fc98856fd8
Automatic update from web-platform-tests Use `https://` for tests expecting fetch headers According to the "Fetch Metadata Request Headers" spec [1] `Sec-Fetch-*` headers are only sent to trustworthy URLs. If the url scheme is `https` it's considered as trustworthy. [1] https://w3c.github.io/webappsec-fetch-metadata/#framework -- wpt-commits: 30df310c03596970e70dd2abfc6dbb412f653f8f wpt-pr: 39524
35 lines
1.4 KiB
HTML
35 lines
1.4 KiB
HTML
<!DOCTYPE html>
|
|
<title>Ensures that prefetch sends headers as per-spec</title>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="/common/utils.js"></script>
|
|
<script src="resources/prefetch-helper.js"></script>
|
|
<body>
|
|
<script>
|
|
|
|
promise_test(async t => {
|
|
const {href} = await prefetch({"type": "image/png", file: "../../images/green.png"}, t);
|
|
const [info] = await get_prefetch_info(href);
|
|
const {headers} = info;
|
|
assert_equals(headers["sec-fetch-dest"], "empty");
|
|
assert_equals(headers["sec-purpose"], "prefetch");
|
|
assert_false("origin" in headers);
|
|
}, "Prefetch should include Sec-Purpose=prefetch and Sec-Fetch-Dest=empty headers");
|
|
|
|
promise_test(async t => {
|
|
const {href} = await prefetch({"type": "image/png", file: "../../images/green.png"}, t);
|
|
const [info] = await get_prefetch_info(href);
|
|
const {headers} = info;
|
|
assert_false("purpose" in headers);
|
|
assert_false("x-moz" in headers);
|
|
}, "Prefetch should not include proprietary headers (X-moz/Purpose)");
|
|
|
|
promise_test(async t => {
|
|
const {href} = await prefetch({"type": "image/png", file: "../../images/green.png", crossOrigin: "anonymous"}, t);
|
|
const [info] = await get_prefetch_info(href);
|
|
const {headers} = info;
|
|
assert_equals(headers["origin"], document.origin);
|
|
}, "Prefetch should respect CORS mode");
|
|
|
|
</script>
|
|
</body> |