From 62c1575e9cc7f849ffa0135e9f6c92855aa81f6a Mon Sep 17 00:00:00 2001 From: Tim van der Lippe Date: Thu, 5 Jun 2025 21:17:39 +0200 Subject: [PATCH] Fix Sec-Fetch-Site header While working on #37209 I discovered that the header was computed incorrectly. After carefully reading the specification, I realized that the link in the spec was wrong and we were missing the fact that for host-domains, we should operate on the registrable domain. Additionally, the same-site call was missing the negation. Signed-off-by: Tim van der Lippe --- components/net/http_loader.rs | 16 +++-- components/net/tests/http_loader.rs | 2 +- .../fetch-preflight.https.sub.any.js.ini | 6 -- .../fetch/metadata/fetch.https.sub.any.js.ini | 6 -- .../css-font-face.sub.tentative.html.ini | 3 - .../metadata/generated/element-a.sub.html.ini | 3 - .../element-audio.https.sub.html.ini | 24 ------- .../generated/element-audio.sub.html.ini | 3 - .../generated/element-iframe.sub.html.ini | 3 - .../generated/element-img.https.sub.html.ini | 45 ------------- .../generated/element-img.sub.html.ini | 6 -- ...-link-prefetch.https.optional.sub.html.ini | 21 ------- ...lement-link-prefetch.optional.sub.html.ini | 3 - ...t-meta-refresh.https.optional.sub.html.ini | 27 +++----- ...element-meta-refresh.optional.sub.html.ini | 3 - .../element-picture.https.sub.html.ini | 63 ------------------- .../generated/element-picture.sub.html.ini | 9 --- .../element-script.https.sub.html.ini | 48 ++------------ .../generated/element-script.sub.html.ini | 6 -- .../element-video.https.sub.html.ini | 24 ------- .../generated/element-video.sub.html.ini | 3 - .../generated/fetch.https.sub.html.ini | 21 ------- .../metadata/generated/fetch.sub.html.ini | 3 - ...header-refresh.https.optional.sub.html.ini | 27 +++----- .../header-refresh.optional.sub.html.ini | 3 - ...t-module-import-dynamic.https.sub.html.ini | 19 +----- .../script-module-import-dynamic.sub.html.ini | 3 - ...pt-module-import-static.https.sub.html.ini | 19 +----- .../script-module-import-static.sub.html.ini | 3 - .../serviceworker.https.sub.html.ini | 3 - .../generated/window-location.sub.html.ini | 12 ---- ...dedicated-importscripts.https.sub.html.ini | 21 ------- ...orker-dedicated-importscripts.sub.html.ini | 3 - .../fetch/metadata/preload.https.sub.html.ini | 18 ------ ...irect-https-downgrade-upgrade.sub.html.ini | 3 - .../fetch/metadata/style.https.sub.html.ini | 3 - 36 files changed, 41 insertions(+), 444 deletions(-) delete mode 100644 tests/wpt/meta/fetch/metadata/style.https.sub.html.ini diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 704901f6940..3e6c2bc0695 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -59,7 +59,7 @@ use net_traits::{ use profile_traits::mem::{Report, ReportKind}; use profile_traits::path; use servo_arc::Arc; -use servo_url::{ImmutableOrigin, ServoUrl}; +use servo_url::{Host, ImmutableOrigin, ServoUrl}; use tokio::sync::mpsc::{ Receiver as TokioReceiver, Sender as TokioSender, UnboundedReceiver, UnboundedSender, channel, unbounded_channel, @@ -223,8 +223,11 @@ fn strict_origin_when_cross_origin( strip_url_for_use_as_referrer(referrer_url, true) } -/// +/// fn is_same_site(site_a: &ImmutableOrigin, site_b: &ImmutableOrigin) -> bool { + // First steps are for + // https://html.spec.whatwg.org/multipage/#concept-site-same-site + // // Step 1. If A and B are the same opaque origin, then return true. if !site_a.is_tuple() && !site_b.is_tuple() && site_a == site_b { return true; @@ -244,7 +247,12 @@ fn is_same_site(site_a: &ImmutableOrigin, site_b: &ImmutableOrigin) -> bool { } // Step 4. If A's and B's host values are not equal, then return false. - if host_a != host_b { + // Includes the steps of https://html.spec.whatwg.org/multipage/#obtain-a-site + if let (Host::Domain(domain_a), Host::Domain(domain_b)) = (host_a, host_b) { + if reg_suffix(domain_a) != reg_suffix(domain_b) { + return false; + } + } else if host_a != host_b { return false; } @@ -2564,7 +2572,7 @@ fn set_the_sec_fetch_site_header(r: &mut Request) { header = SecFetchSite::CrossSite; // Step 5.3 If r’s origin is not same site with url’s origin, then break. - if is_same_site(request_origin, &url.origin()) { + if !is_same_site(request_origin, &url.origin()) { break; } diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs index b1e90276472..3e3adcedda9 100644 --- a/components/net/tests/http_loader.rs +++ b/components/net/tests/http_loader.rs @@ -329,7 +329,7 @@ fn test_request_and_response_data_with_network_messages() { ); headers.insert( HeaderName::from_static("sec-fetch-site"), - HeaderValue::from_static("same-site"), + HeaderValue::from_static("cross-site"), ); headers.insert( HeaderName::from_static("sec-fetch-user"), diff --git a/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini b/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini index 0147b1bc84c..0fd181c4e4f 100644 --- a/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini +++ b/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini @@ -1,12 +1,6 @@ [fetch-preflight.https.sub.any.html] - [Cross-site fetch with preflight: sec-fetch-site] - expected: FAIL - [fetch-preflight.https.sub.any.worker.html] - [Cross-site fetch with preflight: sec-fetch-site] - expected: FAIL - [fetch-preflight.https.sub.any.serviceworker.html] expected: ERROR diff --git a/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini b/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini index 31cda1be01e..7b0e181e598 100644 --- a/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini +++ b/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini @@ -1,12 +1,6 @@ [fetch.https.sub.any.html] - [Cross-site fetch: sec-fetch-site] - expected: FAIL - [fetch.https.sub.any.worker.html] - [Cross-site fetch: sec-fetch-site] - expected: FAIL - [fetch.https.sub.any.sharedworker.html] expected: ERROR diff --git a/tests/wpt/meta/fetch/metadata/generated/css-font-face.sub.tentative.html.ini b/tests/wpt/meta/fetch/metadata/generated/css-font-face.sub.tentative.html.ini index af4a680bb7a..2254c59cae9 100644 --- a/tests/wpt/meta/fetch/metadata/generated/css-font-face.sub.tentative.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/css-font-face.sub.tentative.html.ini @@ -49,6 +49,3 @@ [sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination] expected: FAIL - - [sec-fetch-storage-access - Not sent to non-trustworthy same-site destination] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini index dd0b375d338..b54747a3ab9 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade - no attributes] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade - no attributes] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent) - no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini index 5ccc5d709f8..2cc17405639 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini @@ -1,27 +1,3 @@ [element-audio.https.sub.html] - [sec-fetch-site - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - [sec-fetch-storage-access - Cross-site, no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini index 7cc93481772..40b2df25c97 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade, no attributes] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent), no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini index b154a96d9de..5d39022eaf3 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent)] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini index a0fe191d526..fe36276121a 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini @@ -1,49 +1,4 @@ [element-img.https.sub.html] - [sec-fetch-site - src - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - src - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - src - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - src - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - src - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - src - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - src - Same-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - [sec-fetch-storage-access - src - Cross-site, no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini index cd58db1fdd2..55c8986421e 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini @@ -5,12 +5,6 @@ [sec-fetch-site - srcset - HTTPS upgrade, no attributes] expected: FAIL - [sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - [sec-fetch-site - src - HTTPS downgrade (header not sent), no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini index 2222dc3f7ec..a0e22dd5327 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini @@ -1,25 +1,4 @@ [element-link-prefetch.https.optional.sub.html] - [sec-fetch-site - Cross-site no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site no attributes] - expected: FAIL - [sec-fetch-dest attributes: as=audio] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini index b75a39a81a0..1c920517827 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade no attributes] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade no attributes] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent) no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini index 5bc9bb2c8cf..6aad04b68d1 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini @@ -5,29 +5,20 @@ [sec-fetch-site - Same site] expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site] - expected: FAIL - [sec-fetch-site - Cross-Site -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site] - expected: FAIL - [sec-fetch-site - Same-Site -> Same-Site] expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL - [sec-fetch-user] expected: FAIL + + [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] + expected: FAIL + + [sec-fetch-site - Same-Origin -> Same-Site] + expected: FAIL + + [sec-fetch-site - Same-Site -> Same Origin] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini index 6af80d8f7e8..67bfd020500 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent)] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini index ea347e106eb..18f6f472b28 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini @@ -1,67 +1,4 @@ [element-picture.https.sub.html] - [sec-fetch-site - img[src\] - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Same-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Site -> Cross-Site, no attributes] - expected: FAIL - [sec-fetch-storage-access - img[src\] - Cross-site, no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini index 3232ec358eb..a50427b8e81 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini @@ -8,15 +8,6 @@ [sec-fetch-site - source[srcset\] - HTTPS upgrade, no attributes] expected: FAIL - [sec-fetch-site - img[src\] - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - [sec-fetch-site - img[src\] - HTTPS downgrade (header not sent), no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini index 1d1e07b42e1..08caf1e7589 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini @@ -1,45 +1,9 @@ [element-script.https.sub.html] - [sec-fetch-site - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-site, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site, attributes: type=module] - expected: FAIL - [sec-fetch-storage-access - Cross-site, no attributes] expected: FAIL + + [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, attributes: type=module] + expected: FAIL + + [sec-fetch-site - Same-Site -> Same Origin, attributes: type=module] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini index ef877c37311..fc7764baeb0 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini @@ -5,12 +5,6 @@ [sec-fetch-site - HTTPS upgrade, attributes: type=module] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade, attributes: type=module] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent), no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini index 95d4ed00243..88ae1f1a99f 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini @@ -1,27 +1,3 @@ [element-video.https.sub.html] - [sec-fetch-site - Cross-site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site, no attributes] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - [sec-fetch-storage-access - Cross-site, no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini index 70d776ac203..2e8748d259b 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade, no attributes] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent), no attributes] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini index 7b9d1002ec9..661fc39d370 100644 --- a/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini @@ -1,24 +1,3 @@ [fetch.https.sub.html] - [sec-fetch-site - Cross-site, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site, init: mode=no-cors] - expected: FAIL - [sec-fetch-storage-access - Cross-site, init: mode=no-cors, credentials=include] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini index 339edb2c742..ac1516fe9e8 100644 --- a/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade, no init] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade, no init] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent), no init] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/header-refresh.https.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/header-refresh.https.optional.sub.html.ini index 35af8ed67c7..3038bb3f030 100644 --- a/tests/wpt/meta/fetch/metadata/generated/header-refresh.https.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/header-refresh.https.optional.sub.html.ini @@ -5,29 +5,20 @@ [sec-fetch-site - Same site] expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site] - expected: FAIL - [sec-fetch-site - Cross-Site -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site] - expected: FAIL - [sec-fetch-site - Same-Site -> Same-Site] expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL - [sec-fetch-user] expected: FAIL + + [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] + expected: FAIL + + [sec-fetch-site - Same-Origin -> Same-Site] + expected: FAIL + + [sec-fetch-site - Same-Site -> Same Origin] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/header-refresh.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/header-refresh.optional.sub.html.ini index 97d7fc206a3..2f3dc0399f8 100644 --- a/tests/wpt/meta/fetch/metadata/generated/header-refresh.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/header-refresh.optional.sub.html.ini @@ -4,6 +4,3 @@ [sec-fetch-site - HTTPS upgrade] expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini index 9da83749a21..453ee20f6ac 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini @@ -1,21 +1,6 @@ [script-module-import-dynamic.https.sub.html] - [sec-fetch-site - Cross-site] + [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site] + [sec-fetch-site - Same-Site -> Same Origin] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini index 318935e7f3d..397369ea8a6 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent)] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini index 27b82550f15..7e5e2177746 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini @@ -1,21 +1,6 @@ [script-module-import-static.https.sub.html] - [sec-fetch-site - Cross-site] + [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site] + [sec-fetch-site - Same-Site -> Same Origin] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini index bc7a5e2d884..61505aa5d8a 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent)] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/serviceworker.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/serviceworker.https.sub.html.ini index 107c1fb1a6c..b47a84ff066 100644 --- a/tests/wpt/meta/fetch/metadata/generated/serviceworker.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/serviceworker.https.sub.html.ini @@ -26,6 +26,3 @@ [sec-fetch-user - no options - updating] expected: NOTRUN - - [sec-fetch-site - Same origin, no options - registration] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini index 6643b0b2cc7..8aadf7218d7 100644 --- a/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini @@ -11,18 +11,6 @@ [sec-fetch-site - HTTPS upgrade - location.replace] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade - location] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade - location.href] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade - location.assign] - expected: FAIL - - [sec-fetch-site - HTTPS downgrade-upgrade - location.replace] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent) - location] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini index c1e2dd8e89c..e7ffb2ea232 100644 --- a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini @@ -1,24 +1,3 @@ [worker-dedicated-importscripts.https.sub.html] - [sec-fetch-site - Cross-site] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Same-Site] - expected: FAIL - - [sec-fetch-site - Cross-Site -> Cross-Site] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Cross-Site] - expected: FAIL - - [sec-fetch-site - Same-Site -> Cross-Site] - expected: FAIL - [sec-fetch-storage-access - Cross-site] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini index b5ee5020c7a..445be5fea02 100644 --- a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini @@ -2,8 +2,5 @@ [sec-fetch-site - HTTPS upgrade] expected: FAIL - [sec-fetch-site - HTTPS downgrade-upgrade] - expected: FAIL - [sec-fetch-site - HTTPS downgrade (header not sent)] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/preload.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/preload.https.sub.html.ini index 3f8cb0d64a7..abd3860c1e9 100644 --- a/tests/wpt/meta/fetch/metadata/preload.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/preload.https.sub.html.ini @@ -1,25 +1,7 @@ [preload.https.sub.html] - [preload fetch www.not-web-platform.test:8443: sec-fetch-site] - expected: FAIL - - [preload image www.not-web-platform.test:8443: sec-fetch-site] - expected: FAIL - [preload style www.not-web-platform.test:8443: sec-fetch-dest] expected: FAIL - [preload style www.not-web-platform.test:8443: sec-fetch-site] - expected: FAIL - - [preload font www.not-web-platform.test:8443: sec-fetch-site] - expected: FAIL - - [preload script www.not-web-platform.test:8443: sec-fetch-site] - expected: FAIL - - [preload track www.not-web-platform.test:8443: sec-fetch-site] - expected: FAIL - [preload style www.web-platform.test:8443: sec-fetch-dest] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini b/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini index 46f58cc786e..c60dc98b3b2 100644 --- a/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini @@ -21,9 +21,6 @@ [Https downgrade-upgrade script => No headers: sec-fetch-mode] expected: FAIL - [Https downgrade-upgrade top level navigation: sec-fetch-site] - expected: FAIL - [Https downgrade-upgrade stylesheet] expected: NOTRUN diff --git a/tests/wpt/meta/fetch/metadata/style.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/style.https.sub.html.ini deleted file mode 100644 index e977bc4e881..00000000000 --- a/tests/wpt/meta/fetch/metadata/style.https.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[style.https.sub.html] - [Cross-Site style: sec-fetch-site] - expected: FAIL