summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/client-hints/accept-ch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 17:32:43 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 17:32:43 +0000
commit6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch)
treea68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/client-hints/accept-ch
parentInitial commit. (diff)
downloadthunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz
thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/client-hints/accept-ch')
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/__dir__.headers1
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/answers.sub.https.html68
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/cache-revalidation.https.html36
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/__dir__.headers1
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html29
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html.headers1
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/no-feature-policy.https.html36
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html77
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html.headers1
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-accept-ch.https.html14
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-delegate-ch.https.html14
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/no-feature-policy.sub.https.html65
-rw-r--r--testing/web-platform/tests/client-hints/accept-ch/non-secure.http.html38
13 files changed, 381 insertions, 0 deletions
diff --git a/testing/web-platform/tests/client-hints/accept-ch/__dir__.headers b/testing/web-platform/tests/client-hints/accept-ch/__dir__.headers
new file mode 100644
index 0000000000..f233c2e9d6
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/__dir__.headers
@@ -0,0 +1 @@
+Accept-CH: device-memory, dpr, width, viewport-width, rtt, downlink, ect, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-platform, sec-ch-ua-model, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-platform-version, sec-ch-prefers-color-scheme, sec-ch-prefers-reduced-motion, sec-ch-ua-bitness, sec-ch-viewport-height, sec-ch-device-memory, sec-ch-dpr, sec-ch-width, sec-ch-viewport-width, sec-ch-ua-full-version-list, sec-ch-ua-wow64
diff --git a/testing/web-platform/tests/client-hints/accept-ch/answers.sub.https.html b/testing/web-platform/tests/client-hints/accept-ch/answers.sub.https.html
new file mode 100644
index 0000000000..e49a515bf4
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/answers.sub.https.html
@@ -0,0 +1,68 @@
+<html>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+
+// If the response for the HTML file contains "Accept-CH" in the response
+// headers, then the browser should attach the specified client hints in the
+// HTTP request headers depending on whether the resource is being fetched from
+// the same origin or a different origin. Test this functionality by fetching
+// same-origin and cross-origin resources from this page. The response headers
+// for this page include "Accept-CH: device-memory, dpr, viewport-width, rtt, downlink, ect".
+//
+// resources/echo-client-hints-received.py sets the response headers depending on the set
+// of client hints it receives in the request headers.
+
+promise_test(t => {
+ return fetch("https://{{domains[]}}:{{ports[https][0]}}/client-hints/resources/echo-client-hints-received.py").then(r => {
+ assert_equals(r.status, 200)
+ // Verify that the browser includes client hints in the headers for a
+ // same-origin fetch.
+ assert_true(r.headers.has("device-memory-received"), "device-memory-received");
+ assert_true(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
+ assert_true(r.headers.has("dpr-received"), "dpr-received");
+ assert_true(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
+ assert_true(r.headers.has("viewport-width-received"), "viewport-width-received");
+ assert_true(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
+
+ assert_true(r.headers.has("rtt-received"), "rtt-received");
+ var rtt = parseInt(r.headers.get("rtt-received"));
+ assert_greater_than_equal(rtt, 0);
+ assert_less_than_equal(rtt, 3000);
+ assert_equals(rtt % 50, 0, 'rtt must be a multiple of 50 msec');
+
+ assert_true(r.headers.has("downlink-received"), "downlink-received");
+ var downlinkKbps = r.headers.get("downlink-received") * 1000;
+ assert_greater_than_equal(downlinkKbps, 0);
+ assert_less_than_equal(downlinkKbps, 10000);
+
+ assert_in_array(r.headers.get("ect-received"), ["slow-2g", "2g",
+ "3g", "4g"], 'ect-received is unexpected');
+ });
+}, "Accept-CH header test");
+
+promise_test(t => {
+ return fetch("https://{{domains[www]}}:{{ports[https][0]}}/client-hints/resources/echo-client-hints-received.py").then(r => {
+ assert_equals(r.status, 200)
+ // Verify that the browser does not include client hints in the headers
+ // for a cross-origin fetch.
+ assert_false(r.headers.has("device-memory-received"), "device-memory-received");
+ assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
+ assert_false(r.headers.has("dpr-received"), "dpr-received");
+ assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
+ assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
+ assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
+ assert_false(r.headers.has("rtt-received"), "rtt-received");
+ assert_false(r.headers.has("downlink-received"), "downlink-received");
+ assert_false(r.headers.has("ect-received"), "ect-received");
+ });
+}, "Cross-Origin Accept-CH header test");
+
+
+
+</script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/client-hints/accept-ch/cache-revalidation.https.html b/testing/web-platform/tests/client-hints/accept-ch/cache-revalidation.https.html
new file mode 100644
index 0000000000..5ed6f074a7
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/cache-revalidation.https.html
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Tests Stale While Revalidate is not executed for fetch API</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/client-hints/resources/export.js"></script>
+<script src="/common/utils.js"></script>
+<script>
+function wait25ms(test) {
+ return new Promise(resolve => {
+ test.step_timeout(() => {
+ resolve();
+ }, 25);
+ });
+}
+
+promise_test(async (test) => {
+ var request_token = token();
+
+ const response = await fetch(`/client-hints/resources/stale-echo-client-hints.py?token=` + request_token);
+ const response2 = await fetch(`/client-hints/resources/stale-echo-client-hints.py?token=` + request_token);
+
+ assert_equals(response.headers.get('Unique-Id'), response2.headers.get('Unique-Id'));
+
+ while(true) {
+ const revalidation_check = await fetch(`/client-hints/resources/stale-echo-client-hints.py?query&token=` + request_token);
+ if (revalidation_check.headers.get('Count') == '2') {
+ client_hints_full_list.forEach(header => {
+ assert_equals(revalidation_check.headers.get(header+"-recieved"), revalidation_check.headers.get(header+"-previous"));
+ });
+ break;
+ }
+ await wait25ms(test);
+ }
+}, 'Same headers sent for revalidation request');
+</script>
diff --git a/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/__dir__.headers b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/__dir__.headers
new file mode 100644
index 0000000000..f233c2e9d6
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/__dir__.headers
@@ -0,0 +1 @@
+Accept-CH: device-memory, dpr, width, viewport-width, rtt, downlink, ect, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-platform, sec-ch-ua-model, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-platform-version, sec-ch-prefers-color-scheme, sec-ch-prefers-reduced-motion, sec-ch-ua-bitness, sec-ch-viewport-height, sec-ch-device-memory, sec-ch-dpr, sec-ch-width, sec-ch-viewport-width, sec-ch-ua-full-version-list, sec-ch-ua-wow64
diff --git a/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html
new file mode 100644
index 0000000000..90a27280c1
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html
@@ -0,0 +1,29 @@
+<html>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/client-hints/resources/export.js"></script>
+<script src="/client-hints/resources/feature-policy-navigation.js"></script>
+<script>
+(async () => {
+ await test_frame(
+ "HTTPS_REMOTE_ORIGIN",
+ cross_origin_client_hints,
+ "",
+ "Client hints loaded on cross-origin iframe request with feature policy.");
+ await test_frame(
+ "HTTPS_ORIGIN",
+ same_origin_client_hints,
+ "",
+ "Client hints loaded on same-origin iframe request with feature policy.");
+ await test_frame(
+ "HTTPS_REMOTE_ORIGIN",
+ cross_origin_client_hints,
+ "",
+ "Client hints loaded on cross-origin iframe request with feature policy after attempting to set independently.");
+})();
+
+</script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html.headers b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html.headers
new file mode 100644
index 0000000000..11bbceff0a
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/feature-policy.https.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: ch-device-memory=*, ch-dpr=(), ch-viewport-width=(self), ch-ua=(self), ch-ua-mobile=()
diff --git a/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/no-feature-policy.https.html b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/no-feature-policy.https.html
new file mode 100644
index 0000000000..02458f3116
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/feature-policy-navigation/no-feature-policy.https.html
@@ -0,0 +1,36 @@
+<html>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/client-hints/resources/export.js"></script>
+<script src="/client-hints/resources/feature-policy-navigation.js"></script>
+<script>
+(async () => {
+ await test_frame(
+ "HTTPS_REMOTE_ORIGIN",
+ expect_iframe_no_hints,
+ "",
+ "Client hints not loaded on cross-origin iframe request with no feature policy.");
+ await test_frame(
+ "HTTPS_ORIGIN",
+ expect_iframe_hints,
+ "",
+ "Client hints loaded on same-origin iframe request with no feature policy.");
+
+ let allow = "ch-device-memory *; ch-dpr 'none'; ch-viewport-width 'self'; ch-ua 'self'; ch-ua-mobile 'none';"; await test_frame(
+ "HTTPS_REMOTE_ORIGIN",
+ cross_origin_client_hints,
+ allow,
+ "Client hints loaded on cross-origin iframe request with allow list.");
+ await test_frame(
+ "HTTPS_ORIGIN",
+ same_origin_client_hints,
+ allow,
+ "Client hints loaded on same-origin iframe request with allow list.");
+})();
+
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html b/testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html
new file mode 100644
index 0000000000..e1aa3ad68f
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html
@@ -0,0 +1,77 @@
+<html>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+
+// If the response for the HTML file contains "Accept-CH" in the response
+// headers, then the browser should attach the specified client hints in the
+// HTTP request headers depending on whether the resource is being fetched from
+// the same origin or a different origin. Test this functionality by fetching
+// same-origin and cross-origin resources from this page. The response headers
+// for this page include "Accept-CH: device-memory, dpr, viewport-width, rtt, downlink, ect".
+//
+// resources/echo-client-hints-received.py sets the response headers depending on the set
+// of client hints it receives in the request headers.
+
+promise_test(t => {
+ return fetch(get_host_info()["HTTPS_ORIGIN"] + "/client-hints/resources/echo-client-hints-received.py").then(r => {
+ assert_equals(r.status, 200)
+ // Verify that the browser includes client hints in the headers for a
+ // same-origin fetch which not specifically excluded via Feature-Policy.
+ assert_true(r.headers.has("device-memory-received"), "device-memory-received");
+ assert_true(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
+ assert_false(r.headers.has("dpr-received"), "dpr-received");
+ assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
+ assert_true(r.headers.has("viewport-width-received"), "viewport-width-received");
+ assert_true(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
+
+ assert_true(r.headers.has("rtt-received"), "rtt-received");
+ var rtt = parseInt(r.headers.get("rtt-received"));
+ assert_greater_than_equal(rtt, 0);
+ assert_less_than_equal(rtt, 3000);
+ assert_equals(rtt % 50, 0, 'rtt must be a multiple of 50 msec');
+
+ assert_true(r.headers.has("downlink-received"), "downlink-received");
+ var downlinkKbps = r.headers.get("downlink-received") * 1000;
+ assert_greater_than_equal(downlinkKbps, 0);
+ assert_less_than_equal(downlinkKbps, 10000);
+
+ assert_in_array(r.headers.get("ect-received"), ["slow-2g", "2g",
+ "3g", "4g"], 'ect-received is unexpected');
+
+ assert_true(r.headers.has("mobile-received"));
+ assert_in_array(r.headers.get("mobile-received"), ["?0", "?1"], 'mobile is unexpected');
+ assert_false(r.headers.has("prefers-color-scheme-received"), "prefers-color-scheme-received");
+ assert_false(r.headers.has("prefers-reduced-motion-received"), "prefers-reduced-motion-received");
+ assert_false(r.headers.has("viewport-height-received"), "viewport-height-received");
+ });
+}, "Accept-CH header test");
+
+promise_test(t => {
+ return fetch(get_host_info()["HTTPS_REMOTE_ORIGIN"] + "/client-hints/resources/echo-client-hints-received.py").then(r => {
+ assert_equals(r.status, 200)
+ // Verify that the browser includes client hints in the headers for a
+ // cross-origin fetch which are specifically requested via Feature-Policy.
+ assert_true(r.headers.has("device-memory-received"), "device-memory-received");
+ assert_true(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
+ assert_false(r.headers.has("dpr-received"), "dpr-received");
+ assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
+ assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
+ assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
+ assert_false(r.headers.has("rtt-received"), "rtt-received");
+ assert_false(r.headers.has("downlink-received"), "downlink-received");
+ assert_false(r.headers.has("ect-received"), "ect-received");
+ assert_false(r.headers.has("prefers-color-scheme-received"), "prefers-color-scheme-received");
+ assert_false(r.headers.has("prefers-reduced-motion-received"), "prefers-reduced-motion-received");
+ assert_false(r.headers.has("viewport-height-received"), "viewport-height-received");
+ });
+}, "Cross-Origin Accept-CH header test");
+
+
+
+</script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html.headers b/testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html.headers
new file mode 100644
index 0000000000..d968517a3a
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/feature-policy.sub.https.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: ch-device-memory=*, ch-dpr=(), ch-viewport-width=(self), ch-mobile, ch-prefers-color-scheme=(), ch-prefers-reduced-motion=(), ch-viewport-height=()
diff --git a/testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-accept-ch.https.html b/testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-accept-ch.https.html
new file mode 100644
index 0000000000..c9b98daccf
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-accept-ch.https.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+
+<meta http-equiv="Accept-CH" content="sec-ch-dpr">
+
+<script src="../../resources/script-set-dpr-header.py"></script>
+
+<script>
+test(() => {
+ assert_greater_than(dprHeader.length, 0,
+ "sec-ch-dpr header should have been received");
+}, "DPR is received in page with Accept-CH http-equiv meta tag");
+</script>
diff --git a/testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-delegate-ch.https.html b/testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-delegate-ch.https.html
new file mode 100644
index 0000000000..751f07f278
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/meta/resource-in-markup-delegate-ch.https.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+
+<meta http-equiv="Delegate-CH" content="sec-ch-dpr">
+
+<script src="../../resources/script-set-dpr-header.py"></script>
+
+<script>
+test(() => {
+ assert_greater_than(dprHeader.length, 0,
+ "sec-ch-dpr header should have been received");
+}, "DPR is received in page with Accept-CH meta tag");
+</script>
diff --git a/testing/web-platform/tests/client-hints/accept-ch/no-feature-policy.sub.https.html b/testing/web-platform/tests/client-hints/accept-ch/no-feature-policy.sub.https.html
new file mode 100644
index 0000000000..8458bbed7b
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/no-feature-policy.sub.https.html
@@ -0,0 +1,65 @@
+<html>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+
+// If the response for the HTML file contains "Accept-CH" in the response
+// headers, then the browser should attach the specified client hints in the
+// HTTP request headers depending on whether the resource is being fetched from
+// the same origin or a different origin. Test this functionality by fetching
+// same-origin and cross-origin resources from this page. The response headers
+// for this page include "Accept-CH: device-memory, dpr, viewport-width, rtt, downlink, ect".
+//
+// resources/echo-client-hints-received.py sets the response headers depending on the set
+// of client hints it receives in the request headers.
+
+promise_test(t => {
+ return fetch(get_host_info()["HTTPS_ORIGIN"] + "/client-hints/resources/echo-client-hints-received.py").then(r => {
+ assert_equals(r.status, 200)
+ // Verify that the browser includes client hints in the headers for a
+ // same-origin fetch with the default feature policy in place.
+ assert_true(r.headers.has("device-memory-received"), "device-memory-received");
+ assert_true(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
+ assert_true(r.headers.has("dpr-received"), "dpr-received");
+ assert_true(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
+ assert_true(r.headers.has("viewport-width-received"), "viewport-width-received");
+ assert_true(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
+
+ assert_true(r.headers.has("rtt-received"), "rtt-received");
+ var rtt = parseInt(r.headers.get("rtt-received"));
+ assert_greater_than_equal(rtt, 0);
+ assert_less_than_equal(rtt, 3000);
+ assert_equals(rtt % 50, 0, 'rtt must be a multiple of 50 msec');
+
+ assert_true(r.headers.has("downlink-received"), "downlink-received");
+ var downlinkKbps = r.headers.get("downlink-received") * 1000;
+ assert_greater_than_equal(downlinkKbps, 0);
+ assert_less_than_equal(downlinkKbps, 10000);
+
+ assert_in_array(r.headers.get("ect-received"), ["slow-2g", "2g",
+ "3g", "4g"], 'ect-received is unexpected');
+ });
+}, "Accept-CH header test");
+
+promise_test(t => {
+ return fetch(get_host_info()["HTTPS_REMOTE_ORIGIN"] + "/client-hints/resources/echo-client-hints-received.py").then(r => {
+ assert_equals(r.status, 200)
+ // Verify that the browser includes no client hints in the headers for a
+ // cross-origin fetch with the default feature policy in place.
+ assert_false(r.headers.has("device-memory-received"), "device-memory-received");
+ assert_false(r.headers.has("dpr-received"), "dpr-received");
+ assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
+ assert_false(r.headers.has("rtt-received"), "rtt-received");
+ assert_false(r.headers.has("downlink-received"), "downlink-received");
+ assert_false(r.headers.has("ect-received"), "ect-received");
+ });
+}, "Cross-Origin Accept-CH header test");
+
+
+
+</script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/client-hints/accept-ch/non-secure.http.html b/testing/web-platform/tests/client-hints/accept-ch/non-secure.http.html
new file mode 100644
index 0000000000..9115578b57
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/accept-ch/non-secure.http.html
@@ -0,0 +1,38 @@
+<html>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+
+// When the response for the HTML file contains "Accept-CH" in the response
+// headers, then the browser should not attach the specified client hints in
+// the HTTP request headers if the response was delivered by an insecure HTTP
+// server. Test this functionality by fetching an XHR from this page hosted on
+// an insecure HTTP server. The response headers for this page include
+// "Accept-CH: device-memory, dpr, viewport-width, rtt, downlink, ect".
+//
+// resources/echo-client-hints-received.py sets the response headers depending on the set
+// of client hints it receives in the request headers.
+
+ promise_test(t => {
+ return fetch("/client-hints/resources/echo-client-hints-received.py").then(r => {
+ assert_equals(r.status, 200)
+ // Verify that the browser does not include client hints in the headers
+ // when fetching the XHR from an insecure HTTP server.
+ assert_false(r.headers.has("device-memory-received"), "device-memory-received");
+ assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
+ assert_false(r.headers.has("dpr-received"), "dpr-received");
+ assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
+ assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
+ assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
+ assert_false(r.headers.has("rtt-received"), "rtt-received");
+ assert_false(r.headers.has("downlink-received"), "downlink-received");
+ assert_false(r.headers.has("ect-received"), "ect-received");
+ });
+}, "Accept-CH header test");
+
+</script>
+
+</body>
+</html>