worker-dedicated-importscripts.sub.html (8353B)
1 <!DOCTYPE html> 2 <!-- 3 This test was procedurally generated. Please do not modify it directly. 4 Sources: 5 - fetch/metadata/tools/fetch-metadata.conf.yml 6 - fetch/metadata/tools/templates/worker-dedicated-importscripts.sub.html 7 --> 8 <html lang="en"> 9 <meta charset="utf-8"> 10 <title>HTTP headers on request for dedicated worker via the "importScripts" API</title> 11 <script src="/resources/testharness.js"></script> 12 <script src="/resources/testharnessreport.js"></script> 13 <script src="/fetch/metadata/resources/helper.sub.js"></script> 14 <script type="module"> 15 'use strict'; 16 function induceRequest(url, options) { 17 const src = ` 18 importScripts('${url}'); 19 postMessage('done'); 20 `; 21 const workerUrl = URL.createObjectURL( 22 new Blob([src], { type: 'application/javascript' }) 23 ); 24 return new Promise((resolve, reject) => { 25 const worker = new Worker(workerUrl, options); 26 worker.onmessage = resolve; 27 worker.onerror = reject; 28 }); 29 } 30 31 promise_test(() => { 32 const key = '{{uuid()}}'; 33 const url = makeRequestURL( 34 key, ['httpOrigin'], { mime: 'application/javascript' } 35 ); 36 37 return induceRequest(url) 38 .then(() => retrieve(key)) 39 .then((headers) => { 40 assert_not_own_property(headers, 'sec-fetch-site'); 41 }); 42 }, 'sec-fetch-site - Not sent to non-trustworthy same-origin destination'); 43 44 promise_test(() => { 45 const key = '{{uuid()}}'; 46 const url = makeRequestURL( 47 key, ['httpSameSite'], { mime: 'application/javascript' } 48 ); 49 50 return induceRequest(url) 51 .then(() => retrieve(key)) 52 .then((headers) => { 53 assert_not_own_property(headers, 'sec-fetch-site'); 54 }); 55 }, 'sec-fetch-site - Not sent to non-trustworthy same-site destination'); 56 57 promise_test(() => { 58 const key = '{{uuid()}}'; 59 const url = makeRequestURL( 60 key, ['httpCrossSite'], { mime: 'application/javascript' } 61 ); 62 63 return induceRequest(url) 64 .then(() => retrieve(key)) 65 .then((headers) => { 66 assert_not_own_property(headers, 'sec-fetch-site'); 67 }); 68 }, 'sec-fetch-site - Not sent to non-trustworthy cross-site destination'); 69 70 promise_test(() => { 71 const key = '{{uuid()}}'; 72 const url = makeRequestURL( 73 key, ['httpOrigin'], { mime: 'application/javascript' } 74 ); 75 76 return induceRequest(url) 77 .then(() => retrieve(key)) 78 .then((headers) => { 79 assert_not_own_property(headers, 'sec-fetch-mode'); 80 }); 81 }, 'sec-fetch-mode - Not sent to non-trustworthy same-origin destination'); 82 83 promise_test(() => { 84 const key = '{{uuid()}}'; 85 const url = makeRequestURL( 86 key, ['httpSameSite'], { mime: 'application/javascript' } 87 ); 88 89 return induceRequest(url) 90 .then(() => retrieve(key)) 91 .then((headers) => { 92 assert_not_own_property(headers, 'sec-fetch-mode'); 93 }); 94 }, 'sec-fetch-mode - Not sent to non-trustworthy same-site destination'); 95 96 promise_test(() => { 97 const key = '{{uuid()}}'; 98 const url = makeRequestURL( 99 key, ['httpCrossSite'], { mime: 'application/javascript' } 100 ); 101 102 return induceRequest(url) 103 .then(() => retrieve(key)) 104 .then((headers) => { 105 assert_not_own_property(headers, 'sec-fetch-mode'); 106 }); 107 }, 'sec-fetch-mode - Not sent to non-trustworthy cross-site destination'); 108 109 promise_test(() => { 110 const key = '{{uuid()}}'; 111 const url = makeRequestURL( 112 key, ['httpOrigin'], { mime: 'application/javascript' } 113 ); 114 115 return induceRequest(url) 116 .then(() => retrieve(key)) 117 .then((headers) => { 118 assert_not_own_property(headers, 'sec-fetch-dest'); 119 }); 120 }, 'sec-fetch-dest - Not sent to non-trustworthy same-origin destination'); 121 122 promise_test(() => { 123 const key = '{{uuid()}}'; 124 const url = makeRequestURL( 125 key, ['httpSameSite'], { mime: 'application/javascript' } 126 ); 127 128 return induceRequest(url) 129 .then(() => retrieve(key)) 130 .then((headers) => { 131 assert_not_own_property(headers, 'sec-fetch-dest'); 132 }); 133 }, 'sec-fetch-dest - Not sent to non-trustworthy same-site destination'); 134 135 promise_test(() => { 136 const key = '{{uuid()}}'; 137 const url = makeRequestURL( 138 key, ['httpCrossSite'], { mime: 'application/javascript' } 139 ); 140 141 return induceRequest(url) 142 .then(() => retrieve(key)) 143 .then((headers) => { 144 assert_not_own_property(headers, 'sec-fetch-dest'); 145 }); 146 }, 'sec-fetch-dest - Not sent to non-trustworthy cross-site destination'); 147 148 promise_test(() => { 149 const key = '{{uuid()}}'; 150 const url = makeRequestURL( 151 key, ['httpOrigin'], { mime: 'application/javascript' } 152 ); 153 154 return induceRequest(url) 155 .then(() => retrieve(key)) 156 .then((headers) => { 157 assert_not_own_property(headers, 'sec-fetch-user'); 158 }); 159 }, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination'); 160 161 promise_test(() => { 162 const key = '{{uuid()}}'; 163 const url = makeRequestURL( 164 key, ['httpSameSite'], { mime: 'application/javascript' } 165 ); 166 167 return induceRequest(url) 168 .then(() => retrieve(key)) 169 .then((headers) => { 170 assert_not_own_property(headers, 'sec-fetch-user'); 171 }); 172 }, 'sec-fetch-user - Not sent to non-trustworthy same-site destination'); 173 174 promise_test(() => { 175 const key = '{{uuid()}}'; 176 const url = makeRequestURL( 177 key, ['httpCrossSite'], { mime: 'application/javascript' } 178 ); 179 180 return induceRequest(url) 181 .then(() => retrieve(key)) 182 .then((headers) => { 183 assert_not_own_property(headers, 'sec-fetch-user'); 184 }); 185 }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination'); 186 187 promise_test(() => { 188 const key = '{{uuid()}}'; 189 const url = makeRequestURL( 190 key, ['httpOrigin'], { mime: 'application/javascript' } 191 ); 192 193 return induceRequest(url) 194 .then(() => retrieve(key)) 195 .then((headers) => { 196 assert_not_own_property(headers, 'sec-fetch-storage-access'); 197 }); 198 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination'); 199 200 promise_test(() => { 201 const key = '{{uuid()}}'; 202 const url = makeRequestURL( 203 key, ['httpSameSite'], { mime: 'application/javascript' } 204 ); 205 206 return induceRequest(url) 207 .then(() => retrieve(key)) 208 .then((headers) => { 209 assert_not_own_property(headers, 'sec-fetch-storage-access'); 210 }); 211 }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination'); 212 213 promise_test(() => { 214 const key = '{{uuid()}}'; 215 const url = makeRequestURL( 216 key, ['httpCrossSite'], { mime: 'application/javascript' } 217 ); 218 219 return induceRequest(url) 220 .then(() => retrieve(key)) 221 .then((headers) => { 222 assert_not_own_property(headers, 'sec-fetch-storage-access'); 223 }); 224 }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination'); 225 226 promise_test(() => { 227 const key = '{{uuid()}}'; 228 const url = makeRequestURL( 229 key, ['httpsOrigin', 'httpOrigin'], { mime: 'application/javascript' } 230 ); 231 232 return induceRequest(url) 233 .then(() => retrieve(key)) 234 .then((headers) => { 235 assert_not_own_property(headers, 'sec-fetch-site'); 236 }); 237 }, 'sec-fetch-site - HTTPS downgrade (header not sent)'); 238 239 promise_test(() => { 240 const key = '{{uuid()}}'; 241 const url = makeRequestURL( 242 key, ['httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 243 ); 244 245 return induceRequest(url) 246 .then(() => retrieve(key)) 247 .then((headers) => { 248 assert_own_property(headers, 'sec-fetch-site'); 249 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 250 }); 251 }, 'sec-fetch-site - HTTPS upgrade'); 252 253 promise_test(() => { 254 const key = '{{uuid()}}'; 255 const url = makeRequestURL( 256 key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin'], { mime: 'application/javascript' } 257 ); 258 259 return induceRequest(url) 260 .then(() => retrieve(key)) 261 .then((headers) => { 262 assert_own_property(headers, 'sec-fetch-site'); 263 assert_array_equals(headers['sec-fetch-site'], ['cross-site']); 264 }); 265 }, 'sec-fetch-site - HTTPS downgrade-upgrade'); 266 </script> 267 </html>