user-pass.https.html (1895B)
1 <!DOCTYPE html> 2 <meta name="timeout" content="long"> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="/common/dispatcher/dispatcher.js"></script> 6 <script src="/common/utils.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 <script src="../resources/utils.js"></script> 9 <script src="resources/utils.sub.js"></script> 10 11 <meta name="variant" content="?cross-origin=true"> 12 <meta name="variant" content="?cross-origin=false"> 13 14 <script> 15 setup(() => assertSpeculationRulesIsSupported()); 16 17 let cross_origin = Object.fromEntries(new URLSearchParams(location.search))["cross-origin"] === "true"; 18 promise_test(async t => { 19 let executor = "authenticate.py"; 20 let credentials = { username: "user", password: "pass" }; 21 let agent = await spawnWindow(t, { executor, ...credentials }); 22 let request_credentials = await agent.getRequestCredentials(); 23 assert_equals(request_credentials.username, credentials.username); 24 assert_equals(request_credentials.password, credentials.password); 25 26 let host = cross_origin ? { hostname: get_host_info().NOTSAMESITE_HOST } : {}; 27 let nextUrl = agent.getExecutorURL({ page: 2, executor, ...host }); 28 await agent.forceSinglePrefetch(nextUrl); 29 await agent.navigate(nextUrl); 30 31 let requestHeaders = await agent.getRequestHeaders(); 32 request_credentials = await agent.getRequestCredentials(); 33 if (cross_origin) { 34 assert_equals(request_credentials.username, undefined); 35 assert_equals(request_credentials.password, undefined); 36 } 37 else { 38 assert_equals(request_credentials.username, credentials.username); 39 assert_equals(request_credentials.password, credentials.password); 40 } 41 assert_prefetched(requestHeaders); 42 }, "test www-authenticate basic does not forward credentials to cross-origin pages."); 43 </script>