Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 00:25:37 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge 0b032f7b4b into 7439fa18d3

Browse source
This commit is contained in:
Tim van der Lippe 2025-06-03 16:24:03 -05:00 committed by GitHub
commit 05649907ff
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
57 changed files with 511 additions and 542 deletions
Download patch file Download diff file Expand all files Collapse all files

2
components/net/http_loader.rs
View file

@ -2564,7 +2564,7 @@ fn set_the_sec_fetch_site_header(r: &mut Request) {
header = SecFetchSite::CrossSite;
// Step 5.3 If rs origin is not same site with urls origin, then break.
if is_same_site(request_origin, &url.origin()) {
if !is_same_site(request_origin, &url.origin()) {
break;
}

37
components/net/tests/http_loader.rs
View file

@ -31,8 +31,6 @@ use http::{HeaderName, Method, StatusCode};
use http_body_util::combinators::BoxBody;
use hyper::body::{Body, Bytes, Incoming};
use hyper::{Request as HyperRequest, Response as HyperResponse};
use ipc_channel::ipc::{self, IpcSharedMemory};
use ipc_channel::router::ROUTER;
use net::cookie::ServoCookie;
use net::cookie_storage::CookieStorage;
use net::fetch::methods::{self};
@ -41,8 +39,8 @@ use net::resource_thread::AuthCacheEntry;
use net::test::{DECODER_BUFFER_SIZE, replace_host_table};
use net_traits::http_status::HttpStatus;
use net_traits::request::{
BodyChunkRequest, BodyChunkResponse, BodySource, CredentialsMode, Destination, Referrer,
Request, RequestBody, RequestBuilder, RequestMode,
CredentialsMode, Destination, Referrer, Request, RequestBuilder, RequestMode,
create_request_body_with_content,
};
use net_traits::response::{Response, ResponseBody};
use net_traits::{CookieSource, FetchTaskTarget, NetworkError, ReferrerPolicy};
@ -100,24 +98,6 @@ pub fn expect_devtools_http_response(
}
}
fn create_request_body_with_content(content: IpcSharedMemory) -> RequestBody {
let content_len = content.len();
let (chunk_request_sender, chunk_request_receiver) = ipc::channel().unwrap();
ROUTER.add_typed_route(
chunk_request_receiver,
Box::new(move |message| {
let request = message.unwrap();
if let BodyChunkRequest::Connect(sender) = request {
let _ = sender.send(BodyChunkResponse::Chunk(content.clone()));
let _ = sender.send(BodyChunkResponse::Done);
}
}),
);
RequestBody::new(chunk_request_sender, BodySource::Object, Some(content_len))
}
#[test]
fn test_check_default_headers_loaded_in_every_request() {
let expected_headers = Arc::new(Mutex::new(None));
@ -591,8 +571,8 @@ fn test_load_doesnt_send_request_body_on_any_redirect() {
};
let (pre_server, pre_url) = make_server(pre_handler);
let content = b"Body on POST!";
let request_body = create_request_body_with_content(IpcSharedMemory::from_bytes(content));
let content = "Body on POST!";
let request_body = create_request_body_with_content(content);
let request = RequestBuilder::new(None, pre_url.clone(), Referrer::NoReferrer)
.body(Some(request_body))
@ -891,20 +871,21 @@ fn test_when_cookie_received_marked_secure_is_ignored_for_http() {
#[test]
fn test_load_sets_content_length_to_length_of_request_body() {
let content = b"This is a request body";
let content = "This is a request body";
let content_bytes = content.as_bytes();
let handler =
move |request: HyperRequest<Incoming>,
response: &mut HyperResponse<BoxBody<Bytes, hyper::Error>>| {
let content_length = ContentLength(content.len() as u64);
let content_length = ContentLength(content_bytes.len() as u64);
assert_eq!(
request.headers().typed_get::<ContentLength>(),
Some(content_length)
);
*response.body_mut() = make_body(content.to_vec());
*response.body_mut() = make_body(content_bytes.to_vec());
};
let (server, url) = make_server(handler);
let request_body = create_request_body_with_content(IpcSharedMemory::from_bytes(content));
let request_body = create_request_body_with_content(content);
let request = RequestBuilder::new(None, url.clone(), Referrer::NoReferrer)
.method(Method::POST)

3
components/script/dom/globalscope.rs
View file

@ -3501,7 +3501,8 @@ impl GlobalScope {
Some(event_target) => Trusted::new(event_target.upcast()),
};
// Step 3: Queue a task to run the following steps:
let task = CSPViolationReportTask::new(Trusted::new(self), target, report);
let task =
CSPViolationReportTask::new(Trusted::new(self), target, report, violation.policy);
self.task_manager()
.dom_manipulation_task_source()
.queue(task);

271
components/script/security_manager.rs
View file

@ -2,7 +2,16 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
use net_traits::request::Referrer;
use std::sync::{Arc, Mutex};
use content_security_policy as csp;
use headers::{ContentType, HeaderMap, HeaderMapExt};
use net_traits::request::{
CredentialsMode, Referrer, RequestBody, RequestId, create_request_body_with_content,
};
use net_traits::{
FetchMetadata, FetchResponseListener, NetworkError, ResourceFetchTiming, ResourceTimingType,
};
use serde::Serialize;
use servo_url::ServoUrl;
use stylo_atoms::Atom;
@ -14,10 +23,14 @@ use crate::dom::bindings::codegen::Bindings::SecurityPolicyViolationEventBinding
};
use crate::dom::bindings::inheritance::Castable;
use crate::dom::bindings::refcounted::Trusted;
use crate::dom::bindings::root::DomRoot;
use crate::dom::event::{Event, EventBubbles, EventCancelable, EventComposed};
use crate::dom::eventtarget::EventTarget;
use crate::dom::performanceresourcetiming::InitiatorType;
use crate::dom::securitypolicyviolationevent::SecurityPolicyViolationEvent;
use crate::dom::types::GlobalScope;
use crate::fetch::create_a_potential_cors_request;
use crate::network_listener::{PreInvoke, ResourceTimingListener, submit_timing};
use crate::script_runtime::CanGc;
use crate::task::TaskOnce;
@ -25,9 +38,10 @@ pub(crate) struct CSPViolationReportTask {
global: Trusted<GlobalScope>,
event_target: Trusted<EventTarget>,
violation_report: SecurityPolicyViolationReport,
violation_policy: csp::Policy,
}
#[derive(Debug, Serialize)]
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub(crate) struct SecurityPolicyViolationReport {
sample: Option<String>,
@ -47,6 +61,30 @@ pub(crate) struct SecurityPolicyViolationReport {
disposition: SecurityPolicyViolationEventDisposition,
}
#[derive(Serialize)]
#[serde(rename_all = "kebab-case")]
struct CSPReportUriViolationReportBody {
document_uri: String,
referrer: String,
blocked_uri: String,
effective_directive: String,
violated_directive: String,
original_policy: String,
#[serde(serialize_with = "serialize_disposition")]
disposition: SecurityPolicyViolationEventDisposition,
status_code: u16,
script_sample: Option<String>,
source_file: Option<String>,
line_number: Option<u32>,
column_number: Option<u32>,
}
#[derive(Serialize)]
#[serde(rename_all = "kebab-case")]
struct CSPReportUriViolationReport {
csp_report: CSPReportUriViolationReportBody,
}
#[derive(Default)]
pub(crate) struct CSPViolationReportBuilder {
pub report_only: bool,
@ -114,36 +152,19 @@ impl CSPViolationReportBuilder {
self
}
/// <https://w3c.github.io/webappsec-csp/#strip-url-for-use-in-reports>
fn strip_url_for_reports(&self, mut url: ServoUrl) -> String {
let scheme = url.scheme();
// > Step 1: If urls scheme is not an HTTP(S) scheme, then return urls scheme.
if scheme != "https" && scheme != "http" {
return scheme.to_owned();
}
// > Step 2: Set urls fragment to the empty string.
url.set_fragment(None);
// > Step 3: Set urls username to the empty string.
let _ = url.set_username("");
// > Step 4: Set urls password to the empty string.
let _ = url.set_password(None);
// > Step 5: Return the result of executing the URL serializer on url.
url.into_string()
}
pub fn build(self, global: &GlobalScope) -> SecurityPolicyViolationReport {
SecurityPolicyViolationReport {
violated_directive: self.effective_directive.clone(),
effective_directive: self.effective_directive.clone(),
document_url: self.strip_url_for_reports(global.get_url()),
document_url: strip_url_for_reports(global.get_url()),
disposition: match self.report_only {
true => SecurityPolicyViolationEventDisposition::Report,
false => SecurityPolicyViolationEventDisposition::Enforce,
},
// https://w3c.github.io/webappsec-csp/#violation-referrer
referrer: match global.get_referrer() {
Referrer::Client(url) => self.strip_url_for_reports(url),
Referrer::ReferrerUrl(url) => self.strip_url_for_reports(url),
Referrer::Client(url) => strip_url_for_reports(url),
Referrer::ReferrerUrl(url) => strip_url_for_reports(url),
_ => "".to_owned(),
},
sample: self.sample,
@ -162,22 +183,24 @@ impl CSPViolationReportTask {
global: Trusted<GlobalScope>,
event_target: Trusted<EventTarget>,
violation_report: SecurityPolicyViolationReport,
violation_policy: csp::Policy,
) -> CSPViolationReportTask {
CSPViolationReportTask {
global,
event_target,
violation_report,
violation_policy,
}
}
fn fire_violation_event(self, can_gc: CanGc) {
fn fire_violation_event(&self, can_gc: CanGc) {
let event = SecurityPolicyViolationEvent::new(
&self.global.root(),
Atom::from("securitypolicyviolation"),
EventBubbles::Bubbles,
EventCancelable::Cancelable,
EventComposed::Composed,
&self.violation_report.convert(),
&self.violation_report.clone().convert(),
can_gc,
);
@ -185,6 +208,72 @@ impl CSPViolationReportTask {
.upcast::<Event>()
.fire(&self.event_target.root(), can_gc);
}
/// <https://www.w3.org/TR/CSP/#deprecated-serialize-violation>
fn serialize_violation(&self) -> Option<RequestBody> {
let report_body = CSPReportUriViolationReport {
// Steps 1-3.
csp_report: self.violation_report.clone().into(),
};
// Step 4. Return the result of serialize an infra value to JSON bytes given «[ "csp-report" → body ]».
Some(create_request_body_with_content(
&serde_json::to_string(&report_body).unwrap_or("".to_owned()),
))
}
/// Step 3.4 of <https://www.w3.org/TR/CSP/#report-violation>
fn post_csp_violation_to_report_uri(&self, report_uri_directive: &csp::Directive) {
let global = self.global.root();
// Step 3.4.1. If violations policys directive set contains a directive named
// "report-to", skip the remaining substeps.
if self
.violation_policy
.contains_a_directive_whose_name_is("report-to")
{
return;
}
// Step 3.4.2. For each token of directives value:
for token in &report_uri_directive.value {
// Step 3.4.2.1. Let endpoint be the result of executing the URL parser with token as the input,
// and violations url as the base URL.
let Ok(endpoint) = ServoUrl::parse_with_base(Some(&global.get_url()), token) else {
// Step 3.4.2.2. If endpoint is not a valid URL, skip the remaining substeps.
continue;
};
// Step 3.4.2.3. Let request be a new request, initialized as follows:
let mut headers = HeaderMap::with_capacity(1);
headers.typed_insert(ContentType::from(
"application/csp-report".parse::<mime::Mime>().unwrap(),
));
let request_body = self.serialize_violation();
let request = create_a_potential_cors_request(
None,
endpoint.clone(),
csp::Destination::Report,
None,
None,
global.get_referrer(),
global.insecure_requests_policy(),
global.has_trustworthy_ancestor_or_current_origin(),
global.policy_container(),
)
.method(http::Method::POST)
.body(request_body)
.origin(global.origin().immutable().clone())
.credentials_mode(CredentialsMode::CredentialsSameOrigin)
.headers(headers);
// Step 3.4.2.4. Fetch request. The result will be ignored.
global.fetch(
request,
Arc::new(Mutex::new(CSPReportUriFetchListener {
endpoint,
global: Trusted::new(&global),
resource_timing: ResourceFetchTiming::new(ResourceTimingType::None),
})),
global.task_manager().networking_task_source().into(),
);
}
}
}
/// Corresponds to the operation in 5.5 Report Violation
@ -196,7 +285,15 @@ impl TaskOnce for CSPViolationReportTask {
// > that uses the SecurityPolicyViolationEvent interface
// > at target with its attributes initialized as follows:
self.fire_violation_event(CanGc::note());
// TODO: Support `report-to` directive that corresponds to 5.5.3.5.
// Step 3.4. If violations policys directive set contains a directive named "report-uri" directive:
if let Some(report_uri_directive) = self
.violation_policy
.directive_set
.iter()
.find(|directive| directive.name == "report-uri")
{
self.post_csp_violation_to_report_uri(report_uri_directive);
}
}
}
@ -220,6 +317,62 @@ impl Convert<SecurityPolicyViolationEventInit> for SecurityPolicyViolationReport
}
}
/// <https://www.w3.org/TR/CSP/#deprecated-serialize-violation>
impl From<SecurityPolicyViolationReport> for CSPReportUriViolationReportBody {
fn from(value: SecurityPolicyViolationReport) -> Self {
// Step 1. Let body be a map with its keys initialized as follows:
let mut converted = Self {
document_uri: value.document_url,
referrer: value.referrer,
blocked_uri: value.blocked_url,
effective_directive: value.effective_directive,
violated_directive: value.violated_directive,
original_policy: value.original_policy,
disposition: value.disposition,
status_code: value.status_code,
script_sample: None,
source_file: None,
line_number: None,
column_number: None,
};
// Step 2. If violations source file is not null:
if !value.source_file.is_empty() {
// Step 2.1. Set body["source-file'] to the result of
// executing §5.4 Strip URL for use in reports on violations source file.
converted.source_file = ServoUrl::parse(&value.source_file)
.map(strip_url_for_reports)
.ok();
// Step 2.2. Set body["line-number"] to violations line number.
converted.line_number = Some(value.line_number);
// Step 2.3. Set body["column-number"] to violations column number.
converted.column_number = Some(value.column_number);
}
// Step 3. Assert: If body["blocked-uri"] is not "inline", then body["sample"] is the empty string.
debug_assert!(converted.blocked_uri == "inline" || converted.script_sample.is_none());
converted
}
}
/// <https://w3c.github.io/webappsec-csp/#strip-url-for-use-in-reports>
fn strip_url_for_reports(mut url: ServoUrl) -> String {
let scheme = url.scheme();
// > Step 1: If urls scheme is not an HTTP(S) scheme, then return urls scheme.
if scheme != "https" && scheme != "http" {
return scheme.to_owned();
}
// > Step 2: Set urls fragment to the empty string.
url.set_fragment(None);
// > Step 3: Set urls username to the empty string.
let _ = url.set_username("");
// > Step 4: Set urls password to the empty string.
let _ = url.set_password(None);
// > Step 5: Return the result of executing the URL serializer on url.
url.into_string()
}
fn serialize_disposition<S: serde::Serializer>(
val: &SecurityPolicyViolationEventDisposition,
serializer: S,
@ -229,3 +382,71 @@ fn serialize_disposition<S: serde::Serializer>(
SecurityPolicyViolationEventDisposition::Enforce => serializer.serialize_str("enforce"),
}
}
struct CSPReportUriFetchListener {
/// Endpoint URL of this request.
endpoint: ServoUrl,
/// Timing data for this resource.
resource_timing: ResourceFetchTiming,
/// The global object fetching the report uri violation
global: Trusted<GlobalScope>,
}
impl FetchResponseListener for CSPReportUriFetchListener {
fn process_request_body(&mut self, _: RequestId) {}
fn process_request_eof(&mut self, _: RequestId) {}
fn process_response(
&mut self,
_: RequestId,
fetch_metadata: Result<FetchMetadata, NetworkError>,
) {
_ = fetch_metadata;
}
fn process_response_chunk(&mut self, _: RequestId, chunk: Vec<u8>) {
_ = chunk;
}
fn process_response_eof(
&mut self,
_: RequestId,
response: Result<ResourceFetchTiming, NetworkError>,
) {
_ = response;
}
fn resource_timing_mut(&mut self) -> &mut ResourceFetchTiming {
&mut self.resource_timing
}
fn resource_timing(&self) -> &ResourceFetchTiming {
&self.resource_timing
}
fn submit_resource_timing(&mut self) {
submit_timing(self, CanGc::note())
}
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
let global = &self.resource_timing_global();
global.report_csp_violations(violations, None);
}
}
impl ResourceTimingListener for CSPReportUriFetchListener {
fn resource_timing_information(&self) -> (InitiatorType, ServoUrl) {
(InitiatorType::Other, self.endpoint.clone())
}
fn resource_timing_global(&self) -> DomRoot<GlobalScope> {
self.global.root()
}
}
impl PreInvoke for CSPReportUriFetchListener {
fn should_invoke(&self) -> bool {
true
}
}

20
components/shared/net/request.rs
View file

@ -9,6 +9,7 @@ use content_security_policy::{self as csp};
use http::header::{AUTHORIZATION, HeaderName};
use http::{HeaderMap, Method};
use ipc_channel::ipc::{self, IpcReceiver, IpcSender, IpcSharedMemory};
use ipc_channel::router::ROUTER;
use malloc_size_of_derive::MallocSizeOf;
use mime::Mime;
use serde::{Deserialize, Serialize};
@ -925,3 +926,22 @@ pub fn convert_header_names_to_sorted_lowercase_set(
ordered_set.dedup();
ordered_set.into_iter().cloned().collect()
}
pub fn create_request_body_with_content(content: &str) -> RequestBody {
let content_bytes = IpcSharedMemory::from_bytes(content.as_bytes());
let content_len = content_bytes.len();
let (chunk_request_sender, chunk_request_receiver) = ipc::channel().unwrap();
ROUTER.add_typed_route(
chunk_request_receiver,
Box::new(move |message| {
let request = message.unwrap();
if let BodyChunkRequest::Connect(sender) = request {
let _ = sender.send(BodyChunkResponse::Chunk(content_bytes.clone()));
let _ = sender.send(BodyChunkResponse::Done);
}
}),
);
RequestBody::new(chunk_request_sender, BodySource::Object, Some(content_len))
}

3
tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-does-not-respect-base-uri.sub.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini vendored
View file

@ -1,7 +1,4 @@
[dedicatedworker-connect-src.html]
[Reports match in http: with connect-src 'self']
expected: FAIL
[Cross-origin 'fetch()' in blob: with connect-src 'self']
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-and-enforce.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-and-enforce.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-blocked-data-uri.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-blocked-uri-cross-origin.sub.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-blocked-uri.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-blocked-uri.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-cross-origin-no-cookies.sub.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-original-url.sub.html]
[Violation report status OK.]
expected: FAIL

4
tests/wpt/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini vendored
View file

@ -1,4 +0,0 @@
[report-preload-and-consume.https.html]
expected: TIMEOUT
[Reporting endpoints received credentials.]
expected: TIMEOUT

6
tests/wpt/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini vendored
View file

@ -1,6 +0,0 @@
[report-same-origin-with-cookies.html]
[Violation report status OK.]
expected: FAIL
[Test report cookies.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-effective-directive.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-from-child-frame.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-from-inline-javascript.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-from-javascript.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-multiple-reversed.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-uri-multiple.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-multiple.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini vendored
View file

@ -1,3 +0,0 @@
[report-uri-scheme-relative.html]
[Violation report status OK.]
expected: FAIL

4
tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini vendored
View file

@ -1,10 +1,10 @@
[fetch-preflight.https.sub.any.html]
[Cross-site fetch with preflight: sec-fetch-site]
[Same-site fetch with preflight: sec-fetch-site]
expected: FAIL
[fetch-preflight.https.sub.any.worker.html]
[Cross-site fetch with preflight: sec-fetch-site]
[Same-site fetch with preflight: sec-fetch-site]
expected: FAIL

4
tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini vendored
View file

@ -1,10 +1,10 @@
[fetch.https.sub.any.html]
[Cross-site fetch: sec-fetch-site]
[Same-site fetch: sec-fetch-site]
expected: FAIL
[fetch.https.sub.any.worker.html]
[Cross-site fetch: sec-fetch-site]
[Same-site fetch: sec-fetch-site]
expected: FAIL

6
tests/wpt/meta/fetch/metadata/generated/css-font-face.https.sub.tentative.html.ini vendored
View file

@ -44,14 +44,8 @@
[sec-fetch-mode]
expected: FAIL
[sec-fetch-dest]
expected: FAIL
[sec-fetch-storage-access - Same site]
expected: FAIL
[sec-fetch-storage-access - Cross-site]
expected: FAIL
[sec-fetch-user]
expected: FAIL

6
tests/wpt/meta/fetch/metadata/generated/css-font-face.sub.tentative.html.ini vendored
View file

@ -44,11 +44,5 @@
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: [FAIL, PASS]
[sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination]
expected: FAIL
[sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination]
expected: FAIL
[sec-fetch-storage-access - Not sent to non-trustworthy same-site destination]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade - no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade - no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent) - no attributes]
expected: FAIL

39
tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini vendored
View file

@ -1,27 +1,18 @@
[element-audio.https.sub.html]
[sec-fetch-site - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-storage-access - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - Same site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site, no attributes]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade, no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent), no attributes]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent)]
expected: FAIL

75
tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini vendored
View file

@ -1,51 +1,36 @@
[element-img.https.sub.html]
[sec-fetch-site - src - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - src - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - src - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - src - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - src - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - src - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - src - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-storage-access - src - Cross-site, no attributes]
expected: FAIL
[sec-fetch-storage-access - srcset - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - src - Same site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same site, no attributes]
expected: FAIL
[sec-fetch-site - src - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - src - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - src - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - src - Same-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - srcset - Same-Site -> Same-Site, no attributes]
expected: FAIL

6
tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini vendored
View file

@ -5,12 +5,6 @@
[sec-fetch-site - srcset - HTTPS upgrade, no attributes]
expected: FAIL
[sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - srcset - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - src - HTTPS downgrade (header not sent), no attributes]
expected: FAIL

36
tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini vendored
View file

@ -1,25 +1,4 @@
[element-link-prefetch.https.optional.sub.html]
[sec-fetch-site - Cross-site no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site no attributes]
expected: FAIL
[sec-fetch-dest attributes: as=audio]
expected: FAIL
@ -58,3 +37,18 @@
[sec-fetch-storage-access - Cross-site no attributes]
expected: FAIL
[sec-fetch-site - Same site no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site no attributes]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent) no attributes]
expected: FAIL

27
tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini vendored
View file

@ -5,29 +5,20 @@
[sec-fetch-site - Same site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL
[sec-fetch-user]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent)]
expected: FAIL

108
tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini vendored
View file

@ -1,67 +1,4 @@
[element-picture.https.sub.html]
[sec-fetch-site - img[src\] - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-storage-access - img[src\] - Cross-site, no attributes]
expected: FAIL
@ -70,3 +7,48 @@
[sec-fetch-storage-access - source[srcset\] - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same site, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - Same-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - Same-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - Same-Site -> Same-Site, no attributes]
expected: FAIL

9
tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini vendored
View file

@ -8,15 +8,6 @@
[sec-fetch-site - source[srcset\] - HTTPS upgrade, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - img[srcset\] - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - source[srcset\] - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - img[src\] - HTTPS downgrade (header not sent), no attributes]
expected: FAIL

72
tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini vendored
View file

@ -1,45 +1,33 @@
[element-script.https.sub.html]
[sec-fetch-site - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - Cross-site, attributes: type=module]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, attributes: type=module]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin, attributes: type=module]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site, attributes: type=module]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site, attributes: type=module]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site, attributes: type=module]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site, attributes: type=module]
expected: FAIL
[sec-fetch-storage-access - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - Same site, no attributes]
expected: FAIL
[sec-fetch-site - Same site, attributes: type=module]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, attributes: type=module]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site, attributes: type=module]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin, attributes: type=module]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site, attributes: type=module]
expected: FAIL

6
tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini vendored
View file

@ -5,12 +5,6 @@
[sec-fetch-site - HTTPS upgrade, attributes: type=module]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade, attributes: type=module]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent), no attributes]
expected: FAIL

39
tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini vendored
View file

@ -1,27 +1,18 @@
[element-video.https.sub.html]
[sec-fetch-site - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site, no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-storage-access - Cross-site, no attributes]
expected: FAIL
[sec-fetch-site - Same site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin, no attributes]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site, no attributes]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade, no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade, no attributes]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent), no attributes]
expected: FAIL

36
tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini vendored
View file

@ -1,24 +1,18 @@
[fetch.https.sub.html]
[sec-fetch-site - Cross-site, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site, init: mode=no-cors]
expected: FAIL
[sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include]
expected: FAIL
[sec-fetch-site - Same site, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin, init: mode=no-cors]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site, init: mode=no-cors]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade, no init]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade, no init]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent), no init]
expected: FAIL

27
tests/wpt/meta/fetch/metadata/generated/header-refresh.https.optional.sub.html.ini vendored
View file

@ -5,29 +5,20 @@
[sec-fetch-site - Same site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL
[sec-fetch-user]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/header-refresh.optional.sub.html.ini vendored
View file

@ -4,6 +4,3 @@
[sec-fetch-site - HTTPS upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL

16
tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini vendored
View file

@ -1,21 +1,15 @@
[script-module-import-dynamic.https.sub.html]
[sec-fetch-site - Cross-site]
[sec-fetch-site - Same site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect]
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin]
[sec-fetch-site - Same-Origin -> Same-Site]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site]
[sec-fetch-site - Same-Site -> Same Origin]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site]
[sec-fetch-site - Same-Site -> Same-Site]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent)]
expected: FAIL

16
tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini vendored
View file

@ -1,21 +1,15 @@
[script-module-import-static.https.sub.html]
[sec-fetch-site - Cross-site]
[sec-fetch-site - Same site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect]
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin]
[sec-fetch-site - Same-Origin -> Same-Site]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site]
[sec-fetch-site - Same-Site -> Same Origin]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site]
[sec-fetch-site - Same-Site -> Same-Site]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent)]
expected: FAIL

12
tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini vendored
View file

@ -11,18 +11,6 @@
[sec-fetch-site - HTTPS upgrade - location.replace]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade - location]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade - location.href]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade - location.assign]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade - location.replace]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent) - location]
expected: FAIL

36
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini vendored
View file

@ -1,24 +1,18 @@
[worker-dedicated-importscripts.https.sub.html]
[sec-fetch-site - Cross-site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same Origin]
expected: FAIL
[sec-fetch-site - Cross-Site -> Same-Site]
expected: FAIL
[sec-fetch-site - Cross-Site -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Cross-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Cross-Site]
expected: FAIL
[sec-fetch-storage-access - Cross-site]
expected: FAIL
[sec-fetch-site - Same site]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect]
expected: FAIL
[sec-fetch-site - Same-Origin -> Same-Site]
expected: FAIL
[sec-fetch-site - Same-Site -> Same Origin]
expected: FAIL
[sec-fetch-site - Same-Site -> Same-Site]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini vendored
View file

@ -2,8 +2,5 @@
[sec-fetch-site - HTTPS upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade-upgrade]
expected: FAIL
[sec-fetch-site - HTTPS downgrade (header not sent)]
expected: FAIL

36
tests/wpt/meta/fetch/metadata/preload.https.sub.html.ini vendored
View file

@ -1,27 +1,27 @@
[preload.https.sub.html]
[preload fetch www.not-web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload image www.not-web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload style www.not-web-platform.test:8443: sec-fetch-dest]
expected: FAIL
[preload style www.not-web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload font www.not-web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload script www.not-web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload track www.not-web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload style www.web-platform.test:8443: sec-fetch-dest]
expected: FAIL
[preload style web-platform.test:8443: sec-fetch-dest]
expected: FAIL
[preload font www.web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload image www.web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload fetch www.web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload track www.web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload script www.web-platform.test:8443: sec-fetch-site]
expected: FAIL
[preload style www.web-platform.test:8443: sec-fetch-site]
expected: FAIL

3
tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini vendored
View file

@ -21,9 +21,6 @@
[Https downgrade-upgrade script => No headers: sec-fetch-mode]
expected: FAIL
[Https downgrade-upgrade top level navigation: sec-fetch-site]
expected: FAIL
[Https downgrade-upgrade stylesheet]
expected: NOTRUN

11
tests/wpt/meta/fetch/metadata/report.https.sub.html.ini vendored
View file

@ -1,10 +1,3 @@
[report.https.sub.html]
expected: ERROR
[same-origin report]
expected: TIMEOUT
[same-site report]
expected: TIMEOUT
[cross-site report]
expected: TIMEOUT
[same-site report: sec-fetch-site]
expected: FAIL

2
tests/wpt/meta/fetch/metadata/style.https.sub.html.ini vendored
View file

@ -1,3 +1,3 @@
[style.https.sub.html]
[Cross-Site style: sec-fetch-site]
[Same-Site style: sec-fetch-site]
expected: FAIL