a34937366e
Automatic update from web-platform-tests [ua-ch] Apply FP to UA and UA-Mobile Currently FeaturePolicy isn't applied to hints that are sent by default: Sec-CH-UA and Sec-CH-UA-Mobile. That's wrong, as it doesn't allow sites to e.g. block those headers on their own origin or on third-party origins. This CL fixes that. Bug: 1082252 Change-Id: Ia924b5539fb78fa664d90e7fdc8c7e79f19c657d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2203057 Commit-Queue: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Aaron Tagliaboschi <aarontag@chromium.org> Cr-Commit-Position: refs/heads/master@{#769088} -- wpt-commits: f9d12a5f8f0e7b0fbe067f01e6d71fd60bbe285d wpt-pr: 23620
34 lines
1.2 KiB
HTML
34 lines
1.2 KiB
HTML
<html>
|
|
<body>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="/common/get-host-info.sub.js"></script>
|
|
<script src="resources/feature-policy-navigation.js"></script>
|
|
<script>
|
|
(async () => {
|
|
await test_frame(
|
|
"HTTPS_REMOTE_ORIGIN",
|
|
"device-memory=true&dpr=false&viewport-width=false&sec-ch-ua=false&sec-ch-ua-mobile=false",
|
|
"",
|
|
"Client hints loaded on cross-origin iframe request with feature policy.");
|
|
await test_frame(
|
|
"HTTPS_ORIGIN",
|
|
"device-memory=true&dpr=false&viewport-width=true&sec-ch-ua=true&sec-ch-ua-mobile=false",
|
|
"",
|
|
"Client hints loaded on same-origin iframe request with feature policy.");
|
|
await test_frame(
|
|
"HTTPS_REMOTE_ORIGIN",
|
|
"",
|
|
"",
|
|
"Iframe trying to set Accept-CH-Lifetime.", "/client-hints/resources/iframe-accept-ch-lifetime.html");
|
|
await test_frame(
|
|
"HTTPS_REMOTE_ORIGIN",
|
|
"device-memory=true&dpr=false&viewport-width=false&sec-ch-ua=false&sec-ch-ua-mobile=false",
|
|
"",
|
|
"Client hints loaded on cross-origin iframe request with feature policy after attempting to set independently.");
|
|
})();
|
|
|
|
</script>
|
|
</body>
|
|
</html>
|