Skip to content

Commit

Permalink
Bug 1523562 [wpt PR 14792] - Split Sec-Metadata into Sec-Fetch-*.…
Browse files Browse the repository at this point in the history 
…, a=testonly

Automatic update from web-platform-tests
Split `Sec-Metadata` into `Sec-Fetch-*`.

As of [1], we've split the single `Sec-Metadata` header into multiple
headers: `Sec-Fetch-Dest`, `Sec-Fetch-Site`, and `Sec-Fetch-User`. This
patch does that work in Chromium.

The spec change also added `Sec-Fetch-Mode`, but this patch does not.
We'll add that functionality to Chromium in a future CL.

Test changes pulled from clap@'s excellent PR at
web-platform-tests/wpt#14771

The test failures are expected: redirect failures are
https://crbug.com/872285, object/embed failures are
https://crbug.com/860510. XSLT failures are WontFix (some
engines support cross-origin XSLT; Blink does not).

[1]: w3c/webappsec-fetch-metadata@105103d

Bug: 843478
Change-Id: I7654d5e823ad813682ac3eb244bbc244a322e6ca
Reviewed-on: https://chromium-review.googlesource.com/c/1402448
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#622145}

--

wpt-commits: 2d42384cf21efd71843295d319c1bab85b3acf4a
wpt-pr: 14792
  • Loading branch information
@mikewest @jgraham
mikewest authored and jgraham committed Feb 5, 2019
1 parent 4eb1f28 commit 6fefac1
Show file tree
Hide file tree
Showing 25 changed files with 152 additions and 116 deletions.
6 changes: 3 additions & 3 deletions testing/web-platform/tests/fetch/sec-metadata/embed.tentative.https.sub.html
View file
Expand Up @@ -13,7 +13,7 @@
let e = document.createElement('embed');
e.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"embed", "site":"same-origin"};
let expected = {"dest":"embed", "site":"same-origin", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand All @@ -32,7 +32,7 @@
let e = document.createElement('embed');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"embed", "site":"same-site"};
let expected = {"dest":"embed", "site":"same-site", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand All @@ -51,7 +51,7 @@
let e = document.createElement('embed');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"embed", "site":"cross-site"};
let expected = {"dest":"embed", "site":"cross-site", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand Down
24 changes: 12 additions & 12 deletions testing/web-platform/tests/fetch/sec-metadata/fetch.tentative.https.sub.html
View file
Expand Up @@ -7,10 +7,10 @@
return fetch("https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_equals(j.header, {
"cause": undefined,
"destination": "empty",
"site": "same-origin"
assert_header_equals(j, {
"dest": "empty",
"site": "same-origin",
"user":"?F"
});
});
}, "Same-origin fetch");
Expand All @@ -19,10 +19,10 @@
return fetch("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_equals(j.header, {
"cause": undefined,
"destination": "empty",
"site": "same-site"
assert_header_equals(j, {
"dest": "empty",
"site": "same-site",
"user":"?F"
});
});
}, "Same-site fetch");
Expand All @@ -31,10 +31,10 @@
return fetch("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_equals(j.header, {
"cause": undefined,
"destination": "empty",
"site": "cross-site"
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user":"?F"
});
});
}, "Cross-site fetch");
Expand Down
6 changes: 3 additions & 3 deletions testing/web-platform/tests/fetch/sec-metadata/font.tentative.https.sub.html
View file
Expand Up @@ -46,7 +46,7 @@
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-origin";
let expected = {"destination":"font", "site":"same-origin"};
let expected = {"dest":"font", "site":"same-origin", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand All @@ -58,7 +58,7 @@
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-same-site";
let expected = {"destination":"font", "site":"same-site"};
let expected = {"dest":"font", "site":"same-site", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand All @@ -70,7 +70,7 @@
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-cross-site";
let expected = {"destination":"font", "site":"cross-site"};
let expected = {"dest":"font", "site":"cross-site", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand Down
18 changes: 9 additions & 9 deletions testing/web-platform/tests/fetch/sec-metadata/iframe.tentative.https.sub.html
View file
Expand Up @@ -12,9 +12,9 @@
return;

assert_header_equals(e.data, {
"cause": "forced",
"destination": "nested-document",
"site": "same-origin"
"dest": "nested-document",
"site": "same-origin",
"user":"?F"
});
t.done();
}));
Expand All @@ -30,9 +30,9 @@
return;

assert_header_equals(e.data, {
"cause": "forced",
"destination": "nested-document",
"site": "same-site"
"dest": "nested-document",
"site": "same-site",
"user": "?F"
});
t.done();
}));
Expand All @@ -48,9 +48,9 @@
return;

assert_header_equals(e.data, {
"cause": "forced",
"destination": "nested-document",
"site": "cross-site"
"dest": "nested-document",
"site": "cross-site",
"user": "?F"
});
t.done();
}));
Expand Down
45 changes: 33 additions & 12 deletions testing/web-platform/tests/fetch/sec-metadata/img.tentative.https.sub.html
View file
Expand Up @@ -11,10 +11,17 @@
loadImageInWindow(
"https://{{host}}:{{ports[https][0]}}/referrer-policy/generic/subresource/image.py",
t.step_func_done(img => {
assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
"cause": undefined,
"destination": "image",
"site": "same-origin"
headers = decodeImageData(extractImageData(img)).headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
"dest": "image",
"site": "same-origin",
"user": "?F"
});
}),
[],
Expand All @@ -25,10 +32,17 @@
loadImageInWindow(
"https://{{hosts[][www]}}:{{ports[https][0]}}/referrer-policy/generic/subresource/image.py",
t.step_func_done(img => {
assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
"cause": undefined,
"destination": "image",
"site": "same-site"
headers = decodeImageData(extractImageData(img)).headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
"dest": "image",
"site": "same-site",
"user": "?F"
});
}),
[],
Expand All @@ -39,10 +53,17 @@
loadImageInWindow(
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/referrer-policy/generic/subresource/image.py",
t.step_func_done(img => {
assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
"cause": undefined,
"destination": "image",
"site": "cross-site"
headers = decodeImageData(extractImageData(img)).headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
"dest": "image",
"site": "cross-site",
"user": "?F"
});
}),
[],
Expand Down
6 changes: 3 additions & 3 deletions testing/web-platform/tests/fetch/sec-metadata/object.tentative.https.sub.html
View file
Expand Up @@ -13,7 +13,7 @@
let e = document.createElement('object');
e.data = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"object", "site":"same-origin"};
let expected = {"dest":"object", "site":"same-origin", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand All @@ -32,7 +32,7 @@
let e = document.createElement('object');
e.data = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"object", "site":"same-site"};
let expected = {"dest":"object", "site":"same-site", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand All @@ -51,7 +51,7 @@
let e = document.createElement('object');
e.data = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
e.onload = e => {
let expected = {"destination":"object", "site":"cross-site"};
let expected = {"dest":"object", "site":"cross-site", "user":"?F"};
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
Expand Down
6 changes: 3 additions & 3 deletions ...b-platform/tests/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html
View file
Expand Up @@ -12,7 +12,7 @@

let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
Expand All @@ -38,7 +38,7 @@

let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
Expand All @@ -64,7 +64,7 @@

let e = document.createElement('img');
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
Expand Down
2 changes: 1 addition & 1 deletion ...m/tests/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html
View file
Expand Up @@ -14,7 +14,7 @@
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// cross-site
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
let expected = {"destination":"image", "site":"cross-site"};
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand Down
2 changes: 1 addition & 1 deletion ...rm/tests/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html
View file
Expand Up @@ -14,7 +14,7 @@
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
"https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-site
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
let expected = {"destination":"image", "site":"same-site"};
let expected = {"dest":"image", "site":"same-site", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand Down
6 changes: 3 additions & 3 deletions ...-platform/tests/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html
View file
Expand Up @@ -12,7 +12,7 @@

let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-origin"};
let expected = {"dest":"image", "site":"same-origin", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand All @@ -39,7 +39,7 @@

let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-site"};
let expected = {"dest":"image", "site":"same-site", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand All @@ -66,7 +66,7 @@

let e = document.createElement('img');
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand Down
6 changes: 3 additions & 3 deletions ...eb-platform/tests/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html
View file
Expand Up @@ -12,7 +12,7 @@

let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-site"};
let expected = {"dest":"image", "site":"same-site", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand All @@ -39,7 +39,7 @@

let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"same-site"};
let expected = {"dest":"image", "site":"same-site", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand All @@ -66,7 +66,7 @@

let e = document.createElement('img');
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
let expected = {"destination":"image", "site":"cross-site"};
let expected = {"dest":"image", "site":"cross-site", "user":"?F"};

e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
Expand Down
6 changes: 3 additions & 3 deletions testing/web-platform/tests/fetch/sec-metadata/report.tentative.https.sub.html
View file
Expand Up @@ -22,9 +22,9 @@
document.addEventListener("securitypolicyviolation", (e) => {
counter++;
if (counter == 3) {
generate_test({"destination":"report", "site":"same-origin"}, "same-origin");
generate_test({"destination":"report", "site":"same-site"}, "same-site");
generate_test({"destination":"report", "site":"cross-site"}, "cross-site");
generate_test({"dest":"report", "site":"same-origin", "user":"?F"}, "same-origin");
generate_test({"dest":"report", "site":"same-site", "user":"?F"}, "same-site");
generate_test({"dest":"report", "site":"cross-site", "user":"?F"}, "cross-site");
}
});
}, "Initialization.");
Expand Down
7 changes: 6 additions & 1 deletion testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-json.py
View file
Expand Up @@ -8,5 +8,10 @@ def main(request, response):
headers.append(("Access-Control-Allow-Origin", request.headers["origin"]))


body = json.dumps({ "header": request.headers.get("sec-metadata", "") })
body = json.dumps({
"dest": request.headers.get("sec-fetch-dest", ""),
"mode": request.headers.get("sec-fetch-mode", ""),
"site": request.headers.get("sec-fetch-site", ""),
"user": request.headers.get("sec-fetch-user", ""),
})
return headers, body
7 changes: 6 additions & 1 deletion testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-script.py
View file
Expand Up @@ -3,6 +3,11 @@
def main(request, response):
headers = [("Content-Type", "text/javascript")]

body = "var header = %s;" % json.dumps(request.headers.get("sec-metadata", ""));
body = "var header = %s;" % json.dumps({
"dest": request.headers.get("sec-fetch-dest", ""),
"mode": request.headers.get("sec-fetch-mode", ""),
"site": request.headers.get("sec-fetch-site", ""),
"user": request.headers.get("sec-fetch-user", ""),
});

return headers, body
25 changes: 9 additions & 16 deletions testing/web-platform/tests/fetch/sec-metadata/resources/helper.js
View file
@@ -1,18 +1,11 @@
function parse_metadata(value) {
let result = {};
value.split(',').forEach(item => {
let parsed = item.trim().split('=');
result[parsed[0]] = parsed[1];
});
return result;
}

function assert_header_equals(value, expected) {
// check that the returned value is an object, not a String
assert_not_equals(value, "", "Empty Sec-Metadata header.");
let result = parse_metadata(value);
assert_equals(result.cause, expected.cause, "cause");
assert_equals(result.destination, expected.destination, "destination");
assert_equals(result.target, expected.target, "target");
assert_equals(result.site, expected.site, "site");
if (typeof(value) === "string"){
assert_not_equals(value, "No header has been recorded");
value = JSON.parse(value);
}
assert_equals(value.dest, expected.dest, "dest");
// Mode is commented out as no test cases have been filled out yet
// assert_equals(value.mode, expected.mode, "mode");
assert_equals(value.site, expected.site, "site");
assert_equals(value.user, expected.user, "user");
}

0 comments on commit 6fefac1

Please sign in to comment.