Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 07:15:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1487339 [wpt PR 12754] - Refactored usage of XHR, added error handling., a=testonly

Browse Source 
Automatic update from web-platform-testsRefactored usage of XHR, added error handling.

- Added error handling as suggested in https://github.com/web-platform-tests/wpt/pull/12162
- changed XHR calls to FetchAPI
- changed async tests to Promise tests
- corrected the existing redirect tests and reported bug: crbug/872285
- removed Same-Site and Cross-Origin XSLT tests as they seemed to fail because loading
    cross origin xslt is not supported "Unsafe attempt to load URL from frame"
    (No idea why they passed before)
- added two test cases for multiple redirects. The idea is that the Sec-Metadata header
    should be "downgraded" to less secure and should carry the value to the end.
    If a cross-origin domain controls a redirect at any point of the redirect chain,
    then the final requests are potentially influenced by the attacker.
    - (Same-Origin -> Cross-Site -> Same-Origin -> Same-Origin) -> site=cross-site
    - (Same-Origin -> Same-Site -> Same-Origin -> Same-Origin) -> site=same-site

Change-Id: I591af1948cc1f16e3b5c44f51020149e43fc2746
Reviewed-on: https://chromium-review.googlesource.com/1193953
Commit-Queue: Maciek Trzos <mtrzos@google.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#587556}

--

wpt-commits: 241cb914b6eae52ce48ad26df7d5b8c2e7088613
wpt-pr: 12754
This commit is contained in:
Maciek Trzos 2018-09-04 18:32:34 +00:00 committed by moz-wptsync-bot
parent b51b35a327
commit bd76acd420
22 changed files with 490 additions and 504 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
testing/web-platform/meta/MANIFEST.json
View File

@ -353517,57 +353517,33 @@
{}
]
],
"fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html": [
"fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html",
"/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html": [
"fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html",
"/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html": [
"fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html",
"/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html": [
"fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html",
"/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html": [
"fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html",
{}
]
],
"fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html": [
[
"/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html",
"/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html",
{}
]
],
@ -590273,7 +590249,7 @@
"testharness"
],
"fetch/sec-metadata/font.tentative.https.sub.html": [
"65432b5bacf3bddf8d5cbaad74bdbaf5e63fb44e",
"0a75531c405fc6db3320caec5567bec1ac38c763",
"testharness"
],
"fetch/sec-metadata/iframe.tentative.https.sub.html": [
@ -590288,40 +590264,24 @@
"e1ac53157e023a9c6bc4806feda2e782ef4eefa5",
"testharness"
],
"fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html": [
"e25fd3f61d5487de6026a0204f107201f491afad",
"fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html": [
"9f497a9b62b80da4eff2e35220c1d6317e0e2817",
"testharness"
],
"fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html": [
"ac5982d8956c96cd638c2464ec9f8cce3f7e3a34",
"fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html": [
"fdd8733ba6d682b1f6b55fb4e3738d03a1fbbb50",
"testharness"
],
"fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html": [
"5b3b965f5e96d75f93796e55e77cfac94de18a52",
"fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html": [
"8fdc943f4c96c0616778c3316587f3cc598606eb",
"testharness"
],
"fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html": [
"ea6b167673f5e64396db4690abde56253e8af914",
"fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html": [
"dea71c3f67dca694e05f3c00db1d2d7aea5f3744",
"testharness"
],
"fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html": [
"430990a57c48b858fdc509653c0b689abcedcc6d",
"testharness"
],
"fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html": [
"591cf67d18111592a5e696e346371a88770bdb32",
"testharness"
],
"fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html": [
"8592d02c269b6afc4193f4323238b68d8fc26979",
"testharness"
],
"fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html": [
"191dbaa7f77a3ac569b37e95e2db9f2ac4985a3e",
"testharness"
],
"fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html": [
"11d60473981cf056ebc56b15905f27c070dad9c8",
"fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html": [
"a71163a1bfcb09196083dd1a38f4a6863f46eca8",
"testharness"
],
"fetch/sec-metadata/report.tentative.https.sub.html": [
@ -590345,15 +590305,15 @@
"support"
],
"fetch/sec-metadata/resources/helper.js": [
"cbd96d06863427f34d75d0621839bcfe76c7ad96",
"55e36d49fac39e814e10df1629e8b8fec0c8ebef",
"support"
],
"fetch/sec-metadata/resources/post-to-owner.py": [
"fe08cd1cbcaa4585fb3be0ce0ee33e7d75759129",
"5472aa5b47e424bb6590d6c757df635eb4b6dd1f",
"support"
],
"fetch/sec-metadata/resources/record-header.py": [
"06157e4cd8bd35e54b99c04f09a995185ba5686c",
"4c30d1e52ac8bfb24c890f790df154ea17947043",
"support"
],
"fetch/sec-metadata/resources/sharedWorker.js": [
@ -590369,15 +590329,15 @@
"testharness"
],
"fetch/sec-metadata/serviceworker.tentative.https.sub.html": [
"9d1fe2a3449da49b3b4e167f74e63e815ef5cf6c",
"cefabb20aaa40c91f5d90d180f52d596086a55cd",
"testharness"
],
"fetch/sec-metadata/sharedworker.tentative.https.sub.html": [
"aa118e04239691f5488c4d62f3f1cf0ae59e8f1d",
"09017ccbb3a2b1b878d15e4199d59cad29a2277a",
"testharness"
],
"fetch/sec-metadata/style.tentative.https.sub.html": [
"78fac567b43f3c48c81897b44237d820a6209d8a",
"609d5764f08ca5b3242692f4bdd94f2b364481b3",
"testharness"
],
"fetch/sec-metadata/track.tentative.https.sub.html": [

96
testing/web-platform/tests/fetch/sec-metadata/font.tentative.https.sub.html
View File

@ -1,5 +1,5 @@
<!DOCTYPE html>
<html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
@ -43,62 +43,42 @@
</body>
<script>
document.fonts.ready.then(function () {
test_same_origin();
test_same_site();
test_cross_site();
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-origin";
let expected = {"destination":"font", "site":"same-origin"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
});
}, "Same-Origin font");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-site";
let expected = {"destination":"font", "site":"same-site"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
});
}, "Same-Site font");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-cross-site";
let expected = {"destination":"font", "site":"cross-site"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
});
}, "Cross-Site font");
});
function test_same_origin(){
var same_origin_test = async_test("Same-Origin font");
same_origin_test.step(function () {
key = "font-same-origin";
expected_same_origin = {"destination":"font", "site":"same-origin"};
// Requests from the server the saved value of the Sec-Metadata header
same_origin_xhr = new XMLHttpRequest();
same_origin_xhr.open("PUT", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
});
same_origin_xhr.send();
});
}
function test_same_site(){
var same_site_test = async_test("Same-Site font");
same_site_test.step(function () {
key = "font-same-site";
expected_same_site = {"destination":"font", "site":"same-site"};
// Requests from the server the saved value of the Sec-Metadata header
same_site_xhr = new XMLHttpRequest();
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
verify_response(same_site_xhr, same_site_test, expected_same_site)
});
same_site_xhr.send();
});
}
function test_cross_site(){
var cross_site_test = async_test("Cross-Site font");
cross_site_test.step(function () {
key = "font-cross-site";
expected_cross_site = {"destination":"font", "site":"cross-site"};
// Requests from the server the saved value of the Sec-Metadata header
cross_site_xhr = new XMLHttpRequest();
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
});
cross_site_xhr.send();
});
}
</script>
</html>

86
testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html Normal file
View File

@ -0,0 +1,86 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body></body>
<script>
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-cross-site-same-origin";
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Cross-Site -> Same-Origin redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-cross-site-same-site";
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Cross-Site -> Same-Site redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-cross-site-cross-site";
let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Cross-Site -> Cross-Site redirect");
</script>

30
testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html
View File

@ -1,30 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Cross-Site -> Cross-Site -->
<img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-cross-site"></img>
</body>
<script>
function test_cross_site(){
var cross_site_test = async_test("Cross-Site -> Cross-Site redirect");
cross_site_test.step(function () {
filename = "redirect-cross-site-cross-site";
expected_cross_site = {"destination":"image", "site":"cross-site"};
// Requests from the server the saved value of the Sec-Metadata header
cross_site_xhr = new XMLHttpRequest();
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
// Async test step triggered when the response is loaded
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
});
cross_site_xhr.send();
});
}
</script>

31
testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html
View File

@ -1,31 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Cross-Site -> Same-Origin -->
<img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-same-origin"></img>
</body>
<script>
function test_same_origin(){
var same_origin_test = async_test("Cross-Site -> Same-Origin redirect");
same_origin_test.step(function () {
filename = "redirect-cross-site-same-origin";
expected_same_origin = {"destination":"image", "site":"cross-site"};
// Requests from the server the saved value of the Sec-Metadata header
same_origin_xhr = new XMLHttpRequest();
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
// Async test step triggered when the response is loaded
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
});
same_origin_xhr.send();
});
}
</script>

30
testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html
View File

@ -1,30 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Cross-Site -> Same-Site -->
<img onload="test_same_site()" onerror="test_same_site()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-same-site"></img>
</body>
<script>
function test_same_site(){
var same_site_test = async_test("Cross-Site -> Same-Site redirect");
same_site_test.step(function () {
filename = "redirect-cross-site-same-site";
expected_same_site = {"destination":"image", "site":"cross-site"};
// Requests from the server the saved value of the Sec-Metadata header
same_site_xhr = new XMLHttpRequest();
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
// Async test step triggered when the response is loaded
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
verify_response(same_site_xhr, same_site_test, expected_same_site)
});
same_site_xhr.send();
});
}
</script>

37
testing/web-platform/tests/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html Normal file
View File

@ -0,0 +1,37 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body></body>
<script>
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-multiple-cross-site";
let e = document.createElement('img');
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// cross-site
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
let expected = {"destination":"image", "site":"cross-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Origin -> Cross-Site -> Same-Origin redirect");
</script>

37
testing/web-platform/tests/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html Normal file
View File

@ -0,0 +1,37 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body></body>
<script>
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-multiple-same-site";
let e = document.createElement('img');
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-site
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
let expected = {"destination":"image", "site":"same-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Origin -> Same-Site -> Same-Origin redirect");
</script>

89
testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html Normal file
View File

@ -0,0 +1,89 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body></body>
<script>
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-origin-same-origin";
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-origin"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Origin -> Same-Origin redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-origin-same-site";
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Origin -> Same-Site redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-origin-cross-site";
let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Origin -> Cross-Site redirect");
</script>

30
testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html
View File

@ -1,30 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Same-Origin -> Cross-Site -->
<img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-cross-site"></img>
</body>
<script>
function test_cross_site(){
var cross_site_test = async_test("Same-Origin -> Cross-Site redirect");
cross_site_test.step(function () {
filename = "redirect-same-origin-cross-site";
expected_cross_site = {"destination":"image", "site":"same-origin"};
// Requests from the server the saved value of the Sec-Metadata header
cross_site_xhr = new XMLHttpRequest();
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
// Async test step triggered when the response is loaded
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
});
cross_site_xhr.send();
});
}
</script>

31
testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html
View File

@ -1,31 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Same-Origin -> Same-Origin -->
<img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-same-origin"></img>
</body>
<script>
function test_same_origin(){
var same_origin_test = async_test("Same-Origin -> Same-Origin redirect");
same_origin_test.step(function () {
filename = "redirect-same-origin-same-origin";
expected_same_origin = {"destination":"image", "site":"same-origin"};
// Requests from the server the saved value of the Sec-Metadata header
same_origin_xhr = new XMLHttpRequest();
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
// Async test step triggered when the response is loaded
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
});
same_origin_xhr.send();
});
}
</script>

31
testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html
View File

@ -1,31 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Same-Origin -> Same-Site -->
<img onload="test_same_site()" onerror="test_same_site()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-same-site"></img>
</body>
<script>
function test_same_site(){
var same_site_test = async_test("Same-Origin -> Same-Site redirect");
same_site_test.step(function () {
filename = "redirect-same-origin-same-site";
expected_same_site = {"destination":"image", "site":"same-origin"};
// Requests from the server the saved value of the Sec-Metadata header
same_site_xhr = new XMLHttpRequest();
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
// Async test step triggered when the response is loaded
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
verify_response(same_site_xhr, same_site_test, expected_same_site)
});
same_site_xhr.send();
});
}
</script>

89
testing/web-platform/tests/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html Normal file
View File

@ -0,0 +1,89 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body></body>
<script>
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-site-same-origin";
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Site -> Same-Origin redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-site-same-site";
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Site -> Same-Site redirect");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "redirect-same-site-cross-site";
let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
e.onerror = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
})
}, "Same-Site -> Cross-Site redirect");
</script>

31
testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html
View File

@ -1,31 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Same-Site -> Cross-Site -->
<img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-cross-site"></img>
</body>
<script>
function test_cross_site(){
var cross_site_test = async_test("Same-Site -> Cross-Site redirect");
cross_site_test.step(function () {
key = "redirect-same-site-cross-site";
expected_cross_site = {"destination":"image", "site":"same-site"};
// Requests from the server the saved value of the Sec-Metadata header
cross_site_xhr = new XMLHttpRequest();
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
});
cross_site_xhr.send();
});
}
</script>

31
testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html
View File

@ -1,31 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Same-Site -> Same-Origin -->
<img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-same-origin"></img>
</body>
<script>
function test_same_origin(){
var same_origin_test = async_test("Same-Site -> Same-Origin redirect");
same_origin_test.step(function () {
key = "redirect-same-site-same-origin";
expected_same_origin = {"destination":"image", "site":"same-site"};
// Requests from the server the saved value of the Sec-Metadata header
same_origin_xhr = new XMLHttpRequest();
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
});
same_origin_xhr.send();
});
}
</script>

31
testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html
View File

@ -1,31 +0,0 @@
<!DOCTYPE html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body>
<!-- redirect Same-Site -> Same-Site -->
<img onload="test_same_site()" onerror="test_same_site()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-same-site"></img>
</body>
<script>
function test_same_site(){
var same_site_test = async_test("Same-Site -> Same-Site redirect");
same_site_test.step(function () {
key = "redirect-same-site-same-site";
expected_same_site = {"destination":"image", "site":"same-site"};
// Requests from the server the saved value of the Sec-Metadata header
same_site_xhr = new XMLHttpRequest();
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
verify_response(same_site_xhr, same_site_test, expected_same_site)
});
same_site_xhr.send();
});
}
</script>

7
testing/web-platform/tests/fetch/sec-metadata/resources/helper.js
View File

@ -17,10 +17,3 @@ function assert_header_equals(value, expected) {
assert_equals(result.target, expected.target, "target");
assert_equals(result.site, expected.site, "site");
}
function verify_response(xhr, test, expected){
if (xhr.readyState === 4) {
assert_header_equals(xhr.responseText, expected);
test.done();
}
}

2
testing/web-platform/tests/fetch/sec-metadata/resources/post-to-owner.py
View File

@ -12,5 +12,5 @@ def main(request, response):
if (window.top != window)
window.top.postMessage(data, "*");
</script>
""" % json.dumps(request.headers["sec-metadata"])
""" % json.dumps(request.headers.get("Sec-Metadata", ""))
return headers, body

14
testing/web-platform/tests/fetch/sec-metadata/resources/record-header.py
View File

@ -21,20 +21,23 @@ def main(request, response):
if 'retrieve' in request.GET:
response.writer.write_status(200)
response.writer.end_headers()
header_value = request.server.stash.take(testId)
if header_value != None:
try:
header_value = request.server.stash.take(testId)
response.writer.write(header_value)
except (KeyError, ValueError) as e:
response.writer.write("No header has been recorded")
pass
response.close_connection = True
## Record incoming Sec-Metadata header value
else:
## Return empty string as a default value ##
header = request.headers.get("Sec-Metadata", "")
try:
## Return empty string as a default value ##
header = request.headers.get("Sec-Metadata", "")
request.server.stash.put(testId, header)
except KeyError:
## The header is already recorded
## The header is already recorded or it doesn't exist
pass
## Prevent the browser from caching returned responses and allow CORS ##
@ -61,6 +64,7 @@ def main(request, response):
## Return a valid font content and Content-Type ##
if key.startswith("font"):
response.headers.set("Content-Type", "application/x-font-ttf")
file = open("fonts/Ahem.ttf", "r")
font = file.read()
file.close()

28
testing/web-platform/tests/fetch/sec-metadata/serviceworker.tentative.https.sub.html
View File

@ -8,7 +8,7 @@
<script>
if ('serviceWorker' in navigator) {
window.addEventListener('load', function() {
navigator.serviceWorker.register('/fetch/sec-metadata/resources/record-header.py?file=serviceworker-same-origin').then(function(registration) {
navigator.serviceWorker.register('https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=serviceworker-same-origin').then(function(registration) {
test_same_origin();
// uninstall the serviceworker after the test
@ -32,20 +32,16 @@
<script>
function test_same_origin(){
var same_origin_test = async_test("Same-Origin serviceworker");
same_origin_test.step(function () {
key = "serviceworker-same-origin";
expected_same_origin = {"destination":"serviceworker", "site":"same-origin"};
// Requests from the server the saved value of the Sec-Metadata header
same_origin_xhr = new XMLHttpRequest();
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
});
same_origin_xhr.send();
});
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "serviceworker-same-origin";
let expected = {"destination":"serviceworker", "site":"same-origin"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
})
})
}
</script>

26
testing/web-platform/tests/fetch/sec-metadata/sharedworker.tentative.https.sub.html
View File

@ -23,22 +23,18 @@
}
function test_same_origin(){
var same_origin_test = async_test("Same-Origin sharedworker");
same_origin_test.step(function () {
key = "sharedworker-same-origin";
expected_same_origin = {"destination":"sharedworker", "site":"same-origin"};
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "sharedworker-same-origin";
let expected = {"destination":"sharedworker", "site":"same-origin"};
// Requests from the server the saved value of the Sec-Metadata header
same_origin_xhr = new XMLHttpRequest();
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
// Async test step triggered when the response is loaded
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
});
same_origin_xhr.send();
});
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
})
}, "Same-Origin sharedworker")
}
</script>
<body></body>

113
testing/web-platform/tests/fetch/sec-metadata/style.tentative.https.sub.html
View File

@ -1,75 +1,70 @@
<!DOCTYPE html>
<html>
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<body></body>
<script>
function test_same_origin() {
var same_origin_test = async_test("Same-Origin style");
same_origin_test.step(function () {
key = "style-same-origin";
expected_same_origin = {"destination":"style", "site":"same-origin"};
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-same-origin";
// Requests from the server the saved value of the Sec-Metadata header
same_origin_xhr = new XMLHttpRequest();
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"style", "site":"same-origin"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
// Async test step triggered when the response is loaded
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
});
same_origin_xhr.send();
});
}
document.body.appendChild(e);
})
}, "Same-Origin style");
function test_same_site() {
var same_site_test = async_test("Same-Site style");
same_site_test.step(function () {
key = "style-same-site";
expected_same_site = {"destination":"style", "site":"same-site"};
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-same-site";
// Requests from the server the saved value of the Sec-Metadata header
same_site_xhr = new XMLHttpRequest();
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"style", "site":"same-site"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
// Async test step triggered when the response is loaded
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
verify_response(same_site_xhr, same_site_test, expected_same_site)
});
same_site_xhr.send();
});
}
document.body.appendChild(e);
})
}, "Same-Site style");
function test_cross_site() {
var cross_site_test = async_test("Cross-Site style");
cross_site_test.step(function () {
key = "style-cross-site";
expected_cross_site = {"destination":"style", "site":"cross-site"};
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-cross-site";
// Requests from the server the saved value of the Sec-Metadata header
cross_site_xhr = new XMLHttpRequest();
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"style", "site":"cross-site"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
};
// Async test step triggered when the response is loaded
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
});
cross_site_xhr.send();
});
}
document.body.appendChild(e);
})
}, "Cross-Site style");
</script>
<body>
<!-- Same-Origin request -->
<link href="https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=style-same-origin"
rel="stylesheet" onload="test_same_origin()" onerror="test_same_origin()">
<!-- Same-Site request -->
<link href="https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=style-same-site"
rel="stylesheet" onload="test_same_site()" onerror="test_same_site()">
<!-- Cross-Site request -->
<link href="https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=style-cross-site"
rel="stylesheet" onload="test_cross_site()" onerror="test_cross_site()">
</body>
</html>