chromium/src/third_party/blink/web_tests/external/wpt/fetch/metadata/img.https.sub.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=/common/security-features/resources/common.sub.js></script>
 <script src=/fetch/metadata/resources/helper.js></script>
 <body>
 <script>
   // These tests reuse the `referrer-policy` infrastructure to load images that
   // encode their request headers in their pixels. Fun stuff!
   promise_test(() =>
     requestViaImage(
       "https://{{host}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
     .then(result => {
         headers = result.headers;
         got = {
           "mode": headers["sec-fetch-mode"],
           "site": headers["sec-fetch-site"],
           "user": headers["sec-fetch-user"],
           "dest": headers["sec-fetch-dest"]
         };
         assert_header_equals(got, {
           "site": "same-origin",
           // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
           // that `image.py` encodes data.
           "user": undefined,
           "mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
           "dest": "image"
         }, "Same-origin image");
       }),
     "Same-origin image");

   promise_test(() =>
     requestViaImage(
       "https://{{hosts[][www]}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
     .then(result => {
         headers = result.headers;
         got = {
           "mode": headers["sec-fetch-mode"],
           "site": headers["sec-fetch-site"],
           "user": headers["sec-fetch-user"],
           "dest": headers["sec-fetch-dest"]
         };
         assert_header_equals(got, {
           "site": "same-site",
           // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
           // that `image.py` encodes data.
           "user": undefined,
           "mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
           "dest": "image"
         }, "Same-site image");
       }),
     "Same-site image");

   promise_test(() =>
     requestViaImage(
       "https://{{hosts[alt][www]}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
     .then(result => {
         headers = result.headers;
         got = {
           "mode": headers["sec-fetch-mode"],
           "site": headers["sec-fetch-site"],
           "user": headers["sec-fetch-user"],
           "dest": headers["sec-fetch-dest"]
         };
         assert_header_equals(got, {
           "site": "cross-site",
           // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
           // that `image.py` encodes data.
           "user": undefined,
           "mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
           "dest": "image"
         }, "Cross-site image");
       }),
     "Cross-site image");
 </script>
	<!DOCTYPE html>
	<script src=/resources/testharness.js></script>
	<script src=/resources/testharnessreport.js></script>
	<script src=/common/security-features/resources/common.sub.js></script>
	<script src=/fetch/metadata/resources/helper.js></script>
	<body>
	<script>
	// These tests reuse the `referrer-policy` infrastructure to load images that
	// encode their request headers in their pixels. Fun stuff!
	promise_test(() =>
	requestViaImage(
	"https://{{host}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
	.then(result => {
	headers = result.headers;
	got = {
	"mode": headers["sec-fetch-mode"],
	"site": headers["sec-fetch-site"],
	"user": headers["sec-fetch-user"],
	"dest": headers["sec-fetch-dest"]
	};
	assert_header_equals(got, {
	"site": "same-origin",
	// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
	// that `image.py` encodes data.
	"user": undefined,
	"mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
	"dest": "image"
	}, "Same-origin image");
	}),
	"Same-origin image");

	promise_test(() =>
	requestViaImage(
	"https://{{hosts[][www]}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
	.then(result => {
	headers = result.headers;
	got = {
	"mode": headers["sec-fetch-mode"],
	"site": headers["sec-fetch-site"],
	"user": headers["sec-fetch-user"],
	"dest": headers["sec-fetch-dest"]
	};
	assert_header_equals(got, {
	"site": "same-site",
	// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
	// that `image.py` encodes data.
	"user": undefined,
	"mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
	"dest": "image"
	}, "Same-site image");
	}),
	"Same-site image");

	promise_test(() =>
	requestViaImage(
	"https://{{hosts[alt][www]}}:{{ports[https][0]}}/common/security-features/subresource/image.py")
	.then(result => {
	headers = result.headers;
	got = {
	"mode": headers["sec-fetch-mode"],
	"site": headers["sec-fetch-site"],
	"user": headers["sec-fetch-user"],
	"dest": headers["sec-fetch-dest"]
	};
	assert_header_equals(got, {
	"site": "cross-site",
	// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
	// that `image.py` encodes data.
	"user": undefined,
	"mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin`
	"dest": "image"
	}, "Cross-site image");
	}),
	"Cross-site image");
	</script>