 'sec-fetch-storage-access'); 798 }); 799 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location.href'); 800 801 promise_test(() => { 802 const key = '{{uuid()}}'; 803 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 804 805 const navigate = (win, path) => { 806 win.location.assign(path); 807 }; 808 return induceRequest(url, navigate, false) 809 .then(() => retrieve(key)) 810 .then((headers) => { 811 assert_not_own_property(headers, 'sec-fetch-storage-access'); 812 }); 813 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location.assign'); 814 815 promise_test(() => { 816 const key = '{{uuid()}}'; 817 const url = makeRequestURL(key, ['httpSameSite'], responseParams); 818 819 const navigate = (win, path) => { 820 win.location.replace(path); 821 }; 822 return induceRequest(url, navigate, false) 823 .then(() => retrieve(key)) 824 .then((headers) => { 825 assert_not_own_property(headers, 'sec-fetch-storage-access'); 826 }); 827 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location.replace'); 828 829 promise_test(() => { 830 const key = '{{uuid()}}'; 831 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 832 833 const navigate = (win, path) => { 834 win.location = path; 835 }; 836 return induceRequest(url, navigate, false) 837 .then(() => retrieve(key)) 838 .then((headers) => { 839 assert_not_own_property(headers, 'sec-fetch-storage-access'); 840 }); 841 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location'); 842 843 promise_test(() => { 844 const key = '{{uuid()}}'; 845 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 846 847 const navigate = (win, path) => { 848 win.location.href = path; 849 }; 850 return induceRequest(url, navigate, false) 851 .then(() => retrieve(key)) 852 .then((headers) => { 853 assert_not_own_property(headers, 'sec-fetch-storage-access'); 854 }); 855 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location.href'); 856 857 promise_test(() => { 858 const key = '{{uuid()}}'; 859 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 860 861 const navigate = (win, path) => { 862 win.location.assign(path); 863 }; 864 return induceRequest(url, navigate, false) 865 .then(() => retrieve(key)) 866 .then((headers) => { 867 assert_not_own_property(headers, 'sec-fetch-storage-access'); 868 }); 869 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location.assign'); 870 871 promise_test(() => { 872 const key = '{{uuid()}}'; 873 const url = makeRequestURL(key, ['httpCrossSite'], responseParams); 874 875 const navigate = (win, path) => { 876 win.location.replace(path); 877 }; 878 return induceRequest(url, navigate, false) 879 .then(() => retrieve(key)) 880 .then((headers) => { 881 assert_not_own_property(headers, 'sec-fetch-storage-access'); 882 }); 883 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location.replace'); 884 885 promise_test(() => { 886 const key = '{{uuid()}}'; 887 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams); 888 889 const navigate = (win, path) => { 890 win.location = path; 891 }; 892 return induceRequest(url, navigate, false) 893 .then(() => retrieve(key)) 894 .then((headers) => { 895 assert_not_own_property(headers, 'sec-fetch-site'); 896 }); 897 }, 'sec-fetch-site - HTTPS downgrade (header not sent) - location'); 898 899 promise_test(() => { 900 const key = '{{uuid()}}'; 901 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams); 902 903 const navigate = (win, path) => { 904 win.location.href = path; 905 }; 906 return induceRequest(url, navigate, false) 907 .then(() => retrieve(key)) 908 .then((headers) => { 909 assert_not_own_property(headers, 'sec-fetch-site'); 910 }); 911 }, 'sec-fetch-site - HTTPS downgrade (header not sent) - location.href'); 912 913 promise_test(() => { 914 const key = '{{uuid()}}'; 915 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams); 916 917 const navigate = (win, path) => { 918 win.location.assign(path); 919 }; 920 return induceRequest(url, navigate, false) 921 .then(() => retrieve(key)) 922 .then((headers) => { 923 assert_not_own_property(headers, 'sec-fetch-site'); 924 }); 925 }, 'sec-fetch-site - HTTPS downgrade (header not sent) - location.assign'); 926 927 promise_test(() => { 928 const key = '{{uuid()}}'; 929 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams); 930 931 const navigate = (win, path) => { 932 win.location.replace(path); 933 }; 934 return induceRequest(url, navigate, false) 935 .then(() => retrieve(key)) 936 .then((headers) => { 937 assert_not_own_property(headers, 'sec-fetch-site'); 938 }); 939 }, 'sec-fetch-site - HTTPS downgrade (header not sent) - location.replace'); 940 941 promise_test(() => { 942 const key = '{{uuid()}}'; 943 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], responseParams); 944 945 const navigate = (win, path) => { 946 win.location = path; 947 }; 948 return induceRequest(url, navigate, false) 949 .then(() => retrieve(key)) 950 .then((headers) => { 951 assert_own_property(headers, 'sec-fetch-site'); 952 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 953 }); 954 }, 'sec-fetch-site - HTTPS upgrade - location'); 955 956 promise_test(() => { 957 const key = '{{uuid()}}'; 958 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], responseParams); 959 960 const navigate = (win, path) => { 961 win.location.href = path; 962 }; 963 return induceRequest(url, navigate, false) 964 .then(() => retrieve(key)) 965 .then((headers) => { 966 assert_own_property(headers, 'sec-fetch-site'); 967 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 968 }); 969 }, 'sec-fetch-site - HTTPS upgrade - location.href'); 970 971 promise_test(() => { 972 const key = '{{uuid()}}'; 973 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], responseParams); 974 975 const navigate = (win, path) => { 976 win.location.assign(path); 977 }; 978 return induceRequest(url, navigate, false) 979 .then(() => retrieve(key)) 980 .then((headers) => { 981 assert_own_property(headers, 'sec-fetch-site'); 982 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 983 }); 984 }, 'sec-fetch-site - HTTPS upgrade - location.assign'); 985 986 promise_test(() => { 987 const key = '{{uuid()}}'; 988 const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin'], responseParams); 989 990 const navigate = (win, path) => { 991 win.location.replace(path); 992 }; 993 return induceRequest(url, navigate, false) 994 .then(() => retrieve(key)) 995 .then((headers) => { 996 assert_own_property(headers, 'sec-fetch-site'); 997 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 998 }); 999 }, 'sec-fetch-site - HTTPS upgrade - location.replace'); 1000 1001 promise_test(() => { 1002 const key = '{{uuid()}}'; 1003 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams); 1004 1005 const navigate = (win, path) => { 1006 win.location = path; 1007 }; 1008 return induceRequest(url, navigate, false) 1009 .then(() => retrieve(key)) 1010 .then((headers) => { 1011 assert_own_property(headers, 'sec-fetch-site'); 1012 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1013 }); 1014 }, 'sec-fetch-site - HTTPS downgrade-upgrade - location'); 1015 1016 promise_test(() => { 1017 const key = '{{uuid()}}'; 1018 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams); 1019 1020 const navigate = (win, path) => { 1021 win.location.href = path; 1022 }; 1023 return induceRequest(url, navigate, false) 1024 .then(() => retrieve(key)) 1025 .then((headers) => { 1026 assert_own_property(headers, 'sec-fetch-site'); 1027 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1028 }); 1029 }, 'sec-fetch-site - HTTPS downgrade-upgrade - location.href'); 1030 1031 promise_test(() => { 1032 const key = '{{uuid()}}'; 1033 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams); 1034 1035 const navigate = (win, path) => { 1036 win.location.assign(path); 1037 }; 1038 return induceRequest(url, navigate, false) 1039 .then(() => retrieve(key)) 1040 .then((headers) => { 1041 assert_own_property(headers, 'sec-fetch-site'); 1042 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1043 }); 1044 }, 'sec-fetch-site - HTTPS downgrade-upgrade - location.assign'); 1045 1046 promise_test(() => { 1047 const key = '{{uuid()}}'; 1048 const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], responseParams); 1049 1050 const navigate = (win, path) => { 1051 win.location.replace(path); 1052 }; 1053 return induceRequest(url, navigate, false) 1054 .then(() => retrieve(key)) 1055 .then((headers) => { 1056 assert_own_property(headers, 'sec-fetch-site'); 1057 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 1058 }); 1059 }, 'sec-fetch-site - HTTPS downgrade-upgrade - location.replace'); 1060 </script> 1061 </body> 1062 </html>