Google Git
Sign in
nest-open-source / manifest_repos / chromium_src / 1389d67935ffbffe8a70c1fa06867f6cf7ecf464 / . / chromium / src / third_party / blink / web_tests / external / wpt / fetch / metadata / redirect / redirect-https-downgrade.sub.html
blob: 9eb04822b683bfb28f83e0ad3a78713a14c4b897 [file] [log] [blame]
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/metadata/resources/helper.js></script>
<script src=/fetch/metadata/resources/redirectTestHelper.sub.js></script>
<script src=/common/security-features/resources/common.sub.js></script>
<script src=/common/utils.js></script>
<style>
@font-face {
font-family: myDowngradedFont;
src: url(https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fmetadata%2Fresources%2Frecord-header.py%3Ffile%3Dfont-https-downgrade);
}
#fontTest {
font-family: myDowngradedFont;
}
</style>
<body>
<div id="fontTest">Downgraded font</div>
<script>
let nonce = token();
let expected = { "site": "", "user": "", "mode": "", "dest": "" };
// Validate various scenarios handle a request that redirects from https => http correctly and avoids disclosure of any Sec- headers.
RunCommonRedirectTests("Https downgrade", downgradeRedirectTo, expected);
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-https-downgrade";
fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_no_headers(text, "Https downgrade font => No headers"))
.then(_ => resolve())
.catch(e => reject(e));
});
}, "Https downgrade font => No headers");
});
promise_test(() => {
return requestViaImage(secureRedirectURL + encodeURIComponent("http://{{host}}:{{ports[http][0]}}/common/security-features/subresource/image.py"))
.then(result => {
headers = result.headers;
got = {
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"],
"dest": headers["sec-fetch-dest"]
};
assert_header_equals(got, {
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
"site": undefined,
"user": undefined,
"mode": undefined,
"dest": undefined,
}, "Https downgrade image => No headers");
});
}, "Https downgrade image => No headers");
</script>
<script src="https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fmetadata%2Fresources%2Fecho-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_no_headers(header, "Https downgrade script => No headers");
}, "Https downgrade script => No headers");
</script>
</body>