summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/client-hints/critical-ch/unsafe-method.https.window.js
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/client-hints/critical-ch/unsafe-method.https.window.js')
-rw-r--r--testing/web-platform/tests/client-hints/critical-ch/unsafe-method.https.window.js49
1 files changed, 49 insertions, 0 deletions
diff --git a/testing/web-platform/tests/client-hints/critical-ch/unsafe-method.https.window.js b/testing/web-platform/tests/client-hints/critical-ch/unsafe-method.https.window.js
new file mode 100644
index 0000000000..61fca618f3
--- /dev/null
+++ b/testing/web-platform/tests/client-hints/critical-ch/unsafe-method.https.window.js
@@ -0,0 +1,49 @@
+// META: script=resources/util.js
+
+async_test((t) => {
+ // This test requires a navigation with a non-safe (i.e. non-GET) HTTP
+ // response, which the Critical-CH spec says to ignore. The most
+ // "straight-forward" way to do this in JS is by making a form with an
+ // unsafe method (e.g. POST) method and submit it.
+
+ // Build the form DOM element
+ var form = document.createElement("form");
+ form.setAttribute("method", "post");
+ form.setAttribute("action", ECHO_URL);
+ form.setAttribute("target", "popup"); //don't navigate away from the page running the test...
+ document.body.appendChild(form);
+
+ window.addEventListener('message', (e) => {
+ t.step(()=>{assert_equals(e.data, "FAIL")});
+ t.done();
+ });
+
+ var popup_window = window.open("/common/blank.html", "popup");
+ assert_not_equals(popup_window, null, "Popup windows not allowed?");
+
+ form.submit();
+}, "Critical-CH unsafe method")
+
+async_test((t) => {
+ // This test requires a navigation with a non-safe (i.e. non-GET) HTTP
+ // response, which the Critical-CH spec says to ignore. The most
+ // "straight-forward" way to do this in JS is by making a form with an
+ // unsafe method (e.g. POST) method and submit it.
+
+ // Build the form DOM element
+ var form = document.createElement("form");
+ form.setAttribute("method", "post");
+ form.setAttribute("action", ECHO_URL+"?multiple=true");
+ form.setAttribute("target", "popup"); //don't navigate away from the page running the test...
+ document.body.appendChild(form);
+
+ window.addEventListener('message', (e) => {
+ t.step(()=>{assert_equals(e.data, "FAIL")});
+ t.done();
+ });
+
+ var popup_window = window.open("/common/blank.html", "popup");
+ assert_not_equals(popup_window, null, "Popup windows not allowed?");
+
+ form.submit();
+}, "Critical-CH w/ multiple headers and unsafe method")
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-28 16:16:17 +0000