Bug 1799993 [wpt PR 36898] - [FedCM] Send Origin header instead of Referrer header, a=testonly

Automatic update from web-platform-tests [FedCM] Send Origin header instead of Referrer header BUG=1381227 Change-Id: Ifa2c3a74a05568d9f01c56c9e08703235891a02a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4018494 Reviewed-by: Christian Biesinger <cbiesinger@chromium.org> Commit-Queue: Peter Kotwicz <pkotwicz@chromium.org> Cr-Commit-Position: refs/heads/main@{#1079580} -- wpt-commits: 46ae826297fa947bcc2c062369ca0d8b0946ddc5 wpt-pr: 36898
2025-02-26 12:20:56 +00:00 · 2022-12-07 14:18:08 +00:00 · 2022-12-07 14:18:08 +00:00 · 0c4d83b980
commit 0c4d83b980
parent 617268e6a3
5 changed files with 17 additions and 7 deletions
--- a/testing/web-platform/tests/.well-known/web-identity
+++ b/testing/web-platform/tests/.well-known/web-identity
@ -23,6 +23,8 @@ def main(request, response):
    return (532, [], "Wrong Sec-Fetch-Dest header")
  if request.headers.get(b"Referer"):
    return (533, [], "Should not have Referer")
+  if request.headers.get(b"Origin"):
+    return (534, [], "Should not have Origin")

  return """
 {{
--- a/testing/web-platform/tests/credential-management/support/fedcm/accounts.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/accounts.py
@ -7,6 +7,8 @@ def main(request, response):
    return (532, [], "Wrong Sec-Fetch-Dest header")
  if request.headers.get(b"Referer"):
    return (533, [], "Should not have Referer")
+  if request.headers.get(b"Origin"):
+    return (534, [], "Should not have Origin")

  return """
 {
--- a/testing/web-platform/tests/credential-management/support/fedcm/client_metadata.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/client_metadata.py
@ -10,8 +10,10 @@ def main(request, response):
      return (531, [], "Wrong Accept")
    if request.headers.get(b"Sec-Fetch-Dest") != b"webidentity":
      return (532, [], "Wrong Sec-Fetch-Dest header")
-    if not request.headers.get(b"Referer"):
-      return (533, [], "Missing Referer")
+    if request.headers.get(b"Referer"):
+      return (533, [], "Should not have Referer")
+    if not request.headers.get(b"Origin"):
+      return (534, [], "Missing Origin")

  counter = request.server.stash.take(keys.CLIENT_METADATA_COUNTER_KEY)
  try:
--- a/testing/web-platform/tests/credential-management/support/fedcm/manifest.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest.py
@ -7,6 +7,8 @@ def main(request, response):
    return (532, [], "Wrong Sec-Fetch-Dest header")
  if request.headers.get(b"Referer"):
    return (533, [], "Should not have Referer")
+  if request.headers.get(b"Origin"):
+    return (534, [], "Should not have Origin")

  return """
 {
--- a/testing/web-platform/tests/credential-management/support/fedcm/token.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token.py
@ -9,14 +9,16 @@ def main(request, response):
    return (533, [], "Wrong Accept")
  if request.headers.get(b"Sec-Fetch-Dest") != b"webidentity":
    return (500, [], "Wrong Sec-Fetch-Dest header")
-  if not request.headers.get(b"Referer"):
-    return (534, [], "Missing Referer")
+  if request.headers.get(b"Referer"):
+    return (534, [], "Should not have Referer")
+  if not request.headers.get(b"Origin"):
+    return (535, [], "Missing Origin")

  if not request.POST.get(b"client_id"):
-    return (535, [], "Missing 'client_id' POST parameter")
+    return (536, [], "Missing 'client_id' POST parameter")
  if not request.POST.get(b"account_id"):
-    return (536, [], "Missing 'account_id' POST parameter")
+    return (537, [], "Missing 'account_id' POST parameter")
  if not request.POST.get(b"disclosure_text_shown"):
-    return (537, [], "Missing 'disclosure_text_shown' POST parameter")
+    return (538, [], "Missing 'disclosure_text_shown' POST parameter")

  return "{\"token\": \"token\"}"