chromium/src
0
Fork 0
Code Activity

Add Initial Web Platform Tests for Storage Access Headers

Browse Source 
This change adds web platform tests that confirm the inclusion of the
`Sec-Fetch-Storage-Access` header on cross-site navigations, and that confirm the browser properly handles responses which include the `Activate-Storage-Access` header.

Bug: 332335089
Change-Id: If453daea7b77292a6498f22b86a552a5a064b521
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5972601
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Chris Fredrickson <cfredric@chromium.org>
Commit-Queue: Sam LeDoux <sledoux@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1391183}
This commit is contained in:
Sam LeDoux
2024-12-03 20:07:36 +00:00
committed by Chromium LUCI CQ
parent d2fb70b677
commit 5bb5f07e46
93 changed files with 3856 additions and 2 deletions
content/public/common
content_switch_dependent_feature_overrides.cc
third_party/blink/web_tests
external
wpt
fetch
metadata
generated
audioworklet.https.sub.htmlcss-font-face.https.sub.tentative.htmlcss-font-face.sub.tentative.htmlcss-images.https.sub.tentative.htmlcss-images.sub.tentative.htmlelement-a.https.sub.htmlelement-a.sub.htmlelement-area.https.sub.htmlelement-area.sub.htmlelement-audio.https.sub-expected.txtelement-audio.https.sub.htmlelement-audio.sub.htmlelement-embed.https.sub-expected.txtelement-embed.https.sub.htmlelement-embed.sub.htmlelement-frame.https.sub-expected.txtelement-frame.https.sub.htmlelement-frame.sub.htmlelement-iframe.https.sub-expected.txtelement-iframe.https.sub.htmlelement-iframe.sub.htmlelement-img-environment-change.https.sub-expected.txtelement-img-environment-change.https.sub.htmlelement-img-environment-change.sub.htmlelement-img.https.sub-expected.txtelement-img.https.sub.htmlelement-img.sub.htmlelement-input-image.https.sub-expected.txtelement-input-image.https.sub.htmlelement-input-image.sub.htmlelement-link-icon.https.sub.htmlelement-link-icon.sub.htmlelement-link-prefetch.https.optional.sub-expected.txtelement-link-prefetch.https.optional.sub.htmlelement-link-prefetch.optional.sub.htmlelement-meta-refresh.https.optional.sub.htmlelement-meta-refresh.optional.sub.htmlelement-picture.https.sub-expected.txtelement-picture.https.sub.htmlelement-picture.sub.htmlelement-script.https.sub-expected.txtelement-script.https.sub.htmlelement-script.sub.htmlelement-video-poster.https.sub.htmlelement-video-poster.sub.htmlelement-video.https.sub-expected.txtelement-video.https.sub.htmlelement-video.sub.htmlfetch-via-serviceworker.https.sub-expected.txtfetch-via-serviceworker.https.sub.htmlfetch.https.sub-expected.txtfetch.https.sub.htmlfetch.sub.htmlform-submission.https.sub.htmlform-submission.sub.htmlheader-link.https.sub-expected.txtheader-link.https.sub.htmlheader-link.sub-expected.txtheader-link.sub.htmlheader-refresh.https.optional.sub.htmlheader-refresh.optional.sub.htmlscript-module-import-dynamic.https.sub.htmlscript-module-import-dynamic.sub.htmlscript-module-import-static.https.sub.htmlscript-module-import-static.sub.htmlsvg-image.https.sub-expected.txtsvg-image.https.sub.htmlsvg-image.sub.htmlwindow-history.https.sub.htmlwindow-history.sub.htmlwindow-location.https.sub.htmlwindow-location.sub.htmlworker-dedicated-constructor.sub.htmlworker-dedicated-importscripts.https.sub-expected.txtworker-dedicated-importscripts.https.sub.htmlworker-dedicated-importscripts.sub.html
tools
fetch-metadata.conf.yml
storage-access-api
helpers.js
resources
handle-headers-non-retry.pyhandle-headers-retry.pyheader-helpers.pynested-handle-storage-access-headers.pyretrieve-storage-access-headers.py
storage-access-headers.tentative.https.sub.window.js
http
tests
navigation
form-targets-cross-site-frame-get-expected.txtform-targets-cross-site-frame-no-referrer-expected.txtform-targets-cross-site-frame-post-expected.txtform-with-enctype-targets-cross-site-frame-expected.txt
virtual
stable
http
tests
navigation
form-targets-cross-site-frame-get-expected.txtform-targets-cross-site-frame-no-referrer-expected.txtform-targets-cross-site-frame-post-expected.txtform-with-enctype-targets-cross-site-frame-expected.txt

3
content/public/common/content_switch_dependent_feature_overrides.cc

@@ -84,6 +84,9 @@ GetSwitchDependentFeatureOverrides(const base::CommandLine& command_line) {
{switches::kEnableExperimentalWebPlatformFeatures,
std::cref(blink::features::kPartitionedPopins),
base::FeatureList::OVERRIDE_ENABLE_FEATURE},
{switches::kEnableExperimentalWebPlatformFeatures,
std::cref(network::features::kStorageAccessHeaders),
base::FeatureList::OVERRIDE_ENABLE_FEATURE},
// Overrides for --enable-experimental-cookie-features.
{switches::kEnableExperimentalCookieFeatures,

26
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/audioworklet.https.sub.html vendored

@@ -266,6 +266,32 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/javascript'}),
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite'], {mime: 'text/javascript'}),
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

20
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/css-font-face.https.sub.tentative.html vendored

@@ -225,6 +225,26 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpsCrossSite']))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpsSameSite']))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

30
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/css-font-face.sub.tentative.html vendored

@@ -160,6 +160,36 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpOrigin']))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpSameSite']))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpCrossSite']))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

145
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/css-images.https.sub.tentative.html vendored

@@ -1374,6 +1374,151 @@ Sources:
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-user');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_equals(headers['sec-fetch-storage-access'], 'none');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Cross-site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Cross-site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Cross-site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Cross-site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Cross-site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Same site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Same site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Same site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Same site');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Same site');
iframe.srcdoc = declarations.map((declaration, index) => `
<style>.el${index} { ${declaration} }</style><div class="el${index}"></div>`
).join('');

210
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/css-images.sub.tentative.html vendored

@@ -869,6 +869,216 @@ Sources:
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-user - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`background-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), (error) => t.unreached_func());
}, 'background-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`border-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'border-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`content: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'content sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`cursor: url("${url}"), auto;`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'cursor sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite']);
declarations.push(`list-style-image: url("${url}");`);
whenIframeReady
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
})
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']);

40
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-a.https.sub.html vendored

@@ -477,6 +477,46 @@ Sources:
assert_array_equals(headers['sec-fetch-user'], ['?1']);
});
}, 'sec-fetch-user - no attributes with user activation');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - no attributes');
</script>
</body>
</html>

60
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-a.sub.html vendored

@@ -276,6 +276,66 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';

40
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-area.https.sub.html vendored

@@ -477,6 +477,46 @@ Sources:
assert_array_equals(headers['sec-fetch-user'], ['?1']);
});
}, 'sec-fetch-user - no attributes with user activation');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - no attributes');
</script>
</body>
</html>

60
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-area.sub.html vendored

@@ -276,6 +276,66 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
{
test: t,
userActivated: false,
attributes: {}
}
);
// `induceRequest` does not necessarily trigger a navigation, so the Python
// handler must be polled until it has received the initial request.
return retrieve(key, {poll: true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';

2
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-audio.https.sub-expected.txt vendored

@@ -1,5 +1,7 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-site - HTTPS downgrade-upgrade, no attributes
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

27
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-audio.https.sub.html vendored

@@ -320,6 +320,33 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, no attributes');
</script>
</body>
</html>

39
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-audio.sub.html vendored

@@ -184,6 +184,45 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';

2
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-embed.https.sub-expected.txt vendored

@@ -1,5 +1,7 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-mode
assert_array_equals: expected property 0 to be "no-cors" but got "navigate" (expected array ["no-cors"] got ["navigate"])
[FAIL] sec-fetch-storage-access - Cross-site
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

21
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-embed.https.sub.html vendored

@@ -219,6 +219,27 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpsCrossSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpsSameSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

30
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-embed.sub.html vendored

@@ -154,6 +154,36 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpOrigin'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpSameSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpCrossSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

5
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-frame.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,5 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-storage-access - Cross-site
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

29
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-frame.https.sub.html vendored

@@ -304,6 +304,35 @@ Sources:
assert_array_equals(headers['sec-fetch-user'], ['?1']);
});
}, 'sec-fetch-user with user activation');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

42
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-frame.sub.html vendored

@@ -202,6 +202,48 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

5
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-iframe.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,5 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-storage-access - Cross-site
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

29
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-iframe.https.sub.html vendored

@@ -304,6 +304,35 @@ Sources:
assert_array_equals(headers['sec-fetch-user'], ['?1']);
});
}, 'sec-fetch-user with user activation');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

42
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-iframe.sub.html vendored

@@ -202,6 +202,48 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
t,
false
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

5
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-img-environment-change.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,5 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-storage-access - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

29
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-img-environment-change.https.sub.html vendored

@@ -352,6 +352,35 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsCrossSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsSameSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, no attributes');
</script>
</body>
</html>

42
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-img-environment-change.sub.html vendored

@@ -222,6 +222,48 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpOrigin'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpSameSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpCrossSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';

4
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-img.https.sub-expected.txt vendored

@@ -1,5 +1,9 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access - src - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
[FAIL] sec-fetch-storage-access - srcset - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

58
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-img.https.sub.html vendored

@@ -640,6 +640,64 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - srcset - no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - src - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - srcset - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - src - Same site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - srcset - Same site, no attributes');
</script>
</body>
</html>

84
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-img.sub.html vendored

@@ -364,6 +364,90 @@ Sources:
});
}, 'sec-fetch-user - srcset - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - src - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - srcset - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - src - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - srcset - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - src - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - srcset - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';

2
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-input-image.https.sub-expected.txt vendored

@@ -1,5 +1,7 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-site - HTTPS downgrade-upgrade, no attributes
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

21
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-input-image.https.sub.html vendored

@@ -224,6 +224,27 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(makeRequestURL(key, ['httpsCrossSite']), t)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(makeRequestURL(key, ['httpsSameSite']), t)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, no attributes');
</script>
</body>
</html>

30
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-input-image.sub.html vendored

@@ -148,6 +148,36 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(makeRequestURL(key, ['httpOrigin']), t)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(makeRequestURL(key, ['httpSameSite']), t)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(makeRequestURL(key, ['httpCrossSite']), t)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test((t) => {
const key = '{{uuid()}}';

31
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-link-icon.https.sub.html vendored

@@ -366,6 +366,37 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpsCrossSite'], params),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpsSameSite'], params),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site no attributes');
</script>
</body>
</html>

45
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-link-icon.sub.html vendored

@@ -228,6 +228,51 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpOrigin'], params),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpSameSite'], params),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpCrossSite'], params),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';

2
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-link-prefetch.https.optional.sub-expected.txt vendored

@@ -23,5 +23,7 @@ This is a testharness.js-based test.
assert_array_equals: expected property 0 to be "video" but got "empty" (expected array ["video"] got ["empty"])
[FAIL] sec-fetch-dest attributes: as=worker
assert_array_equals: expected property 0 to be "worker" but got "empty" (expected array ["worker"] got ["empty"])
[FAIL] sec-fetch-storage-access - Cross-site no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

31
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html vendored

@@ -553,6 +553,37 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpsCrossSite']),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpsSameSite']),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site no attributes');
</script>
</body>
</html>

45
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-link-prefetch.optional.sub.html vendored

@@ -223,6 +223,51 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpOrigin']),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpSameSite']),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
induceRequest(
t,
makeRequestURL(key, ['httpCrossSite']),
{}
);
return retrieve(key, {poll:true})
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';

24
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html vendored

@@ -271,6 +271,30 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

36
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-meta-refresh.optional.sub.html vendored

@@ -183,6 +183,42 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

10
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-picture.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,10 @@
This is a testharness.js-based test.
Found 3 FAIL, 0 TIMEOUT, 0 NOTRUN.
[FAIL] sec-fetch-storage-access - img[src] - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
[FAIL] sec-fetch-storage-access - img[srcset] - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
[FAIL] sec-fetch-storage-access - source[srcset] - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

93
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-picture.https.sub.html vendored

@@ -991,6 +991,99 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - source[srcset] - no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
'img',
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - img[src] - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
'img',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - img[srcset] - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
'source',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - source[srcset] - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
'img',
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[src] - Same site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
'img',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[srcset] - Same site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
'source',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - source[srcset] - Same site, no attributes');
</script>
</body>
</html>

135
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-picture.sub.html vendored

@@ -575,6 +575,141 @@ Sources:
});
}, 'sec-fetch-user - source[srcset] - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
'img',
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[src] - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
'img',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[srcset] - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
'source',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - source[srcset] - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
'img',
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[src] - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
'img',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[srcset] - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
'source',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - source[srcset] - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
'img',
'src',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[src] - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
'img',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - img[srcset] - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
'source',
'srcset',
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - source[srcset] - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';

5
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-script.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,5 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-storage-access - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

31
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-script.https.sub.html vendored

@@ -589,5 +589,36 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - no attributes');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpsCrossSite'], { mime: 'application/javascript' }
);
return induceRequest(url,
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpsSameSite'], { mime: 'application/javascript' }
);
return induceRequest(url,
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, no attributes');
</script>
</html>

90
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-script.sub.html vendored

@@ -391,6 +391,96 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, attributes: type=module');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpOrigin'], { mime: 'application/javascript' }
);
return induceRequest(url,
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpOrigin'], { mime: 'application/javascript' }
);
return induceRequest(url,
{"type": "module"}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, attributes: type=module');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpSameSite'], { mime: 'application/javascript' }
);
return induceRequest(url,
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpSameSite'], { mime: 'application/javascript' }
);
return induceRequest(url,
{"type": "module"}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, attributes: type=module');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpCrossSite'], { mime: 'application/javascript' }
);
return induceRequest(url,
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpCrossSite'], { mime: 'application/javascript' }
);
return induceRequest(url,
{"type": "module"}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, attributes: type=module');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(

21
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-video-poster.https.sub.html vendored

@@ -238,6 +238,27 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpsCrossSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpsSameSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

30
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-video-poster.sub.html vendored

@@ -162,6 +162,36 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpOrigin'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpSameSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(t, makeRequestURL(key, ['httpCrossSite'], params))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

2
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-video.https.sub-expected.txt vendored

@@ -1,5 +1,7 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-site - HTTPS downgrade-upgrade, no attributes
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access - Cross-site, no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

27
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-video.https.sub.html vendored

@@ -320,6 +320,33 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, no attributes');
</script>
</body>
</html>

39
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/element-video.sub.html vendored

@@ -184,6 +184,45 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no attributes');
promise_test(() => {
const key = '{{uuid()}}';

7
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/fetch-via-serviceworker.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,7 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include - respondWith
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
[FAIL] sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include - fallback
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

62
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/fetch-via-serviceworker.https.sub.html vendored

@@ -678,6 +678,68 @@ Sources:
});
}, 'sec-fetch-user - no init - fallback');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsCrossSite']),
{"credentials": "include", "mode": "no-cors"},
'respondWith'
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include - respondWith');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsCrossSite']),
{"credentials": "include", "mode": "no-cors"},
'fallback'
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include - fallback');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsSameSite']),
{"credentials": "include", "mode": "no-cors"},
'respondWith'
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, init: mode=no-cors, credentials=include - respondWith');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsSameSite']),
{"credentials": "include", "mode": "no-cors"},
'fallback'
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, init: mode=no-cors, credentials=include - fallback');
</script>
</body>
</html>

5
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/fetch.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,5 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

27
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/fetch.https.sub.html vendored

@@ -297,6 +297,33 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - no init');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite']),
{"credentials": "include", "mode": "no-cors"}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite']),
{"credentials": "include", "mode": "no-cors"}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site, init: mode=no-cors, credentials=include');
</script>
</body>
</html>

39
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/fetch.sub.html vendored

@@ -175,6 +175,45 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination, no init');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no init');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination, no init');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite']),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination, no init');
promise_test(() => {
const key = '{{uuid()}}';

44
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/form-submission.https.sub.html vendored

@@ -517,6 +517,50 @@ Sources:
assert_array_equals(headers['sec-fetch-user'], ['?1']);
});
}, 'sec-fetch-user - POST with user activation');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
const userActivated = false;
return induceRequest('GET', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - GET');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
const userActivated = false;
return induceRequest('POST', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - POST');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
const userActivated = false;
return induceRequest('GET', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - GET');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
const userActivated = false;
return induceRequest('POST', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - POST');
</script>
</body>
</html>

66
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/form-submission.sub.html vendored

@@ -326,6 +326,72 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - POST');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
const userActivated = false;
return induceRequest('GET', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - GET');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
const userActivated = false;
return induceRequest('POST', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - POST');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
const userActivated = false;
return induceRequest('GET', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - GET');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
const userActivated = false;
return induceRequest('POST', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - POST');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
const userActivated = false;
return induceRequest('GET', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - GET');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
const userActivated = false;
return induceRequest('POST', url, userActivated)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - POST');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams);

8
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/header-link.https.sub-expected.txt vendored

@@ -65,5 +65,13 @@ This is a testharness.js-based test.
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-user rel=stylesheet
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=icon - Cross-site
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=stylesheet - Cross-site
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=icon - Same site
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=stylesheet - Same site
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
Harness: the test ran to completion.

58
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/header-link.https.sub.html vendored

@@ -524,6 +524,64 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user rel=stylesheet');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
'icon',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access rel=icon - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
'stylesheet',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access rel=stylesheet - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
'icon',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=icon - Same site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
'stylesheet',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=stylesheet - Same site');
</script>
</body>
</html>

12
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/header-link.sub-expected.txt vendored

@@ -47,6 +47,18 @@ This is a testharness.js-based test.
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-user rel=stylesheet - Not sent to non-trustworthy cross-site destination
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=icon - Not sent to non-trustworthy same-origin destination
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy same-origin destination
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=icon - Not sent to non-trustworthy same-site destination
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy same-site destination
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=icon - Not sent to non-trustworthy cross-site destination
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy cross-site destination
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-site rel=icon - HTTPS downgrade (header not sent)
promise_test: Unhandled rejection with value: object "Error: Failed to query for recorded headers."
[FAIL] sec-fetch-site rel=stylesheet - HTTPS downgrade (header not sent)

84
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/header-link.sub.html vendored

@@ -368,6 +368,90 @@ Sources:
});
}, 'sec-fetch-user rel=stylesheet - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
'icon',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=icon - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin'], {mime: 'text/html'}),
'stylesheet',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
'icon',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=icon - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite'], {mime: 'text/html'}),
'stylesheet',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
'icon',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=icon - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite'], {mime: 'text/html'}),
'stylesheet',
t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access rel=stylesheet - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

24
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/header-refresh.https.optional.sub.html vendored

@@ -268,6 +268,30 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsCrossSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpsSameSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</body>
</html>

36
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/header-refresh.optional.sub.html vendored

@@ -180,6 +180,42 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpOrigin'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpSameSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(key, ['httpCrossSite'], responseParams), t
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test((t) => {
const key = '{{uuid()}}';

26
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/script-module-import-dynamic.https.sub.html vendored

@@ -250,5 +250,31 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpsCrossSite'], { mime: 'application/javascript' }
);
return import(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpsSameSite'], { mime: 'application/javascript' }
);
return import(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</html>

39
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/script-module-import-dynamic.sub.html vendored

@@ -170,6 +170,45 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpOrigin'], { mime: 'application/javascript' }
);
return import(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpSameSite'], { mime: 'application/javascript' }
);
return import(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpCrossSite'], { mime: 'application/javascript' }
);
return import(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(

28
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/script-module-import-static.https.sub.html vendored

@@ -284,5 +284,33 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(
key, ['httpsCrossSite'], { mime: 'application/javascript' }
)
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(
key, ['httpsSameSite'], { mime: 'application/javascript' }
)
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</html>

42
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/script-module-import-static.sub.html vendored

@@ -199,6 +199,48 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(
key, ['httpOrigin'], { mime: 'application/javascript' }
)
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(
key, ['httpSameSite'], { mime: 'application/javascript' }
)
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test(() => {
const key = '{{uuid()}}';
return induceRequest(
makeRequestURL(
key, ['httpCrossSite'], { mime: 'application/javascript' }
)
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test(() => {
const key = '{{uuid()}}';

2
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/svg-image.https.sub-expected.txt vendored

@@ -3,5 +3,7 @@ This is a testharness.js-based test.
promise_test: Unhandled rejection with value: object "[object Event]"
[FAIL] sec-fetch-dest no attributes
assert_array_equals: expected property 0 to be "empty" but got "image" (expected array ["empty"] got ["image"])
[FAIL] sec-fetch-storage-access - Cross-site no attributes
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

29
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/svg-image.https.sub.html vendored

@@ -362,6 +362,35 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsCrossSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpsSameSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site no attributes');
</script>
</body>
</html>

42
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/svg-image.sub.html vendored

@@ -217,6 +217,48 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpOrigin'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpSameSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';
return induceRequest(
t,
makeRequestURL(key, ['httpCrossSite'], params),
{}
)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination no attributes');
promise_test((t) => {
const key = '{{uuid()}}';

44
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/window-history.https.sub.html vendored

@@ -232,6 +232,50 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - history.forward');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
return induceBackRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - history.back');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
return induceForwardRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - history.forward');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
return induceBackRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - history.back');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
return induceForwardRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - history.forward');
</script>
</body>
</html>

66
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/window-history.sub.html vendored

@@ -355,6 +355,72 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - history.forward');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
return induceBackRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - history.back');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
return induceForwardRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - history.forward');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
return induceBackRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - history.back');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
return induceForwardRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - history.forward');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
return induceBackRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - history.back');
promise_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
return induceForwardRequest(url, t, () => retrieve(key))
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - history.forward');
</script>
</body>
</html>

112
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/window-location.https.sub.html vendored

@@ -1179,6 +1179,118 @@ Sources:
assert_array_equals(headers['sec-fetch-user'], ['?1']);
});
}, 'sec-fetch-user - location.replace with user activation');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
const navigate = (win, path) => {
win.location = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - location');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
const navigate = (win, path) => {
win.location.href = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - location.href');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
const navigate = (win, path) => {
win.location.assign(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - location.assign');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsCrossSite'], responseParams);
const navigate = (win, path) => {
win.location.replace(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Cross-site - location.replace');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
const navigate = (win, path) => {
win.location = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - location');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
const navigate = (win, path) => {
win.location.href = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - location.href');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
const navigate = (win, path) => {
win.location.assign(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - location.assign');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsSameSite'], responseParams);
const navigate = (win, path) => {
win.location.replace(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site - location.replace');
</script>
</body>
</html>

168
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/window-location.sub.html vendored

@@ -714,6 +714,174 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination - location.replace');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
const navigate = (win, path) => {
win.location = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
const navigate = (win, path) => {
win.location.href = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location.href');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
const navigate = (win, path) => {
win.location.assign(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location.assign');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpOrigin'], responseParams);
const navigate = (win, path) => {
win.location.replace(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination - location.replace');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
const navigate = (win, path) => {
win.location = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
const navigate = (win, path) => {
win.location.href = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location.href');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
const navigate = (win, path) => {
win.location.assign(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location.assign');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpSameSite'], responseParams);
const navigate = (win, path) => {
win.location.replace(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination - location.replace');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
const navigate = (win, path) => {
win.location = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
const navigate = (win, path) => {
win.location.href = path;
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location.href');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
const navigate = (win, path) => {
win.location.assign(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location.assign');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpCrossSite'], responseParams);
const navigate = (win, path) => {
win.location.replace(path);
};
return induceRequest(url, navigate, false)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination - location.replace');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin'], responseParams);

15
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/worker-dedicated-constructor.sub.html vendored

@@ -80,5 +80,20 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user - Not sent to non-trustworthy same-origin destination, no options');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key,
['httpOrigin'],
{ mime: 'application/javascript', body: 'postMessage("")' }
);
return induceRequest(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination, no options');
</script>
</html>

5
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/worker-dedicated-importscripts.https.sub-expected.txt vendored Normal file

@@ -0,0 +1,5 @@
This is a testharness.js-based test.
[FAIL] sec-fetch-storage-access - Cross-site
assert_array_equals: expected property 0 to be "none" but got "active" (expected array ["none"] got ["active"])
Harness: the test ran to completion.

27
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html vendored

@@ -264,5 +264,32 @@ Sources:
assert_not_own_property(headers, 'sec-fetch-user');
});
}, 'sec-fetch-user');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpsCrossSite'], { mime: 'application/javascript' }
);
return induceRequest(url)
.then(() => retrieve(key))
.then((headers) => {
assert_own_property(headers, 'sec-fetch-storage-access');
assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
});
}, 'sec-fetch-storage-access - Cross-site');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpsSameSite'], { mime: 'application/javascript' }
);
return induceRequest(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Same site');
</script>
</html>

39
third_party/blink/web_tests/external/wpt/fetch/metadata/generated/worker-dedicated-importscripts.sub.html vendored

@@ -184,6 +184,45 @@ Sources:
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpOrigin'], { mime: 'application/javascript' }
);
return induceRequest(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpSameSite'], { mime: 'application/javascript' }
);
return induceRequest(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(
key, ['httpCrossSite'], { mime: 'application/javascript' }
);
return induceRequest(url)
.then(() => retrieve(key))
.then((headers) => {
assert_not_own_property(headers, 'sec-fetch-storage-access');
});
}, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
promise_test(() => {
const key = '{{uuid()}}';
const url = makeRequestURL(

81
third_party/blink/web_tests/external/wpt/fetch/metadata/tools/fetch-metadata.conf.yml vendored

@@ -42,6 +42,15 @@ cases:
- headerName: sec-fetch-user
origins: [httpCrossSite]
description: Not sent to non-trustworthy cross-site destination
- headerName: sec-fetch-storage-access
origins: [httpOrigin]
description: Not sent to non-trustworthy same-origin destination
- headerName: sec-fetch-storage-access
origins: [httpSameSite]
description: Not sent to non-trustworthy same-site destination
- headerName: sec-fetch-storage-access
origins: [httpCrossSite]
description: Not sent to non-trustworthy cross-site destination
template_axes:
# The `AudioWorklet` interface is only available in secure contexts
# https://webaudio.github.io/web-audio-api/#AudioWorklet
@@ -109,6 +118,9 @@ cases:
- headerName: sec-fetch-user
origins: [httpOrigin]
description: Not sent to non-trustworthy same-origin destination
- headerName: sec-fetch-storage-access
origins: [httpOrigin]
description: Not sent to non-trustworthy same-origin destination
template_axes:
# All the templates in this block are unused with the exception of
# `worker-dedicated-constructor`
@@ -848,3 +860,72 @@ cases:
expected: NULL
worker-dedicated-importscripts.sub.html:
- expected: NULL
# Sec-Fetch-Storage-Access
- all_subtests:
headerName: sec-fetch-storage-access
filename_flags: [https]
common_axis:
- description: Cross-site
origins: [httpsCrossSite]
expected: none
- description: Same site
origins: [httpsSameSite]
expected: NULL
template_axes:
# Service Workers' redirect mode is "error"
serviceworker.https.sub.html: [{}]
# Interstitial locations in an HTTP redirect chain are not added to the
# session history, so these requests cannot be initiated using the
# History API.
css-images.sub.html:
- filename_flags: [tentative]
element-audio.sub.html: [{}]
element-embed.sub.html: [{}]
element-frame.sub.html: [{}]
element-iframe.sub.html: [{}]
element-img.sub.html:
- sourceAttr: src
- sourceAttr: srcset
element-img-environment-change.sub.html: [{}]
element-input-image.sub.html: [{}]
element-link-icon.sub.html: [{}]
element-link-prefetch.optional.sub.html: [{}]
element-picture.sub.html: [{}]
element-script.sub.html: [{}]
element-video.sub.html: [{}]
element-video-poster.sub.html: [{}]
fetch.sub.html: [{ init: { mode: no-cors , credentials: include } }]
fetch-via-serviceworker.https.sub.html: [{ init: { mode: no-cors , credentials: include } }]
header-link.sub.html:
- rel: icon
- rel: stylesheet
svg-image.sub.html: [{}]
worker-dedicated-constructor.sub.html: []
worker-dedicated-importscripts.sub.html: [{}]
# The following are cases where the Sec-Fetch-Storage-Access header should
# not be attached at all.
- all_subtests:
headerName: sec-fetch-storage-access
filename_flags: [https]
common_axis:
- description: Cross-site
origins: [httpsCrossSite]
expected: NULL
- description: Same site
origins: [httpsSameSite]
expected: NULL
template_axes:
audioworklet.https.sub.html: [{}]
css-font-face.sub.html:
- filename_flags: [tentative]
element-meta-refresh.optional.sub.html: [{}]
element-a.sub.html: [{}]
element-area.sub.html: [{}]
form-submission.sub.html:
- method: GET
- method: POST
header-refresh.optional.sub.html: [{}]
script-module-import-dynamic.sub.html: [{}]
script-module-import-static.sub.html: [{}]
window-history.sub.html: [{}]
window-location.sub.html: [{}]

11
third_party/blink/web_tests/external/wpt/storage-access-api/helpers.js vendored

@@ -279,12 +279,19 @@ function FetchFromFrame(frame, url) {
// Makes a subresource request to the provided host in the given frame with
// the mode set to 'no-cors'
function NoCorsSubresourceCookiesFromFrame(frame, host) {
const url = `${host}/storage-access-api/resources/echo-cookie-header.py`;
function NoCorsFetchFromFrame(frame, url) {
return PostMessageAndAwaitReply(
{ command: "no-cors fetch", url }, frame.contentWindow);
}
// Makes a subresource request to the provided host in the given frame with
// the mode set to 'no-cors', and returns the cookies that were included in the
// request.
function NoCorsSubresourceCookiesFromFrame(frame, host) {
const url = `${host}/storage-access-api/resources/echo-cookie-header.py`;
return NoCorsFetchFromFrame(frame, url);
}
// Tries to set storage access policy, ignoring any errors.
//
// Note: to discourage the writing of tests that assume unpartitioned cookie

20
third_party/blink/web_tests/external/wpt/storage-access-api/resources/handle-headers-non-retry.py vendored Normal file

@@ -0,0 +1,20 @@
import importlib
header_helpers = importlib.import_module("storage-access-api.resources.header-helpers")
def main(request, response):
request_params = request.GET
if b'key' in request_params:
key = request_params.first(b'key')
# Do not handle requests without a key parameter.
else:
return (400, [], b'')
# Handle load requests.
if b'load' in request_params:
response.headers.set(b'Activate-Storage-Access', b'load')
request.server.stash.put(header_helpers.make_stash_key(key, request_params),
header_helpers.get_stashable_headers(request.headers),
header_helpers.RETRIEVAL_PATH)
return header_helpers.make_response_body(request_params)

43
third_party/blink/web_tests/external/wpt/storage-access-api/resources/handle-headers-retry.py vendored Normal file

@@ -0,0 +1,43 @@
import importlib
header_helpers = importlib.import_module("storage-access-api.resources.header-helpers")
# Sets the `Activate-Storage-Access` response header to a `retry` value
# corresponding to the supplied `allowed_origin`.
def maybe_set_retry(allowed_origin, response):
if allowed_origin is None:
return
if allowed_origin == b'*':
retry_response = b'retry; allowed-origin=*'
elif allowed_origin == b'':
retry_response = b'retry'
else:
retry_response = b'retry; allowed-origin=\"' + allowed_origin + b'\"'
response.headers.set(b'Activate-Storage-Access', retry_response)
def main(request, response):
request_params = request.GET
if b'key' in request_params:
key = request_params.first(b'key')
# Do not handle requests without a key parameter.
else:
return (400, [], b'')
allowed_origin = request_params.first(b'retry-allowed-origin', None)
storage_access_status = request.headers.get(b'sec-fetch-storage-access')
# If a request has been successfully retried and set to active, store its
# headers under a modified key so they can be retrieved independently of
# the initial request's headers.
if storage_access_status == b'active':
key += b'active'
maybe_set_retry(allowed_origin, response)
# Check if the request should redirect.
header_helpers.maybe_set_redirect(request_params, response, storage_access_status)
request.server.stash.put(header_helpers.make_stash_key(key, request_params),
header_helpers.get_stashable_headers(request.headers),
header_helpers.RETRIEVAL_PATH)
return header_helpers.make_response_body(request_params)

58
third_party/blink/web_tests/external/wpt/storage-access-api/resources/header-helpers.py vendored Normal file

@@ -0,0 +1,58 @@
import hashlib
import json
RETRIEVAL_PATH = '/storage-access-api/resources/retrieve-storage-access-headers.py'
def get_stashable_headers(headers):
def bytes_to_strings(d):
# Recursively convert bytes to strings in `d`.
if isinstance(d, (tuple,list,set)):
return [bytes_to_strings(x) for x in d]
elif isinstance(d, bytes):
return d.decode()
elif isinstance(d, dict):
return {bytes_to_strings(k): bytes_to_strings(v) for (k, v) in d.items()}
return d
return json.dumps(bytes_to_strings(headers))
# Makes a string representation of the hash generated for the given key.
def make_stash_key(key, request_params):
# Redirected requests stash their headers at a different key.
key += b'redirected' if b'redirected' in request_params else b''
return hashlib.md5(key).hexdigest()
# Sets the response to redirect to the location passed by the request if its
# parameters contain a `redirect-location` or a `once-active-redirect-location`
# with an active `storage_access_status`.
def maybe_set_redirect(request_params, response, storage_access_status):
if storage_access_status == b'active':
location = request_params.first(b'once-active-redirect-location', '')
else:
location = request_params.first(b'redirect-location', '')
if location:
response.status = 302
response.headers.set(b'Location', location)
# Returns an HTML body with an embedded responder if one is included in
# `request_params`, otherwise returns an empty byte-string.
def make_response_body(request_params):
script = request_params.first(b'script', None)
if script is None:
return b''
return b"""
<!DOCTYPE html>
<meta charset="utf-8">
<title>Subframe with script</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script>
var should_ack_load = false;
</script>
<body>
<script src="%s"></script>
</body>
""" % (script)

5
third_party/blink/web_tests/external/wpt/storage-access-api/resources/nested-handle-storage-access-headers.py vendored Normal file

@@ -0,0 +1,5 @@
import importlib
header_helpers = importlib.import_module("storage-access-api.resources.header-helpers")
def main(request, response):
return header_helpers.make_response_body(request.GET)

17
third_party/blink/web_tests/external/wpt/storage-access-api/resources/retrieve-storage-access-headers.py vendored Normal file

@@ -0,0 +1,17 @@
import hashlib
def main(request, response):
if b'key' in request.GET:
key = request.GET.first(b'key')
# Do not handle requests without a key parameter.
else:
return (400, [], b'')
# Convert the key from String to UUID valid String.
stash_key = hashlib.md5(key).hexdigest()
# Handle the header retrieval request.
headers = request.server.stash.take(stash_key)
if headers is None:
return (204, [], b'')
return (200, [], headers)

487
third_party/blink/web_tests/external/wpt/storage-access-api/storage-access-headers.tentative.https.sub.window.js vendored Normal file

@@ -0,0 +1,487 @@
// META: script=helpers.js
// META: script=/resources/testdriver.js
// META: script=/resources/testdriver-vendor.js
"use strict";
// These are secure origins with different relations to the current document.
const https_origin = 'https://{{host}}:{{ports[https][0]}}';
const same_site = 'https://{{hosts[][www]}}:{{ports[https][0]}}';
const cross_site = 'https://{{hosts[alt][]}}:{{ports[https][0]}}';
const alt_cross_site = 'https://{{hosts[alt][www]}}:{{ports[https][0]}}';
const responder_script = 'embedded_responder.js';
const nested_path = '/storage-access-api/resources/nested-handle-storage-access-headers.py';
const retry_path = '/storage-access-api/resources/handle-headers-retry.py';
const non_retry_path = '/storage-access-api/resources/handle-headers-non-retry.py';
function makeURL(key, domain, path, params) {
const request_params = new URLSearchParams(params);
request_params.append('key', key);
return domain + path + '?' + request_params.toString();
}
async function grantStorageAccessForEmbedSite(test, origin) {
const iframe_params = new URLSearchParams([['script', responder_script]]);
const iframe = await CreateFrame(origin +
'/storage-access-api/resources/script-with-cookie-header.py?' +
iframe_params.toString());
test.add_cleanup( async () => {
await SetPermissionInFrame(iframe,
[{ name: 'storage-access' }, 'prompt']);
iframe.parentNode.removeChild(iframe);
})
await SetPermissionInFrame(iframe,
[{ name: 'storage-access' }, 'granted']);
}
// Sends a request whose headers can be read in cross-site contexts.
async function sendReadableHeaderRequest(url) {
return fetch(url, {credentials: 'include', mode: 'no-cors'});
}
// Sends a request `resources/retrieve-storage-access-headers.py` and parses
// the response as JSON. Will return `undefined` if no headers were set at the
// given key, or if the headers have already been retrieved from that key.
async function sendRetrieveRequest(key) {
const retrieval_path = '/storage-access-api/resources/retrieve-storage-access-headers.py?';
const request_params = new URLSearchParams([['key', key]]);
const response = await fetch(retrieval_path + request_params.toString());
return response.status !== 200 ? undefined : response.json();
}
// Checks that the values of `actual_headers` match those passed in the
// `expected_headers` at their respective header keys. Headers with the value
// of `undefined` in `expected_headers` are expected to be absent from
// `actual_headers`.
function assertHeaderValuesMatch(actual_headers, expected_headers) {
for (const [expected_name, expected_value] of Object.entries(
expected_headers)) {
const actual_value = actual_headers[expected_name];
if (expected_value === undefined) {
assert_equals(actual_value, undefined);
} else {
assert_array_equals(actual_value, expected_value);
}
}
}
function addCommonCleanupCallback(test) {
test.add_cleanup(async () => {
await test_driver.delete_all_cookies();
await MaybeSetStorageAccess("*", "*", "allowed");
});
}
function retriedKey(key) {
return key + 'active';
}
function redirectedKey(key) {
return key + 'redirected';
}
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
await fetch(makeURL(key, cross_site, non_retry_path),
{credentials: 'omit', mode: 'no-cors'});
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': undefined});
}, "Sec-Fetch-Storage-Access is omitted when credentials are omitted");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
await sendReadableHeaderRequest(makeURL(key, cross_site, non_retry_path));
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['none']});
}, "Sec-Fetch-Storage-Access is `none` when unpartitioned cookies are unavailable.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
// Create an iframe and grant it storage access permissions.
await grantStorageAccessForEmbedSite(t, cross_site);
// A cross-site request to the same site as the above iframe should have an
// `inactive` storage access status since a permission grant exists for the
// context.
await sendReadableHeaderRequest(makeURL(key, cross_site, non_retry_path));
const headers = await sendRetrieveRequest(key);
// We should see the origin header on the inactive case.
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['inactive'],
'origin': [https_origin]});
}, "Sec-Fetch-Storage-Access is `inactive` when unpartitioned cookies are available but not in use.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
await SetFirstPartyCookieAndUnsetStorageAccessPermission(cross_site);
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin',
https_origin]]));
// Retrieve the pre-retry headers.
const headers = await sendRetrieveRequest(key);
// Unpartitioned cookie should not be included before the retry.
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['inactive'],
'origin': [https_origin], 'cookie': undefined});
// Retrieve the headers for the retried request.
const retried_headers = await sendRetrieveRequest(retriedKey(key));
// The unpartitioned cookie should have been included in the retry.
assertHeaderValuesMatch(retried_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [https_origin],
'cookie': ['cookie=unpartitioned']
});
}, "Sec-Fetch-Storage-Access is `active` after a valid retry with matching explicit allowed-origin.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
await SetFirstPartyCookieAndUnsetStorageAccessPermission(cross_site);
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin','*']]));
// Retrieve the pre-retry headers.
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {
'sec-fetch-storage-access': ['inactive'],
'origin': [https_origin],
'cookie': undefined
});
// Retrieve the headers for the retried request.
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assertHeaderValuesMatch(retried_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [https_origin],
'cookie': ['cookie=unpartitioned']
});
}, "Sec-Fetch-Storage-Access is active after retry with wildcard `allowed-origin` value.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
await sendReadableHeaderRequest(
makeURL(key, cross_site, retry_path,
[['retry-allowed-origin', '']]));
// The server behavior when retrieving a header that was never sent is
// indistinguishable from its behavior when retrieving a header that was
// sent but was previously retrieved. To ensure the request to retrieve the
// post-retry header occurs only because they were never sent, always
// test its retrieval first.
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assert_equals(retried_headers, undefined);
// Retrieve the pre-retry headers.
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['inactive']});
}, "'Activate-Storage-Access: retry' is a no-op on a request without an `allowed-origin` value.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin',
same_site]]));
// Should not be able to retrieve any headers at the post-retry key.
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assert_equals(retried_headers, undefined);
// Retrieve the pre-retry headers.
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['inactive']});
}, "'Activate-Storage-Access: retry' is a no-op on a request from an origin that does not match its `allowed-origin` value.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin',
https_origin]]));
// Should not be able to retrieve any headers at the post-retry key.
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assert_equals(retried_headers, undefined);
// Retrieve the pre-retry headers.
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['none'],
'origin': undefined});
}, "Activate-Storage-Access `retry` is a no-op on a request with a `none` Storage Access status.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
const load_header_iframe = await CreateFrame(makeURL(key, cross_site,
non_retry_path,
[['load', ''],
['script', responder_script]]));
assert_true(await FrameHasStorageAccess(load_header_iframe),
"frame should have storage access because of the `load` header");
}, "Activate-Storage-Access `load` header grants storage access to frame.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
const iframe = await CreateFrame(makeURL(key, cross_site,
non_retry_path,
[['script', responder_script]]));
t.add_cleanup(async () => {
SetPermissionInFrame(iframe,
[{ name: 'storage-access' }, 'prompt']);
});
await SetPermissionInFrame(iframe,
[{ name: 'storage-access' }, 'granted']);
await RequestStorageAccessInFrame(iframe);
// Create a child iframe with the same source, that causes the server to
// respond with the `load` header.
const nested_iframe = await CreateFrameHelper((frame) => {
// Need a unique `key` on the request or else the server will fail it.
frame.src = makeURL(key + 'load', cross_site, non_retry_path,
[['load', ''], ['script', responder_script]]);
iframe.appendChild(frame);
}, false);
// The nested frame will have storage access because of the `load` response.
assert_true(await FrameHasStorageAccess(nested_iframe));
}, "Activate-Storage-Access `load` is honored for `active` cases.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
addCommonCleanupCallback(t);
const load_header_iframe = await CreateFrame(makeURL(key, cross_site,
non_retry_path,
[['load', ''],
['script', responder_script]]));
assert_false(await FrameHasStorageAccess(load_header_iframe),
"frame should not have received storage access.");
}, "Activate-Storage-Access `load` header is a no-op for requests without storage access.");
promise_test(async t => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess('*', '*', 'blocked');
addCommonCleanupCallback(t);
const iframe_params = new URLSearchParams([['script',
'embedded_responder.js']]);
const iframe = await CreateFrame(cross_site + nested_path + '?' +
iframe_params.toString());
// Create a cross-site request within the iframe
const nested_url_params = new URLSearchParams([['key', key]]);
const nested_url = https_origin + non_retry_path + '?' +
nested_url_params.toString();
await NoCorsFetchFromFrame(iframe, nested_url);
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['inactive'],
'origin': [cross_site]});
}, "Sec-Fetch-Storage-Access is `inactive` for ABA case.");
promise_test(async t => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess('*', '*', 'blocked');
await SetFirstPartyCookieAndUnsetStorageAccessPermission(https_origin);
addCommonCleanupCallback(t);
const iframe_params = new URLSearchParams([['script',
'embedded_responder.js']]);
const iframe = await CreateFrame(cross_site + nested_path + '?' +
iframe_params.toString());
const nested_url_params = new URLSearchParams([
['key', key],
['retry-allowed-origin', cross_site]]);
const nested_url = https_origin + retry_path +
'?' + nested_url_params.toString();
await NoCorsFetchFromFrame(iframe, nested_url);
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {
'sec-fetch-storage-access': ['inactive'],
'origin': [cross_site],
'cookie': undefined
});
// Storage access should have been activated, without the need for a grant,
// on the ABA case.
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assertHeaderValuesMatch(retried_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [cross_site],
'cookie': ['cookie=unpartitioned']
});
}, "Storage Access can be activated for ABA cases by retrying.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
await SetFirstPartyCookieAndUnsetStorageAccessPermission(cross_site);
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
// Create a redirect destination that is same origin to the initial
// request.
const redirect_url = makeURL(key,
cross_site,
retry_path,
[['redirected', '']]);
// Send a request instructing the server include the `retry` response,
// and then redirect when storage access has been activated.
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin',
https_origin],
['once-active-redirect-location',
redirect_url]]));
// Confirm the normal retry behavior.
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['inactive'],
'origin': [https_origin], 'cookie': undefined});
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assertHeaderValuesMatch(retried_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [https_origin],
'cookie': ['cookie=unpartitioned']
});
// Retrieve the headers for the post-retry redirect request.
const redirected_headers = await sendRetrieveRequest(redirectedKey(retriedKey(key)));
assertHeaderValuesMatch(redirected_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [https_origin],
'cookie': ['cookie=unpartitioned']
});
}, "Sec-Fetch-Storage-Access maintains value on same-origin redirect.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
await SetFirstPartyCookieAndUnsetStorageAccessPermission(cross_site);
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
// Create a redirect destination that is cross-origin same-site to the
// initial request.
const redirect_url = makeURL(key, alt_cross_site, retry_path,
[['redirected', '']]);
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin',
https_origin],
['once-active-redirect-location',
redirect_url]]));
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {
'sec-fetch-storage-access': ['inactive'],
'origin': [https_origin],
'cookie': undefined
});
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assertHeaderValuesMatch(retried_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [https_origin],
'cookie': ['cookie=unpartitioned']
});
// Retrieve the headers for the post-retry redirect request.
const redirected_headers = await sendRetrieveRequest(redirectedKey(key));
assertHeaderValuesMatch(redirected_headers, {
'sec-fetch-storage-access': ['inactive'],
'origin': ['null'],
'cookie': undefined
});
}, "Sec-Fetch-Storage-Access is not 'active' after cross-origin same-site redirection.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
await SetFirstPartyCookieAndUnsetStorageAccessPermission(cross_site);
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
// Create a redirect destination that is cross-site to the
// initial request.
const redirect_url = makeURL(key, https_origin, retry_path,
[['redirected', '']]);
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin',
https_origin],
['once-active-redirect-location',
redirect_url]]));
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {
'sec-fetch-storage-access': ['inactive'],
'origin': [https_origin],
'cookie': undefined
});
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assertHeaderValuesMatch(retried_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [https_origin],
'cookie': ['cookie=unpartitioned']
});
// Retrieve the headers for the post-retry redirect request.
const redirected_headers = await sendRetrieveRequest(redirectedKey(key));
// These values will be empty because the frame is now same origin with
// the top level.
assertHeaderValuesMatch(redirected_headers, {
'sec-fetch-storage-access': undefined,
'origin': ['null'],
'cookie': undefined
});
}, "Sec-Fetch-Storage-Access loses value on a cross-site redirection.");
promise_test(async (t) => {
const key = '{{uuid()}}';
await MaybeSetStorageAccess("*", "*", "blocked");
await SetFirstPartyCookieAndUnsetStorageAccessPermission(cross_site);
addCommonCleanupCallback(t);
await grantStorageAccessForEmbedSite(t, cross_site);
// Create a redirect destination that is cross-origin same-site to the
// initial request.
const redirect_url = makeURL(key, https_origin, retry_path, [['redirected', '']]);
// Send a request that instructs the server to respond with both retry and
// response headers.
await sendReadableHeaderRequest(makeURL(key, cross_site, retry_path,
[['retry-allowed-origin',
https_origin],
['redirect-location',
redirect_url]]));
// No redirect should have occurred, so a retrieval request for the
// redirect request should fail.
const redirected_headers = await sendRetrieveRequest(redirectedKey(key));
assert_equals(redirected_headers, undefined);
// Confirm the normal retry behavior.
const headers = await sendRetrieveRequest(key);
assertHeaderValuesMatch(headers, {'sec-fetch-storage-access': ['inactive'],
'origin': [https_origin],
'cookie': undefined});
const retried_headers = await sendRetrieveRequest(retriedKey(key));
assertHeaderValuesMatch(retried_headers, {
'sec-fetch-storage-access': ['active'],
'origin': [https_origin],
'cookie': ['cookie=unpartitioned']
});
}, "Activate-Storage-Access retry is handled before any redirects are followed.");

1
third_party/blink/web_tests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt vendored

@@ -20,4 +20,5 @@ HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_SEC_FETCH_STORAGE_ACCESS = active
HTTP_UPGRADE_INSECURE_REQUESTS = 1

1
third_party/blink/web_tests/http/tests/navigation/form-targets-cross-site-frame-no-referrer-expected.txt vendored

@@ -21,4 +21,5 @@ HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_SEC_FETCH_STORAGE_ACCESS = active
HTTP_UPGRADE_INSECURE_REQUESTS = 1

1
third_party/blink/web_tests/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt vendored

@@ -22,4 +22,5 @@ HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_SEC_FETCH_STORAGE_ACCESS = active
HTTP_UPGRADE_INSECURE_REQUESTS = 1

1
third_party/blink/web_tests/http/tests/navigation/form-with-enctype-targets-cross-site-frame-expected.txt vendored

@@ -22,4 +22,5 @@ HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_SEC_FETCH_STORAGE_ACCESS = active
HTTP_UPGRADE_INSECURE_REQUESTS = 1

23
third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt vendored Normal file

@@ -0,0 +1,23 @@
Test field:
--------
Frame: 'cross-site-frame'
--------
This page was requested with the HTTP method GET.
Parameters:
test-field = test-value
Http headers:
HTTP_CONNECTION = keep-alive
HTTP_HOST = localhost:8080
HTTP_REFERER = http://127.0.0.1:8000/
HTTP_SEC_CH_UA = "content_shell";v="999"
HTTP_SEC_CH_UA_MOBILE = ?0
HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_UPGRADE_INSECURE_REQUESTS = 1

24
third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-no-referrer-expected.txt vendored Normal file

@@ -0,0 +1,24 @@
Test field:
--------
Frame: 'cross-site-frame'
--------
This page was requested with the HTTP method POST.
Parameters:
test-field = test-value
Http headers:
HTTP_CACHE_CONTROL = max-age=0
HTTP_CONNECTION = keep-alive
HTTP_HOST = localhost:8080
HTTP_ORIGIN = null
HTTP_SEC_CH_UA = "content_shell";v="999"
HTTP_SEC_CH_UA_MOBILE = ?0
HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_UPGRADE_INSECURE_REQUESTS = 1

25
third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt vendored Normal file

@@ -0,0 +1,25 @@
Test field:
--------
Frame: 'cross-site-frame'
--------
This page was requested with the HTTP method POST.
Parameters:
test-field = test-value
Http headers:
HTTP_CACHE_CONTROL = max-age=0
HTTP_CONNECTION = keep-alive
HTTP_HOST = localhost:8080
HTTP_ORIGIN = http://127.0.0.1:8000
HTTP_REFERER = http://127.0.0.1:8000/
HTTP_SEC_CH_UA = "content_shell";v="999"
HTTP_SEC_CH_UA_MOBILE = ?0
HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_UPGRADE_INSECURE_REQUESTS = 1

25
third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-with-enctype-targets-cross-site-frame-expected.txt vendored Normal file

@@ -0,0 +1,25 @@
Test field:
--------
Frame: 'cross-site-frame'
--------
This page was requested with the HTTP method POST.
Parameters:
test-field = test-value
Http headers:
HTTP_CACHE_CONTROL = max-age=0
HTTP_CONNECTION = keep-alive
HTTP_HOST = localhost:8080
HTTP_ORIGIN = http://127.0.0.1:8000
HTTP_REFERER = http://127.0.0.1:8000/
HTTP_SEC_CH_UA = "content_shell";v="999"
HTTP_SEC_CH_UA_MOBILE = ?0
HTTP_SEC_CH_UA_PLATFORM = "Unknown"
HTTP_SEC_FETCH_DEST = iframe
HTTP_SEC_FETCH_MODE = navigate
HTTP_SEC_FETCH_SITE = cross-site
HTTP_UPGRADE_INSECURE_REQUESTS = 1