Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 95 insertions, 0 deletions

diff --git a/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js b/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js
new file mode 100644
index 0000000000..31ccc38697
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js
@@ -0,0 +1,17 @@
+// META: global=window,worker
+
+function basicAuth(desc, user, pass, mode, status) {
+  promise_test(function(test) {
+    var headers = { "Authorization": "Basic " + btoa(user + ":" + pass)};
+    var requestInit = {"credentials": mode, "headers": headers};
+    return fetch("../resources/authentication.py?realm=test", requestInit).then(function(resp) {
+        assert_equals(resp.status, status, "HTTP status is " + status);
+        assert_equals(resp.type , "basic", "Response's type is basic");
+    });
+  }, desc);
+}
+
+basicAuth("User-added Authorization header with include mode", "user", "password", "include", 200);
+basicAuth("User-added Authorization header with same-origin mode", "user", "password", "same-origin", 200);
+basicAuth("User-added Authorization header with omit mode", "user", "password", "omit", 200);
+basicAuth("User-added bogus Authorization header with omit mode", "notuser", "notpassword", "omit", 401);
diff --git a/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js b/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js
new file mode 100644
index 0000000000..16656b5435
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js
@@ -0,0 +1,29 @@
+// META: global=window,worker
+// META: script=/common/get-host-info.sub.js
+
+const authorizationValue = "Basic " + btoa("user:pass");
+async function getAuthorizationHeaderValue(url)
+{
+  const headers = { "Authorization": authorizationValue};
+  const requestInit = {"headers": headers};
+  const response = await fetch(url, requestInit);
+  return response.text();
+}
+
+promise_test(async test => {
+  const result = await getAuthorizationHeaderValue("/fetch/api/resources/dump-authorization-header.py");
+  assert_equals(result, authorizationValue);
+}, "getAuthorizationHeaderValue - no redirection");
+
+promise_test(async test => {
+  result = await getAuthorizationHeaderValue("/fetch/api/resources/redirect.py?location=" + encodeURIComponent("/fetch/api/resources/dump-authorization-header.py"));
+  assert_equals(result, authorizationValue);
+
+  result = await getAuthorizationHeaderValue(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/api/resources/redirect.py?allow_headers=Authorization&location=" + encodeURIComponent(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/api/resources/dump-authorization-header.py"));
+  assert_equals(result, authorizationValue);
+}, "getAuthorizationHeaderValue - same origin redirection");
+
+promise_test(async (test) => {
+  const result = await getAuthorizationHeaderValue(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/api/resources/redirect.py?allow_headers=Authorization&location=" + encodeURIComponent(get_host_info().HTTPS_ORIGIN + "/fetch/api/resources/dump-authorization-header.py"));
+  assert_equals(result, "none");
+}, "getAuthorizationHeaderValue - cross origin redirection");
diff --git a/testing/web-platform/tests/fetch/api/credentials/cookies.any.js b/testing/web-platform/tests/fetch/api/credentials/cookies.any.js
new file mode 100644
index 0000000000..de30e47765
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/credentials/cookies.any.js
@@ -0,0 +1,49 @@
+// META: global=window,worker
+// META: script=../resources/utils.js
+
+function cookies(desc, credentials1, credentials2 ,cookies) {
+  var url = RESOURCES_DIR + "top.txt"
+  var urlParameters = "";
+  var urlCleanParameters = "";
+  if (cookies) {
+    urlParameters +="?pipe=header(Set-Cookie,";
+    urlParameters += cookies.join(",True)|header(Set-Cookie,") +  ",True)";
+    urlCleanParameters +="?pipe=header(Set-Cookie,";
+    urlCleanParameters +=  cookies.join("%3B%20max-age=0,True)|header(Set-Cookie,") +  "%3B%20max-age=0,True)";
+  }
+
+  var requestInit = {"credentials": credentials1}
+  promise_test(function(test){
+    var requestInit = {"credentials": credentials1}
+    return fetch(url + urlParameters, requestInit).then(function(resp) {
+      assert_equals(resp.status, 200, "HTTP status is 200");
+      assert_equals(resp.type , "basic", "Response's type is basic");
+      //check cookies sent
+      return fetch(RESOURCES_DIR + "inspect-headers.py?headers=cookie" , {"credentials": credentials2});
+    }).then(function(resp) {
+      assert_equals(resp.status, 200, "HTTP status is 200");
+      assert_equals(resp.type , "basic", "Response's type is basic");
+      assert_false(resp.headers.has("Cookie") , "Cookie header is not exposed in response");
+      if (credentials1 != "omit" && credentials2 != "omit") {
+        assert_equals(resp.headers.get("x-request-cookie") , cookies.join("; "), "Request include cookie(s)");
+      }
+      else {
+        assert_false(resp.headers.has("x-request-cookie") , "Request does not have cookie(s)");
+      }
+      //clean cookies
+      return fetch(url + urlCleanParameters, {"credentials": "include"});
+    }).catch(function(e) {
+      return fetch(url + urlCleanParameters, {"credentials": "include"}).then(function() {
+         return Promise.reject(e);
+      });
+    });
+  }, desc);
+}
+
+cookies("Include mode: 1 cookie", "include", "include", ["a=1"]);
+cookies("Include mode: 2 cookies", "include", "include", ["b=2", "c=3"]);
+cookies("Omit mode: discard cookies", "omit", "omit", ["d=4"]);
+cookies("Omit mode: no cookie is stored", "omit", "include", ["e=5"]);
+cookies("Omit mode: no cookie is sent", "include", "omit", ["f=6"]);
+cookies("Same-origin mode: 1 cookie", "same-origin", "same-origin", ["a=1"]);
+cookies("Same-origin mode: 2 cookies", "same-origin", "same-origin", ["b=2", "c=3"]);