testing/web-platform/tests/client-hints/meta-equiv-delegate-ch-non-secure.http.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

<!DOCTYPE html>
<html>
<meta http-equiv="Delegate-CH" content="Sec-CH-DPR; DPR; Sec-CH-Width; Width; Sec-CH-Viewport-Width; Viewport-Width; Sec-CH-Device-Memory; Device-Memory; rtt; downlink; ect">
<title>Delegate-CH meta-equiv insecure transport test</title>
<body>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>

<script>

// Even though this HTML file contains "Delegate-CH" meta-equiv headers, the
// browser should NOT attach the specified client hints in the HTTP request
// headers since the page is being fetched over an insecure transport.
// Test this functionality by fetching an XHR from this page hosted on
// an insecure HTTP server.

// resources/echo-client-hints-received.py sets the response headers depending on the set
// of client hints it receives in the request headers.

promise_test(t => {
  return fetch("/client-hints/resources/echo-client-hints-received.py").then(r => {
    assert_equals(r.status, 200)
    // Verify that the browser does not include client hints in the headers
    // when fetching the XHR from an insecure HTTP server.
    assert_false(r.headers.has("device-memory-received"), "device-memory-received");
    assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
    assert_false(r.headers.has("dpr-received"), "dpr-received");
    assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
    assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
    assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
    assert_false(r.headers.has("rtt-received"), "rtt-received");
    assert_false(r.headers.has("downlink-received"), "downlink-received");
    assert_false(r.headers.has("ect-received"), "ect-received");
    assert_false(r.headers.has("prefers-color-scheme-received"), "prefers-color-scheme-received");
  });
}, "Delegate-CH meta-equiv test over insecure transport");

</script>
</body>
</html>