shared-storage-writable-forbidden-header-tentative.https.html (2219B)
1 <!doctype html> 2 <body> 3 <script src=/resources/testharness.js></script> 4 <script src=/resources/testharnessreport.js></script> 5 <script src=/common/utils.js></script> 6 <script src=/fenced-frame/resources/utils.js></script> 7 <script src=/shared-storage/resources/util.js></script> 8 <script> 9 'use strict'; 10 const rawSetHeader = 'set;key=hello;value=world'; 11 const setHeader = encodeURIComponent(rawSetHeader); 12 const sameOriginUrl = 13 `/shared-storage/resources/shared-storage-write.py?write=${setHeader}`; 14 const sameOrigin = generateURL(sameOriginUrl, []).origin; 15 16 promise_test(async t => { 17 const request = new Request(sameOriginUrl, 18 { 19 headers: { 20 'Sec-Shared-Storage-Writable': '?1' 21 } 22 }); 23 assert_equals(request.mode, 'cors'); 24 let response = await fetch(request); 25 let sharedStorageWritableHeader = await response.text(); 26 assert_equals(sharedStorageWritableHeader, 27 "NO_SHARED_STORAGE_WRITABLE_HEADER"); 28 await verifyKeyNotFoundForOrigin('hello', sameOrigin); 29 }, 'The \'Sec-Shared-Storage-Writable\' header cannot successfully be ' 30 + 'added directly via a JS fetch request with mode cors.'); 31 32 promise_test(async t => { 33 const request = new Request(sameOriginUrl, 34 { 35 headers: { 36 'Sec-Shared-Storage-Writable': '?1' 37 }, 38 mode: 'no-cors' 39 }); 40 assert_equals(request.mode, 'no-cors'); 41 let response = await fetch(request); 42 let sharedStorageWritableHeader = await response.text(); 43 assert_equals(sharedStorageWritableHeader, 44 "NO_SHARED_STORAGE_WRITABLE_HEADER"); 45 await verifyKeyNotFoundForOrigin('hello', sameOrigin); 46 }, 'The \'Sec-Shared-Storage-Writable\' header cannot successfully be ' 47 + 'added directly via a JS fetch request with mode no-cors.'); 48 </script> 49 </body>