horok/firefox
1
0
Fork 0
Code Activity
firefox/testing/web-platform/tests/fetch/metadata/generated/css-images.sub.tentative.html
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

1309 lines
43 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<!--
This test was procedurally generated. Please do not modify it directly.
Sources:
- fetch/metadata/tools/fetch-metadata.conf.yml
- fetch/metadata/tools/templates/css-images.sub.html
-->
<html lang="en">
<meta charset="utf-8">
<meta name="timeout" content="long">
<title>HTTP headers on request for CSS image-accepting properties</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/fetch/metadata/resources/helper.sub.js"></script>
<body>
<script>
'use strict';
/**
* The subtests in this file use an iframe to induce requests for CSS
* resources because an iframe's `onload` event is the most direct and
* generic mechanism to detect loading of CSS resources. As an optimization,
* the subtests share the same iframe and document.
*/
const declarations = [];
const iframe = document.createElement('iframe');
const whenIframeReady = new Promise((resolve, reject) => {
iframe.onload = resolve;
iframe.onerror = reject;
});
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-site - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-site - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-site - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-site - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-site - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-site - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-site - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-site - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-site - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-site - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-site - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-site - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-site - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-site - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-site - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-mode - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-mode - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-mode - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-mode - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-mode - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-mode - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-mode - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-mode - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-mode - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-mode - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-mode - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-mode - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-mode - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-mode - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-mode');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-mode - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-dest - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-dest - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-dest - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-dest - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-dest - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-dest - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-dest - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-dest - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-dest - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-dest - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-dest - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-dest - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-dest - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-dest - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-dest');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-dest - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-user - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-user - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-user - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-user - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-user - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-user - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-user - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-user - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-user - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-user - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-user - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-user - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-user - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-user - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-user');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-user - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-site - HTTPS downgrade (header not sent)');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-site - HTTPS downgrade (header not sent)');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-site - HTTPS downgrade (header not sent)');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-site - HTTPS downgrade (header not sent)');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-site');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-site - HTTPS downgrade (header not sent)');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_equals(headers['sec-fetch-site'], 'cross-site');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-site - HTTPS upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-site - HTTPS upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-site - HTTPS upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-site - HTTPS upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin', 'httpsOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-site - HTTPS upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_equals(headers['sec-fetch-site'], 'cross-site');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-site - HTTPS downgrade-upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-site - HTTPS downgrade-upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-site - HTTPS downgrade-upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-site - HTTPS downgrade-upgrade');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin', 'httpsOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-site');
assert_array_equals(headers['sec-fetch-site'], ['cross-site']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-site - HTTPS downgrade-upgrade');
iframe.srcdoc = declarations.map((declaration, index) => `
<style>.el${index} { ${declaration} }</style><div class="el${index}"></div>`
).join('');
document.body.appendChild(iframe);
</script>
</body>
</html>
View git blame Copy permalink