Sec-Metadata: Remove the 'target' attribute.

This patch removes the 'target' attribute by replacing it with a new 'destination' value that distinguishes between top-level and nested navigations. Spec: w3c/webappsec-fetch-metadata@de75307 Bug: 861678, 843478 Change-Id: I2bf5df1b93fb2c7c341cbe6da30d99bb19d40626 Reviewed-on: https://chromium-review.googlesource.com/1172137 Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Philip Jägenstedt <foolip@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#583605}
bocoup · Aug 16, 2018 · 7dbb4b6 · 7dbb4b6
1 parent 9762614
commit 7dbb4b6
Show file tree

Hide file tree

Showing 26 changed files with 96 additions and 116 deletions.
diff --git a/fetch/sec-metadata/embed.tentative.https.sub.html b/fetch/sec-metadata/embed.tentative.https.sub.html
@@ -13,7 +13,7 @@
       let e = document.createElement('embed');
       e.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"embed", "target":"subresource", "site":"same-origin"};
+        let expected = {"destination":"embed", "site":"same-origin"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
@@ -32,7 +32,7 @@
       let e = document.createElement('embed');
       e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"embed", "target":"subresource", "site":"same-site"};
+        let expected = {"destination":"embed", "site":"same-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
@@ -51,7 +51,7 @@
       let e = document.createElement('embed');
       e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"embed", "target":"subresource", "site":"cross-site"};
+        let expected = {"destination":"embed", "site":"cross-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))

diff --git a/fetch/sec-metadata/fetch.tentative.https.sub.html b/fetch/sec-metadata/fetch.tentative.https.sub.html
@@ -10,7 +10,6 @@
           assert_header_equals(j.header, {
             "cause": undefined,
             "destination": "",
-            "target": "subresource",
             "site": "same-origin"
           });
         });
@@ -23,7 +22,6 @@
           assert_header_equals(j.header, {
             "cause": undefined,
             "destination": "",
-            "target": "subresource",
             "site": "same-site"
           });
         });
@@ -36,7 +34,6 @@
           assert_header_equals(j.header, {
             "cause": undefined,
             "destination": "",
-            "target": "subresource",
             "site": "cross-site"
           });
         });

diff --git a/fetch/sec-metadata/font.tentative.https.sub.html b/fetch/sec-metadata/font.tentative.https.sub.html
@@ -52,7 +52,7 @@
     var same_origin_test = async_test("Same-Origin font");
     same_origin_test.step(function () {
         key = "font-same-origin";
-        expected_same_origin = {"destination":"font", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"font", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
@@ -70,7 +70,7 @@
     var same_site_test = async_test("Same-Site font");
     same_site_test.step(function () {
         key = "font-same-site";
-        expected_same_site = {"destination":"font", "target":"subresource", "site":"same-site"};
+        expected_same_site = {"destination":"font", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();
@@ -88,7 +88,7 @@
     var cross_site_test = async_test("Cross-Site font");
     cross_site_test.step(function () {
         key = "font-cross-site";
-        expected_cross_site = {"destination":"font", "target":"subresource", "site":"cross-site"};
+        expected_cross_site = {"destination":"font", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/iframe.tentative.https.sub.html b/fetch/sec-metadata/iframe.tentative.https.sub.html
@@ -13,8 +13,7 @@
 
       assert_header_equals(e.data, {
         "cause": "forced",
-        "destination": "document",
-        "target": "nested",
+        "destination": "nested-document",
         "site": "same-origin"
       });
       t.done();
@@ -32,8 +31,7 @@
 
       assert_header_equals(e.data, {
         "cause": "forced",
-        "destination": "document",
-        "target": "nested",
+        "destination": "nested-document",
         "site": "same-site"
       });
       t.done();
@@ -51,8 +49,7 @@
 
       assert_header_equals(e.data, {
         "cause": "forced",
-        "destination": "document",
-        "target": "nested",
+        "destination": "nested-document",
         "site": "cross-site"
       });
       t.done();

diff --git a/fetch/sec-metadata/img.tentative.https.sub.html b/fetch/sec-metadata/img.tentative.https.sub.html
@@ -14,7 +14,6 @@
         assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
           "cause": undefined,
           "destination": "image",
-          "target": "subresource",
           "site": "same-origin"
         });
       }),
@@ -29,7 +28,6 @@
         assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
           "cause": undefined,
           "destination": "image",
-          "target": "subresource",
           "site": "same-site"
         });
       }),
@@ -44,7 +42,6 @@
         assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
           "cause": undefined,
           "destination": "image",
-          "target": "subresource",
           "site": "cross-site"
         });
       }),

diff --git a/fetch/sec-metadata/object.tentative.https.sub.html b/fetch/sec-metadata/object.tentative.https.sub.html
@@ -13,7 +13,7 @@
       let e = document.createElement('object');
       e.data = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"object", "target":"subresource", "site":"same-origin"};
+        let expected = {"destination":"object", "site":"same-origin"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
@@ -32,7 +32,7 @@
       let e = document.createElement('object');
       e.data = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"object", "target":"subresource", "site":"same-site"};
+        let expected = {"destination":"object", "site":"same-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
@@ -51,7 +51,7 @@
       let e = document.createElement('object');
       e.data = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"object", "target":"subresource", "site":"cross-site"};
+        let expected = {"destination":"object", "site":"cross-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))

diff --git a/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html
@@ -14,7 +14,7 @@
     var cross_site_test = async_test("Cross-Site -> Cross-Site redirect");
     cross_site_test.step(function () {
         filename = "redirect-cross-site-cross-site";
-        expected_cross_site = {"destination":"image", "target":"subresource", "site":"cross-site"};
+        expected_cross_site = {"destination":"image", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html b/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html
@@ -15,7 +15,7 @@
     var same_origin_test = async_test("Cross-Site -> Same-Origin redirect");
     same_origin_test.step(function () {
         filename = "redirect-cross-site-same-origin";
-        expected_same_origin = {"destination":"image", "target":"subresource", "site":"cross-site"};
+        expected_same_origin = {"destination":"image", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html
@@ -14,7 +14,7 @@
     var same_site_test = async_test("Cross-Site -> Same-Site redirect");
     same_site_test.step(function () {
         filename = "redirect-cross-site-same-site";
-        expected_same_site = {"destination":"image", "target":"subresource", "site":"cross-site"};
+        expected_same_site = {"destination":"image", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html
@@ -14,7 +14,7 @@
     var cross_site_test = async_test("Same-Origin -> Cross-Site redirect");
     cross_site_test.step(function () {
         filename = "redirect-same-origin-cross-site";
-        expected_cross_site = {"destination":"image", "target":"subresource", "site":"same-origin"};
+        expected_cross_site = {"destination":"image", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html
@@ -15,7 +15,7 @@
     var same_origin_test = async_test("Same-Origin -> Same-Origin redirect");
     same_origin_test.step(function () {
         filename = "redirect-same-origin-same-origin";
-        expected_same_origin = {"destination":"image", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"image", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html
@@ -15,7 +15,7 @@
     var same_site_test = async_test("Same-Origin -> Same-Site redirect");
     same_site_test.step(function () {
         filename = "redirect-same-origin-same-site";
-        expected_same_site = {"destination":"image", "target":"subresource", "site":"same-origin"};
+        expected_same_site = {"destination":"image", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html
@@ -15,7 +15,7 @@
     var cross_site_test = async_test("Same-Site -> Cross-Site redirect");
     cross_site_test.step(function () {
         key = "redirect-same-site-cross-site";
-        expected_cross_site = {"destination":"image", "target":"subresource", "site":"same-site"};
+        expected_cross_site = {"destination":"image", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html
@@ -15,7 +15,7 @@
     var same_origin_test = async_test("Same-Site -> Same-Origin redirect");
     same_origin_test.step(function () {
         key = "redirect-same-site-same-origin";
-        expected_same_origin = {"destination":"image", "target":"subresource", "site":"same-site"};
+        expected_same_origin = {"destination":"image", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html
@@ -15,7 +15,7 @@
     var same_site_test = async_test("Same-Site -> Same-Site redirect");
     same_site_test.step(function () {
         key = "redirect-same-site-same-site";
-        expected_same_site = {"destination":"image", "target":"subresource", "site":"same-site"};
+        expected_same_site = {"destination":"image", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/report.tentative.https.sub.html b/fetch/sec-metadata/report.tentative.https.sub.html
@@ -11,21 +11,21 @@
     counter++;
     if (counter == 3) {
       promise_test(t => {
-        expected = {"destination":"report", "target":"subresource", "site":"same-origin"};
+        expected = {"destination":"report", "site":"same-origin"};
         return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=report-same-origin")
             .then(response => response.text())
             .then(text => assert_header_equals(text, expected));
       }, "Same-Origin report");
 
       promise_test(t => {
-        expected = {"destination":"report", "target":"subresource", "site":"same-site"};
+        expected = {"destination":"report", "site":"same-site"};
         return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=report-same-site")
             .then(response => response.text())
             .then(text => assert_header_equals(text, expected));
       }, "Same-site report");
 
       promise_test(t => {
-        expected = {"destination":"report", "target":"subresource", "site":"cross-site"};
+        expected = {"destination":"report", "site":"cross-site"};
         return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=report-cross-site")
             .then(response => response.text())
             .then(text => assert_header_equals(text, expected));

diff --git a/fetch/sec-metadata/resources/echo-as-json.py b/fetch/sec-metadata/resources/echo-as-json.py
@@ -8,5 +8,5 @@ def main(request, response):
         headers.append(("Access-Control-Allow-Origin", request.headers["origin"]))
 
 
-    body = json.dumps({ "header": request.headers["sec-metadata"] })
+    body = json.dumps({ "header": request.headers.get("sec-metadata", "") })
     return headers, body
diff --git a/fetch/sec-metadata/resources/echo-as-script.py b/fetch/sec-metadata/resources/echo-as-script.py
@@ -3,6 +3,6 @@
 def main(request, response):
     headers = [("Content-Type", "text/javascript")]
 
-    body = "var header = %s;" % json.dumps(request.headers["sec-metadata"]);
+    body = "var header = %s;" % json.dumps(request.headers.get("sec-metadata", ""));
 
     return headers, body
diff --git a/fetch/sec-metadata/script.tentative.https.sub.html b/fetch/sec-metadata/script.tentative.https.sub.html
@@ -12,7 +12,6 @@
     assert_header_equals(header, {
       "cause": undefined,
       "destination": "script",
-      "target": "subresource",
       "site": "same-origin"
     });
   }, "Same-origin script");
@@ -27,7 +26,6 @@
     assert_header_equals(header, {
       "cause": undefined,
       "destination": "script",
-      "target": "subresource",
       "site": "same-site"
     });
   }, "Same-site script");
@@ -42,7 +40,6 @@
     assert_header_equals(header, {
       "cause": undefined,
       "destination": "script",
-      "target": "subresource",
       "site": "cross-site"
     });
   }, "Cross-site script");

diff --git a/fetch/sec-metadata/serviceworker.tentative.https.sub.html b/fetch/sec-metadata/serviceworker.tentative.https.sub.html
@@ -35,7 +35,7 @@
     var same_origin_test = async_test("Same-Origin serviceworker");
     same_origin_test.step(function () {
         key = "serviceworker-same-origin";
-        expected_same_origin = {"destination":"serviceworker", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"serviceworker", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/sharedworker.tentative.https.sub.html b/fetch/sec-metadata/sharedworker.tentative.https.sub.html
@@ -26,7 +26,7 @@
     var same_origin_test = async_test("Same-Origin sharedworker");
     same_origin_test.step(function () {
         key = "sharedworker-same-origin";
-        expected_same_origin = {"destination":"sharedworker", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"sharedworker", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();

diff --git a/fetch/sec-metadata/style.tentative.https.sub.html b/fetch/sec-metadata/style.tentative.https.sub.html
@@ -9,7 +9,7 @@
     var same_origin_test = async_test("Same-Origin style");
     same_origin_test.step(function () {
         key = "style-same-origin";
-        expected_same_origin = {"destination":"style", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"style", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
@@ -27,7 +27,7 @@
     var same_site_test = async_test("Same-Site style");
     same_site_test.step(function () {
         key = "style-same-site";
-        expected_same_site = {"destination":"style", "target":"subresource", "site":"same-site"};
+        expected_same_site = {"destination":"style", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();
@@ -45,7 +45,7 @@
     var cross_site_test = async_test("Cross-Site style");
     cross_site_test.step(function () {
         key = "style-cross-site";
-        expected_cross_site = {"destination":"style", "target":"subresource", "site":"cross-site"};
+        expected_cross_site = {"destination":"style", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();