mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 20:25:44 +00:00
Bug 1527560 [wpt PR 15348] - Implement Sec-Fetch-Mode
, a=testonly
Automatic update from web-platform-tests Implement `Sec-Fetch-Mode` This patch implements `Sec-Fetch-Mode`, which adds the current CORS mode to outgoing, secure requests, as defined in https://mikewest.github.io/sec-metadata/#sec-fetch-mode-header. Bug: 843478 Change-Id: I811bfa86bdac1600b8abdd275d9526f6408e62e2 Reviewed-on: https://chromium-review.googlesource.com/c/1466362 Reviewed-by: Camille Lamy <clamy@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#631651} -- wpt-commits: 86bfe06b7260f552913b3274c30377ce7e9968b8 wpt-pr: 15348
This commit is contained in:
parent
7ddbb7f9f3
commit
0193961a0b
@ -13,7 +13,7 @@
|
||||
let e = document.createElement('embed');
|
||||
e.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"embed", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"embed", "site":"same-origin", "user":"?F", "mode":"no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -32,7 +32,7 @@
|
||||
let e = document.createElement('embed');
|
||||
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"embed", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"embed", "site":"same-site", "user":"?F", "mode":"no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -51,7 +51,7 @@
|
||||
let e = document.createElement('embed');
|
||||
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"embed", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"embed", "site":"cross-site", "user":"?F", "mode":"no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
|
@ -3,6 +3,7 @@
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<script>
|
||||
// Site
|
||||
promise_test(t => {
|
||||
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
|
||||
.then(r => r.json())
|
||||
@ -10,7 +11,8 @@
|
||||
assert_header_equals(j, {
|
||||
"dest": "empty",
|
||||
"site": "same-origin",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "cors",
|
||||
});
|
||||
});
|
||||
}, "Same-origin fetch");
|
||||
@ -22,7 +24,8 @@
|
||||
assert_header_equals(j, {
|
||||
"dest": "empty",
|
||||
"site": "same-site",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "cors",
|
||||
});
|
||||
});
|
||||
}, "Same-site fetch");
|
||||
@ -34,8 +37,49 @@
|
||||
assert_header_equals(j, {
|
||||
"dest": "empty",
|
||||
"site": "cross-site",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "cors",
|
||||
});
|
||||
});
|
||||
}, "Cross-site fetch");
|
||||
|
||||
// Mode
|
||||
promise_test(t => {
|
||||
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py", {mode: "same-origin"})
|
||||
.then(r => r.json())
|
||||
.then(j => {
|
||||
assert_header_equals(j, {
|
||||
"dest": "empty",
|
||||
"site": "same-origin",
|
||||
"user": "?F",
|
||||
"mode": "same-origin",
|
||||
});
|
||||
});
|
||||
}, "Same-origin mode");
|
||||
|
||||
promise_test(t => {
|
||||
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py", {mode: "cors"})
|
||||
.then(r => r.json())
|
||||
.then(j => {
|
||||
assert_header_equals(j, {
|
||||
"dest": "empty",
|
||||
"site": "same-origin",
|
||||
"user": "?F",
|
||||
"mode": "cors",
|
||||
});
|
||||
});
|
||||
}, "CORS mode");
|
||||
|
||||
promise_test(t => {
|
||||
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py", {mode: "no-cors"})
|
||||
.then(r => r.json())
|
||||
.then(j => {
|
||||
assert_header_equals(j, {
|
||||
"dest": "empty",
|
||||
"site": "same-origin",
|
||||
"user": "?F",
|
||||
"mode": "no-cors",
|
||||
});
|
||||
});
|
||||
}, "no-CORS mode");
|
||||
</script>
|
||||
|
@ -46,7 +46,7 @@
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "font-same-origin";
|
||||
let expected = {"dest":"font", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"font", "site":"same-origin", "user":"?F", "mode": "cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -58,7 +58,7 @@
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "font-same-site";
|
||||
let expected = {"dest":"font", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"font", "site":"same-site", "user":"?F", "mode": "cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -70,7 +70,7 @@
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "font-cross-site";
|
||||
let expected = {"dest":"font", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"font", "site":"cross-site", "user":"?F", "mode": "cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
|
@ -14,7 +14,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "nested-document",
|
||||
"site": "same-origin",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "navigate"
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -32,7 +33,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "nested-document",
|
||||
"site": "same-site",
|
||||
"user": "?F"
|
||||
"user": "?F",
|
||||
"mode": "navigate"
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -50,7 +52,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "nested-document",
|
||||
"site": "cross-site",
|
||||
"user": "?F"
|
||||
"user": "?F",
|
||||
"mode": "navigate"
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
|
@ -14,7 +14,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "",
|
||||
"site": "",
|
||||
"user": ""
|
||||
"user": "",
|
||||
"mode": "",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -32,7 +33,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "",
|
||||
"site": "",
|
||||
"user": ""
|
||||
"user": "",
|
||||
"mode": "",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -50,7 +52,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "",
|
||||
"site": "",
|
||||
"user": ""
|
||||
"user": "",
|
||||
"mode": "",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
|
@ -21,7 +21,8 @@
|
||||
assert_header_equals(got, {
|
||||
"dest": "image",
|
||||
"site": "same-origin",
|
||||
"user": "?F"
|
||||
"user": "?F",
|
||||
"mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
|
||||
});
|
||||
}),
|
||||
[],
|
||||
@ -42,7 +43,8 @@
|
||||
assert_header_equals(got, {
|
||||
"dest": "image",
|
||||
"site": "same-site",
|
||||
"user": "?F"
|
||||
"user": "?F",
|
||||
"mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
|
||||
});
|
||||
}),
|
||||
[],
|
||||
@ -63,7 +65,8 @@
|
||||
assert_header_equals(got, {
|
||||
"dest": "image",
|
||||
"site": "cross-site",
|
||||
"user": "?F"
|
||||
"user": "?F",
|
||||
"mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
|
||||
});
|
||||
}),
|
||||
[],
|
||||
|
@ -13,7 +13,7 @@
|
||||
let e = document.createElement('object');
|
||||
e.data = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"object", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"object", "site":"same-origin", "user":"?F", "mode":"no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -32,7 +32,7 @@
|
||||
let e = document.createElement('object');
|
||||
e.data = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"object", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"object", "site":"same-site", "user":"?F", "mode":"no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -51,7 +51,7 @@
|
||||
let e = document.createElement('object');
|
||||
e.data = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"object", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"object", "site":"cross-site", "user":"?F", "mode":"no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
|
@ -12,7 +12,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
@ -38,7 +38,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
@ -64,7 +64,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
|
@ -14,7 +14,7 @@ promise_test(t => {
|
||||
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
|
||||
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// cross-site
|
||||
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
|
@ -14,7 +14,7 @@ promise_test(t => {
|
||||
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
|
||||
"https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-site
|
||||
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
|
@ -12,7 +12,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"same-origin", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
@ -39,7 +39,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
@ -66,7 +66,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
|
@ -12,7 +12,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
@ -39,7 +39,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
@ -66,7 +66,7 @@ promise_test(t => {
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
|
@ -22,9 +22,9 @@
|
||||
document.addEventListener("securitypolicyviolation", (e) => {
|
||||
counter++;
|
||||
if (counter == 3) {
|
||||
generate_test({"dest":"report", "site":"same-origin", "user":"?F"}, "same-origin");
|
||||
generate_test({"dest":"report", "site":"same-site", "user":"?F"}, "same-site");
|
||||
generate_test({"dest":"report", "site":"cross-site", "user":"?F"}, "cross-site");
|
||||
generate_test({"dest":"report", "site":"same-origin", "user":"?F", "mode": "no-cors"}, "same-origin");
|
||||
generate_test({"dest":"report", "site":"same-site", "user":"?F", "mode": "no-cors"}, "same-site");
|
||||
generate_test({"dest":"report", "site":"cross-site", "user":"?F", "mode": "no-cors"}, "cross-site");
|
||||
}
|
||||
});
|
||||
}, "Initialization.");
|
||||
|
@ -4,8 +4,7 @@ function assert_header_equals(value, expected) {
|
||||
value = JSON.parse(value);
|
||||
}
|
||||
assert_equals(value.dest, expected.dest, "dest");
|
||||
// Mode is commented out as no test cases have been filled out yet
|
||||
// assert_equals(value.mode, expected.mode, "mode");
|
||||
assert_equals(value.mode, expected.mode, "mode");
|
||||
assert_equals(value.site, expected.site, "site");
|
||||
assert_equals(value.user, expected.user, "user");
|
||||
}
|
||||
|
@ -12,7 +12,8 @@
|
||||
assert_header_equals(header, {
|
||||
"dest": "script",
|
||||
"site": "same-origin",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "no-cors",
|
||||
});
|
||||
}, "Same-origin script");
|
||||
</script>
|
||||
@ -26,7 +27,8 @@
|
||||
assert_header_equals(header, {
|
||||
"dest": "script",
|
||||
"site": "same-site",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "no-cors",
|
||||
});
|
||||
}, "Same-site script");
|
||||
</script>
|
||||
@ -40,7 +42,23 @@
|
||||
assert_header_equals(header, {
|
||||
"dest": "script",
|
||||
"site": "cross-site",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "no-cors",
|
||||
});
|
||||
}, "Cross-site script");
|
||||
</script>
|
||||
|
||||
<!-- Same-origin script, CORS mode -->
|
||||
<script src="https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-script.py" crossorigin="anonymous"></script>
|
||||
<script>
|
||||
test(t => {
|
||||
t.add_cleanup(_ => { header = null; });
|
||||
|
||||
assert_header_equals(header, {
|
||||
"dest": "script",
|
||||
"site": "same-origin",
|
||||
"user": "?F",
|
||||
"mode": "cors",
|
||||
});
|
||||
}, "Same-origin CORS script");
|
||||
</script>
|
||||
|
@ -12,7 +12,8 @@
|
||||
assert_header_equals(header, {
|
||||
"dest": "",
|
||||
"site": "",
|
||||
"user": ""
|
||||
"user": "",
|
||||
"mode": "",
|
||||
});
|
||||
}, "Non-secure same-origin script => No headers");
|
||||
</script>
|
||||
@ -26,7 +27,8 @@
|
||||
assert_header_equals(header, {
|
||||
"dest": "",
|
||||
"site": "",
|
||||
"user": ""
|
||||
"user": "",
|
||||
"mode": "",
|
||||
});
|
||||
}, "Non-secure same-site script => No headers");
|
||||
</script>
|
||||
@ -40,7 +42,8 @@
|
||||
assert_header_equals(header, {
|
||||
"dest": "",
|
||||
"site": "",
|
||||
"user": ""
|
||||
"user": "",
|
||||
"mode": "",
|
||||
});
|
||||
}, "Non-secure cross-site script => No headers");
|
||||
</script>
|
||||
|
@ -35,7 +35,7 @@
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "serviceworker-same-origin";
|
||||
let expected = {"dest":"serviceworker", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"serviceworker", "site":"same-origin", "user":"?F", "mode": "same-origin"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
|
@ -26,7 +26,7 @@
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "sharedworker-same-origin";
|
||||
let expected = {"dest":"sharedworker", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"sharedworker", "site":"same-origin", "user":"?F", "mode": "same-origin"};
|
||||
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
|
@ -14,7 +14,7 @@
|
||||
e.rel = "stylesheet";
|
||||
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"style", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"style", "site":"same-origin", "user":"?F", "mode": "no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -34,7 +34,7 @@
|
||||
e.rel = "stylesheet";
|
||||
e.href = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"style", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"style", "site":"same-site", "user":"?F", "mode": "no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -54,7 +54,7 @@
|
||||
e.rel = "stylesheet";
|
||||
e.href = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"style", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"style", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -65,6 +65,27 @@
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Cross-Site style");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "style-same-origin";
|
||||
|
||||
let e = document.createElement('link');
|
||||
e.rel = "stylesheet";
|
||||
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.crossOrigin = "anonymous";
|
||||
e.onload = e => {
|
||||
let expected = {"dest":"style", "site":"same-origin", "user":"?F", "mode": "cors"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Origin, cors style");
|
||||
</script>
|
||||
</html>
|
||||
|
||||
|
@ -29,7 +29,12 @@
|
||||
let el = createTrack();
|
||||
el.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-same-origin";
|
||||
el.onload = t.step_func(_ => {
|
||||
expected = {"dest":"track", "site":"same-origin", "user":"?F"};
|
||||
expected = {
|
||||
"dest": "track",
|
||||
"site": "same-origin",
|
||||
"user": "?F",
|
||||
"mode": "cors" // Because the `video` element has `crossorigin`
|
||||
};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=track-same-origin")
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -46,7 +51,12 @@
|
||||
let el = createTrack();
|
||||
el.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-same-site";
|
||||
el.onload = t.step_func(_ => {
|
||||
expected = {"dest":"track", "site":"same-site", "user":"?F"};
|
||||
expected = {
|
||||
"dest": "track",
|
||||
"site": "same-site",
|
||||
"user": "?F",
|
||||
"mode": "cors" // Because the `video` element has `crossorigin`
|
||||
};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=track-same-site")
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -65,7 +75,12 @@
|
||||
let el = createTrack();
|
||||
el.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-cross-site";
|
||||
el.onload = t.step_func(_ => {
|
||||
expected = {"dest":"track", "site":"cross-site", "user":"?F"};
|
||||
expected = {
|
||||
"dest": "track",
|
||||
"site": "cross-site",
|
||||
"user": "?F",
|
||||
"mode": "cors" // Because the `video` element has `crossorigin`
|
||||
};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=track-cross-site")
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
@ -76,4 +91,30 @@
|
||||
document.body.appendChild(video);
|
||||
});
|
||||
}, "Cross-Site track");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let video = createVideoElement();
|
||||
|
||||
// Unset `crossorigin` to change the CORS mode:
|
||||
video.crossOrigin = undefined;
|
||||
|
||||
let el = createTrack();
|
||||
el.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-same-origin";
|
||||
el.onload = t.step_func(_ => {
|
||||
expected = {
|
||||
"dest":"track",
|
||||
"site":"same-origin",
|
||||
"user":"?F",
|
||||
"mode": "same-origin"
|
||||
};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=track-same-origin")
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve());
|
||||
});
|
||||
video.appendChild(el);
|
||||
document.body.appendChild(video);
|
||||
});
|
||||
}, "Same-Origin, CORS track");
|
||||
</script>
|
||||
|
@ -17,7 +17,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "document",
|
||||
"site": "same-origin",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "navigate",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -33,7 +34,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "document",
|
||||
"site": "same-site",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "navigate",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -49,7 +51,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "document",
|
||||
"site": "cross-site",
|
||||
"user":"?F"
|
||||
"user": "?F",
|
||||
"mode": "navigate",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -68,7 +71,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "document",
|
||||
"site": "same-origin",
|
||||
"user": "?T"
|
||||
"user": "?T",
|
||||
"mode": "navigate",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -89,7 +93,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "document",
|
||||
"site": "same-site",
|
||||
"user": "?T"
|
||||
"user": "?T",
|
||||
"mode": "navigate",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
@ -110,7 +115,8 @@
|
||||
assert_header_equals(e.data, {
|
||||
"dest": "document",
|
||||
"site": "cross-site",
|
||||
"user": "?T"
|
||||
"user": "?T",
|
||||
"mode": "navigate",
|
||||
});
|
||||
t.done();
|
||||
}));
|
||||
|
@ -10,7 +10,7 @@
|
||||
let key = "worker-same-origin";
|
||||
let w = new Worker("/fetch/sec-metadata/resources/record-header.py?file=" + key);
|
||||
w.onmessage = e => {
|
||||
let expected = {"dest":"worker", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"worker", "site":"same-origin", "user":"?F", "mode": "same-origin"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
|
@ -12,21 +12,21 @@
|
||||
return;
|
||||
|
||||
promise_test(t => {
|
||||
let expected = {"dest":"xslt", "site":"same-origin", "user":"?F"};
|
||||
let expected = {"dest":"xslt", "site":"same-origin", "user":"?F", "mode": "same-origin"};
|
||||
return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-same-origin")
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected));
|
||||
}, "Same-Origin xslt");
|
||||
|
||||
promise_test(t => {
|
||||
let expected = {"dest":"xslt", "site":"same-site", "user":"?F"};
|
||||
let expected = {"dest":"xslt", "site":"same-site", "user":"?F", "mode": "no-cors"};
|
||||
return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-same-site")
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected));
|
||||
}, "Same-site xslt");
|
||||
|
||||
promise_test(t => {
|
||||
let expected = {"dest":"xslt", "site":"cross-site", "user":"?F"};
|
||||
let expected = {"dest":"xslt", "site":"cross-site", "user":"?F", "mode": "no-cors"};
|
||||
return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-cross-site")
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected));
|
||||
|
Loading…
Reference in New Issue
Block a user