diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
| commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
| tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/speculation-rules/prefetch/user-pass.https.html | |
| parent | Initial commit. (diff) | |
| download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip | |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/speculation-rules/prefetch/user-pass.https.html')
| -rw-r--r-- | testing/web-platform/tests/speculation-rules/prefetch/user-pass.https.html | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/testing/web-platform/tests/speculation-rules/prefetch/user-pass.https.html b/testing/web-platform/tests/speculation-rules/prefetch/user-pass.https.html new file mode 100644 index 0000000000..94748f1eac --- /dev/null +++ b/testing/web-platform/tests/speculation-rules/prefetch/user-pass.https.html @@ -0,0 +1,44 @@ +<!DOCTYPE html> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/dispatcher/dispatcher.js"></script> +<script src="/common/utils.js"></script> +<script src="resources/utils.sub.js"></script> +<meta name="variant" content="?cross-origin=true"> +<meta name="variant" content="?cross-origin=false"> +<script> + let cross_origin = Object.fromEntries(new URLSearchParams(location.search))["cross-origin"] === "true"; + promise_test(async t => { + assert_implements(HTMLScriptElement.supports('speculationrules'), "Speculation Rules not supported"); + + let executor = "authenticate.py"; + let credentials = { username: "user", password: "pass" }; + let agent = await spawnWindow(t, { executor, ...credentials }); + let request_credentials = await agent.getRequestCredentials(); + assert_equals(request_credentials.username, credentials.username); + assert_equals(request_credentials.password, credentials.password); + + let host = cross_origin ? { hostname: PREFETCH_PROXY_BYPASS_HOST } : {}; + let nextUrl = agent.getExecutorURL({ page: 2, executor, ...host }); + await agent.forceSinglePrefetch(nextUrl, { requires: ["anonymous-client-ip-when-cross-origin"] }); + await agent.navigate(nextUrl); + + let requestHeaders = await agent.getRequestHeaders(); + request_credentials = await agent.getRequestCredentials(); + if (cross_origin) { + assert_equals(request_credentials.username, undefined); + assert_equals(request_credentials.password, undefined); + + assert_in_array(requestHeaders.purpose, ["", "prefetch"]); + assert_equals(requestHeaders.sec_purpose, "prefetch;anonymous-client-ip"); + } + else { + assert_equals(request_credentials.username, credentials.username); + assert_equals(request_credentials.password, credentials.password); + + assert_prefetched(await agent.getRequestHeaders()); + } + + }, "test www-authenticate basic does not forward credentials to cross-origin pages."); +</script> |