navigation-headers.https.html (43014B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"/> 3 <meta name="timeout" content="long"> 4 <title>Service Worker: Navigation Post Request Origin Header</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script> 9 <body> 10 <script> 11 'use strict'; 12 13 const script = new URL('./resources/fetch-rewrite-worker.js', self.location); 14 const base = './resources/navigation-headers-server.py'; 15 const scope = base + '?with-sw'; 16 let registration; 17 18 async function post_and_get_headers(t, form_host, method, swaction, 19 redirect_hosts=[]) { 20 if (swaction === 'navpreload') { 21 assert_true('navigationPreload' in registration, 22 'navigation preload must be supported'); 23 } 24 let target_string; 25 if (swaction === 'no-sw') { 26 target_string = base + '?no-sw'; 27 } else if (swaction === 'fallback') { 28 target_string = `${scope}&ignore`; 29 } else { 30 target_string = `${scope}&${swaction}`; 31 } 32 let target = new URL(target_string, self.location); 33 34 for (let i = redirect_hosts.length - 1; i >= 0; --i) { 35 const redirect_url = new URL('./resources/redirect.py', self.location); 36 redirect_url.hostname = redirect_hosts[i]; 37 redirect_url.search = `?Status=307&Redirect=${encodeURIComponent(target)}`; 38 target = redirect_url; 39 } 40 41 let popup_url_path; 42 if (method === 'GET') { 43 popup_url_path = './resources/location-setter.html'; 44 } else if (method === 'POST') { 45 popup_url_path = './resources/form-poster.html'; 46 } 47 48 const popup_url = new URL(popup_url_path, self.location); 49 popup_url.hostname = form_host; 50 popup_url.search = `?target=${encodeURIComponent(target.href)}`; 51 52 const message_promise = new Promise(resolve => { 53 self.addEventListener('message', evt => { 54 resolve(evt.data); 55 }); 56 }); 57 58 const frame = await with_iframe(popup_url); 59 t.add_cleanup(() => frame.remove()); 60 61 return await message_promise; 62 } 63 64 const SAME_ORIGIN = new URL(self.location.origin); 65 const SAME_SITE = new URL(get_host_info().HTTPS_REMOTE_ORIGIN); 66 const CROSS_SITE = new URL(get_host_info().HTTPS_NOTSAMESITE_ORIGIN); 67 68 promise_test(async t => { 69 registration = await service_worker_unregister_and_register(t, script, scope); 70 await wait_for_state(t, registration.installing, 'activated'); 71 if (registration.navigationPreload) 72 await registration.navigationPreload.enable(); 73 }, 'Setup service worker'); 74 75 // 76 // Origin and referer headers 77 // 78 79 promise_test(async t => { 80 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 81 'no-sw'); 82 assert_equals(result.origin, 'not set', 'origin header'); 83 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 84 }, 'GET Navigation, same-origin with no service worker sets correct ' + 85 'origin and referer headers.'); 86 87 promise_test(async t => { 88 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 89 'no-sw'); 90 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 91 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 92 }, 'POST Navigation, same-origin with no service worker sets correct ' + 93 'origin and referer headers.'); 94 95 promise_test(async t => { 96 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 97 'passthrough'); 98 assert_equals(result.origin, 'not set', 'origin header'); 99 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 100 }, 'GET Navigation, same-origin with passthrough service worker sets correct ' + 101 'origin and referer headers.'); 102 103 promise_test(async t => { 104 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 105 'passthrough'); 106 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 107 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 108 }, 'POST Navigation, same-origin with passthrough service worker sets correct ' + 109 'origin and referer headers.'); 110 111 promise_test(async t => { 112 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 113 'fallback'); 114 assert_equals(result.origin, 'not set', 'origin header'); 115 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 116 }, 'GET Navigation, same-origin with fallback service worker sets correct ' + 117 'origin and referer headers.'); 118 119 promise_test(async t => { 120 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 121 'fallback'); 122 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 123 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 124 }, 'POST Navigation, same-origin with fallback service worker sets correct ' + 125 'origin and referer headers.'); 126 127 promise_test(async t => { 128 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 129 'navpreload'); 130 assert_equals(result.origin, 'not set', 'origin header'); 131 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 132 }, 'GET Navigation, same-origin with navpreload service worker sets correct ' + 133 'origin and referer headers.'); 134 135 // There is no POST test for navpreload since the feature only supports GET 136 // requests. 137 138 promise_test(async t => { 139 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 140 'change-request'); 141 assert_equals(result.origin, 'not set', 'origin header'); 142 assert_equals(result.referer, script.href, 'referer header'); 143 }, 'GET Navigation, same-origin with service worker that changes the ' + 144 'request sets correct origin and referer headers.'); 145 146 promise_test(async t => { 147 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 148 'change-request'); 149 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 150 assert_equals(result.referer, script.href, 'referer header'); 151 }, 'POST Navigation, same-origin with service worker that changes the ' + 152 'request sets correct origin and referer headers.'); 153 154 promise_test(async t => { 155 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 156 'no-sw'); 157 assert_equals(result.origin, 'not set', 'origin header'); 158 assert_equals(result.referer, SAME_SITE.href, 'referer header'); 159 }, 'GET Navigation, same-site with no service worker sets correct ' + 160 'origin and referer headers.'); 161 162 promise_test(async t => { 163 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 164 'no-sw'); 165 assert_equals(result.origin, SAME_SITE.origin, 'origin header'); 166 assert_equals(result.referer, SAME_SITE.href, 'referer header'); 167 }, 'POST Navigation, same-site with no service worker sets correct ' + 168 'origin and referer headers.'); 169 170 promise_test(async t => { 171 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 172 'passthrough'); 173 assert_equals(result.origin, 'not set', 'origin header'); 174 assert_equals(result.referer, SAME_SITE.href, 'referer header'); 175 }, 'GET Navigation, same-site with passthrough service worker sets correct ' + 176 'origin and referer headers.'); 177 178 promise_test(async t => { 179 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 180 'passthrough'); 181 assert_equals(result.origin, SAME_SITE.origin, 'origin header'); 182 assert_equals(result.referer, SAME_SITE.href, 'referer header'); 183 }, 'POST Navigation, same-site with passthrough service worker sets correct ' + 184 'origin and referer headers.'); 185 186 promise_test(async t => { 187 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 188 'fallback'); 189 assert_equals(result.origin, 'not set', 'origin header'); 190 assert_equals(result.referer, SAME_SITE.href, 'referer header'); 191 }, 'GET Navigation, same-site with fallback service worker sets correct ' + 192 'origin and referer headers.'); 193 194 promise_test(async t => { 195 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 196 'fallback'); 197 assert_equals(result.origin, SAME_SITE.origin, 'origin header'); 198 assert_equals(result.referer, SAME_SITE.href, 'referer header'); 199 }, 'POST Navigation, same-site with fallback service worker sets correct ' + 200 'origin and referer headers.'); 201 202 promise_test(async t => { 203 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 204 'navpreload'); 205 assert_equals(result.origin, 'not set', 'origin header'); 206 assert_equals(result.referer, SAME_SITE.href, 'referer header'); 207 }, 'GET Navigation, same-site with navpreload service worker sets correct ' + 208 'origin and referer headers.'); 209 210 // There is no POST test for navpreload since the feature only supports GET 211 // requests. 212 213 promise_test(async t => { 214 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 215 'change-request'); 216 assert_equals(result.origin, 'not set', 'origin header'); 217 assert_equals(result.referer, script.href, 'referer header'); 218 }, 'GET Navigation, same-site with service worker that changes the ' + 219 'request sets correct origin and referer headers.'); 220 221 promise_test(async t => { 222 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 223 'change-request'); 224 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 225 assert_equals(result.referer, script.href, 'referer header'); 226 }, 'POST Navigation, same-site with service worker that changes the ' + 227 'request sets correct origin and referer headers.'); 228 229 promise_test(async t => { 230 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 231 'no-sw'); 232 assert_equals(result.origin, 'not set', 'origin header'); 233 assert_equals(result.referer, CROSS_SITE.href, 'referer header'); 234 }, 'GET Navigation, cross-site with no service worker sets correct ' + 235 'origin and referer headers.'); 236 237 promise_test(async t => { 238 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 239 'no-sw'); 240 assert_equals(result.origin, CROSS_SITE.origin, 'origin header'); 241 assert_equals(result.referer, CROSS_SITE.href, 'referer header'); 242 }, 'POST Navigation, cross-site with no service worker sets correct ' + 243 'origin and referer headers.'); 244 245 promise_test(async t => { 246 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 247 'passthrough'); 248 assert_equals(result.origin, 'not set', 'origin header'); 249 assert_equals(result.referer, CROSS_SITE.href, 'referer header'); 250 }, 'GET Navigation, cross-site with passthrough service worker sets correct ' + 251 'origin and referer headers.'); 252 253 promise_test(async t => { 254 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 255 'passthrough'); 256 assert_equals(result.origin, CROSS_SITE.origin, 'origin header'); 257 assert_equals(result.referer, CROSS_SITE.href, 'referer header'); 258 }, 'POST Navigation, cross-site with passthrough service worker sets correct ' + 259 'origin and referer headers.'); 260 261 promise_test(async t => { 262 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 263 'fallback'); 264 assert_equals(result.origin, 'not set', 'origin header'); 265 assert_equals(result.referer, CROSS_SITE.href, 'referer header'); 266 }, 'GET Navigation, cross-site with fallback service worker sets correct ' + 267 'origin and referer headers.'); 268 269 promise_test(async t => { 270 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 271 'fallback'); 272 assert_equals(result.origin, CROSS_SITE.origin, 'origin header'); 273 assert_equals(result.referer, CROSS_SITE.href, 'referer header'); 274 }, 'POST Navigation, cross-site with fallback service worker sets correct ' + 275 'origin and referer headers.'); 276 277 promise_test(async t => { 278 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 279 'navpreload'); 280 assert_equals(result.origin, 'not set', 'origin header'); 281 assert_equals(result.referer, CROSS_SITE.href, 'referer header'); 282 }, 'GET Navigation, cross-site with navpreload service worker sets correct ' + 283 'origin and referer headers.'); 284 285 // There is no POST test for navpreload since the feature only supports GET 286 // requests. 287 288 promise_test(async t => { 289 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 290 'change-request'); 291 assert_equals(result.origin, 'not set', 'origin header'); 292 assert_equals(result.referer, script.href, 'referer header'); 293 }, 'GET Navigation, cross-site with service worker that changes the ' + 294 'request sets correct origin and referer headers.'); 295 296 promise_test(async t => { 297 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 298 'change-request'); 299 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 300 assert_equals(result.referer, script.href, 'referer header'); 301 }, 'POST Navigation, cross-site with service worker that changes the ' + 302 'request sets correct origin and referer headers.'); 303 304 // 305 // Origin and referer header tests using redirects 306 // 307 308 promise_test(async t => { 309 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 310 'no-sw', [SAME_SITE.hostname]); 311 assert_equals(result.origin, 'null', 'origin header'); 312 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 313 }, 'POST Navigation, same-origin with same-site redirect and no service worker ' + 314 'sets correct origin and referer headers.'); 315 316 promise_test(async t => { 317 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 318 'passthrough', [SAME_SITE.hostname]); 319 assert_equals(result.origin, 'null', 'origin header'); 320 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 321 }, 'POST Navigation, same-origin with same-site redirect and passthrough service ' + 322 'worker sets correct origin and referer headers.'); 323 324 promise_test(async t => { 325 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 326 'fallback', [SAME_SITE.hostname]); 327 assert_equals(result.origin, 'null', 'origin header'); 328 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 329 }, 'POST Navigation, same-origin with same-site redirect and fallback service ' + 330 'worker sets correct origin and referer headers.'); 331 332 // There is no navpreload case because it does not work with POST requests. 333 334 promise_test(async t => { 335 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 336 'change-request', [SAME_SITE.hostname]); 337 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 338 assert_equals(result.referer, script.href, 'referer header'); 339 }, 'POST Navigation, same-origin with same-site redirect and change-request service ' + 340 'worker sets correct origin and referer headers.'); 341 342 promise_test(async t => { 343 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 344 'no-sw', [CROSS_SITE.hostname]); 345 assert_equals(result.origin, 'null', 'origin header'); 346 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 347 }, 'POST Navigation, same-origin with cross-site redirect and no service worker ' + 348 'sets correct origin and referer headers.'); 349 350 promise_test(async t => { 351 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 352 'passthrough', [CROSS_SITE.hostname]); 353 assert_equals(result.origin, 'null', 'origin header'); 354 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 355 }, 'POST Navigation, same-origin with cross-site redirect and passthrough service ' + 356 'worker sets correct origin and referer headers.'); 357 358 promise_test(async t => { 359 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 360 'fallback', [CROSS_SITE.hostname]); 361 assert_equals(result.origin, 'null', 'origin header'); 362 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 363 }, 'POST Navigation, same-origin with cross-site redirect and fallback service ' + 364 'worker sets correct origin and referer headers.'); 365 366 // There is no navpreload case because it does not work with POST requests. 367 368 promise_test(async t => { 369 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 370 'change-request', [CROSS_SITE.hostname]); 371 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 372 assert_equals(result.referer, script.href, 'referer header'); 373 }, 'POST Navigation, same-origin with cross-site redirect and change-request service ' + 374 'worker sets correct origin and referer headers.'); 375 376 promise_test(async t => { 377 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 378 'no-sw', [CROSS_SITE.hostname, 379 SAME_ORIGIN.hostname]); 380 assert_equals(result.origin, 'null', 'origin header'); 381 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 382 }, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 383 'and no service worker sets correct origin and referer headers.'); 384 385 promise_test(async t => { 386 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 387 'passthrough', [CROSS_SITE.hostname, 388 SAME_ORIGIN.hostname]); 389 assert_equals(result.origin, 'null', 'origin header'); 390 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 391 }, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 392 'and passthrough service worker sets correct origin and referer headers.'); 393 394 promise_test(async t => { 395 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 396 'fallback', [CROSS_SITE.hostname, 397 SAME_ORIGIN.hostname]); 398 assert_equals(result.origin, 'null', 'origin header'); 399 assert_equals(result.referer, SAME_ORIGIN.href, 'referer header'); 400 }, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 401 'and fallback service worker sets correct origin and referer headers.'); 402 403 // There is no navpreload case because it does not work with POST requests. 404 405 promise_test(async t => { 406 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 407 'change-request', [CROSS_SITE.hostname, 408 SAME_ORIGIN.hostname]); 409 assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header'); 410 assert_equals(result.referer, script.href, 'referer header'); 411 }, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 412 'and change-request service worker sets correct origin and referer headers.'); 413 414 // 415 // Sec-Fetch-* Headers (separated since not all browsers implement them) 416 // 417 418 promise_test(async t => { 419 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 420 'no-sw'); 421 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 422 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 423 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 424 }, 'GET Navigation, same-origin with no service worker sets correct ' + 425 'sec-fetch headers.'); 426 427 promise_test(async t => { 428 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 429 'no-sw'); 430 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 431 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 432 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 433 }, 'POST Navigation, same-origin with no service worker sets correct ' + 434 'sec-fetch headers.'); 435 436 promise_test(async t => { 437 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 438 'passthrough'); 439 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 440 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 441 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 442 }, 'GET Navigation, same-origin with passthrough service worker sets correct ' + 443 'sec-fetch headers.'); 444 445 promise_test(async t => { 446 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 447 'passthrough'); 448 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 449 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 450 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 451 }, 'POST Navigation, same-origin with passthrough service worker sets correct ' + 452 'sec-fetch headers.'); 453 454 promise_test(async t => { 455 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 456 'fallback'); 457 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 458 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 459 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 460 }, 'GET Navigation, same-origin with fallback service worker sets correct ' + 461 'sec-fetch headers.'); 462 463 promise_test(async t => { 464 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 465 'fallback'); 466 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 467 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 468 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 469 }, 'POST Navigation, same-origin with fallback service worker sets correct ' + 470 'sec-fetch headers.'); 471 472 promise_test(async t => { 473 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 474 'navpreload'); 475 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 476 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 477 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 478 }, 'GET Navigation, same-origin with navpreload service worker sets correct ' + 479 'sec-fetch headers.'); 480 481 // There is no POST test for navpreload since the feature only supports GET 482 // requests. 483 484 promise_test(async t => { 485 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 486 'change-request'); 487 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 488 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 489 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 490 }, 'GET Navigation, same-origin with service worker that changes the ' + 491 'request sets correct sec-fetch headers.'); 492 493 promise_test(async t => { 494 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST', 495 'change-request'); 496 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 497 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 498 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 499 }, 'POST Navigation, same-origin with service worker that changes the ' + 500 'request sets correct sec-fetch headers.'); 501 502 promise_test(async t => { 503 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 504 'no-sw'); 505 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 506 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 507 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 508 }, 'GET Navigation, same-site with no service worker sets correct ' + 509 'sec-fetch headers.'); 510 511 promise_test(async t => { 512 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 513 'no-sw'); 514 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 515 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 516 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 517 }, 'POST Navigation, same-site with no service worker sets correct ' + 518 'sec-fetch headers.'); 519 520 promise_test(async t => { 521 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 522 'passthrough'); 523 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 524 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 525 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 526 }, 'GET Navigation, same-site with passthrough service worker sets correct ' + 527 'sec-fetch headers.'); 528 529 promise_test(async t => { 530 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 531 'passthrough'); 532 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 533 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 534 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 535 }, 'POST Navigation, same-site with passthrough service worker sets correct ' + 536 'sec-fetch headers.'); 537 538 promise_test(async t => { 539 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 540 'fallback'); 541 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 542 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 543 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 544 }, 'GET Navigation, same-site with fallback service worker sets correct ' + 545 'sec-fetch headers.'); 546 547 promise_test(async t => { 548 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 549 'fallback'); 550 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 551 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 552 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 553 }, 'POST Navigation, same-site with fallback service worker sets correct ' + 554 'sec-fetch headers.'); 555 556 promise_test(async t => { 557 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 558 'navpreload'); 559 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 560 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 561 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 562 }, 'GET Navigation, same-site with navpreload service worker sets correct ' + 563 'sec-fetch headers.'); 564 565 // There is no POST test for navpreload since the feature only supports GET 566 // requests. 567 568 promise_test(async t => { 569 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET', 570 'change-request'); 571 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 572 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 573 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 574 }, 'GET Navigation, same-site with service worker that changes the ' + 575 'request sets correct sec-fetch headers.'); 576 577 promise_test(async t => { 578 const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST', 579 'change-request'); 580 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 581 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 582 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 583 }, 'POST Navigation, same-site with service worker that changes the ' + 584 'request sets correct sec-fetch headers.'); 585 586 promise_test(async t => { 587 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 588 'no-sw'); 589 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 590 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 591 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 592 }, 'GET Navigation, cross-site with no service worker sets correct ' + 593 'sec-fetch headers.'); 594 595 promise_test(async t => { 596 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 597 'no-sw'); 598 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 599 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 600 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 601 }, 'POST Navigation, cross-site with no service worker sets correct ' + 602 'sec-fetch headers.'); 603 604 promise_test(async t => { 605 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 606 'passthrough'); 607 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 608 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 609 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 610 }, 'GET Navigation, cross-site with passthrough service worker sets correct ' + 611 'sec-fetch headers.'); 612 613 promise_test(async t => { 614 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 615 'passthrough'); 616 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 617 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 618 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 619 }, 'POST Navigation, cross-site with passthrough service worker sets correct ' + 620 'sec-fetch headers.'); 621 622 promise_test(async t => { 623 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 624 'fallback'); 625 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 626 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 627 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 628 }, 'GET Navigation, cross-site with fallback service worker sets correct ' + 629 'sec-fetch headers.'); 630 631 promise_test(async t => { 632 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 633 'fallback'); 634 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 635 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 636 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 637 }, 'POST Navigation, cross-site with fallback service worker sets correct ' + 638 'sec-fetch headers.'); 639 640 promise_test(async t => { 641 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 642 'navpreload'); 643 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 644 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 645 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 646 }, 'GET Navigation, cross-site with navpreload service worker sets correct ' + 647 'sec-fetch headers.'); 648 649 // There is no POST test for navpreload since the feature only supports GET 650 // requests. 651 652 promise_test(async t => { 653 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET', 654 'change-request'); 655 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 656 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 657 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 658 }, 'GET Navigation, cross-site with service worker that changes the ' + 659 'request sets correct sec-fetch headers.'); 660 661 promise_test(async t => { 662 const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST', 663 'change-request'); 664 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 665 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 666 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 667 }, 'POST Navigation, cross-site with service worker that changes the ' + 668 'request sets correct sec-fetch headers.'); 669 670 // 671 // Sec-Fetch-* header tests using redirects 672 // 673 674 promise_test(async t => { 675 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 676 'no-sw', [SAME_SITE.hostname]); 677 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 678 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 679 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 680 }, 'GET Navigation, same-origin with same-site redirect and no service worker ' + 681 'sets correct sec-fetch headers.'); 682 683 promise_test(async t => { 684 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 685 'passthrough', [SAME_SITE.hostname]); 686 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 687 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 688 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 689 }, 'GET Navigation, same-origin with same-site redirect and passthrough service ' + 690 'worker sets correct sec-fetch headers.'); 691 692 promise_test(async t => { 693 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 694 'fallback', [SAME_SITE.hostname]); 695 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 696 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 697 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 698 }, 'GET Navigation, same-origin with same-site redirect and fallback service ' + 699 'worker sets correct sec-fetch headers.'); 700 701 promise_test(async t => { 702 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 703 'navpreload', [SAME_SITE.hostname]); 704 assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header'); 705 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 706 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 707 }, 'GET Navigation, same-origin with same-site redirect and navpreload service ' + 708 'worker sets correct sec-fetch headers.'); 709 710 promise_test(async t => { 711 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 712 'change-request', [SAME_SITE.hostname]); 713 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 714 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 715 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 716 }, 'GET Navigation, same-origin with same-site redirect and change-request service ' + 717 'worker sets correct sec-fetch headers.'); 718 719 promise_test(async t => { 720 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 721 'no-sw', [CROSS_SITE.hostname]); 722 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 723 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 724 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 725 }, 'GET Navigation, same-origin with cross-site redirect and no service worker ' + 726 'sets correct sec-fetch headers.'); 727 728 promise_test(async t => { 729 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 730 'passthrough', [CROSS_SITE.hostname]); 731 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 732 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 733 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 734 }, 'GET Navigation, same-origin with cross-site redirect and passthrough service ' + 735 'worker sets correct sec-fetch headers.'); 736 737 promise_test(async t => { 738 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 739 'fallback', [CROSS_SITE.hostname]); 740 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 741 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 742 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 743 }, 'GET Navigation, same-origin with cross-site redirect and fallback service ' + 744 'worker sets correct sec-fetch headers.'); 745 746 promise_test(async t => { 747 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 748 'navpreload', [CROSS_SITE.hostname]); 749 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 750 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 751 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 752 }, 'GET Navigation, same-origin with cross-site redirect and navpreload service ' + 753 'worker sets correct sec-fetch headers.'); 754 755 promise_test(async t => { 756 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 757 'change-request', [CROSS_SITE.hostname]); 758 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 759 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 760 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 761 }, 'GET Navigation, same-origin with cross-site redirect and change-request service ' + 762 'worker sets correct sec-fetch headers.'); 763 764 promise_test(async t => { 765 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 766 'no-sw', [CROSS_SITE.hostname, 767 SAME_ORIGIN.hostname]); 768 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 769 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 770 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 771 }, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 772 'and no service worker sets correct sec-fetch headers.'); 773 774 promise_test(async t => { 775 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 776 'passthrough', [CROSS_SITE.hostname, 777 SAME_ORIGIN.hostname]); 778 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 779 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 780 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 781 }, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 782 'and passthrough service worker sets correct sec-fetch headers.'); 783 784 promise_test(async t => { 785 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 786 'fallback', [CROSS_SITE.hostname, 787 SAME_ORIGIN.hostname]); 788 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 789 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 790 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 791 }, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 792 'and fallback service worker sets correct sec-fetch headers.'); 793 794 promise_test(async t => { 795 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 796 'navpreload', [CROSS_SITE.hostname, 797 SAME_ORIGIN.hostname]); 798 assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header'); 799 assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header'); 800 assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header'); 801 }, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 802 'and navpreload service worker sets correct sec-fetch headers.'); 803 804 promise_test(async t => { 805 const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET', 806 'change-request', [CROSS_SITE.hostname, 807 SAME_ORIGIN.hostname]); 808 assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header'); 809 assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header'); 810 assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header'); 811 }, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' + 812 'and change-request service worker sets correct sec-fetch headers.'); 813 814 promise_test(async t => { 815 await registration.unregister(); 816 }, 'Cleanup service worker'); 817 818 </script> 819 </body>