Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-03 20:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 3cb5a99e5521936fb8819de8aaba806050b84184

Browse source
This commit is contained in:
WPT Sync Bot 2019-06-23 10:23:36 +00:00
parent 1d2c0ba0bc
commit c700482629
204 changed files with 5112 additions and 1445 deletions
Download patch file Download diff file Expand all files Collapse all files

68
tests/wpt/web-platform-tests/fetch/sec-metadata/redirect/multiple-redirect-https-downgrade-upgrade.tentative.sub.html Normal file
View file

@ -0,0 +1,68 @@
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<script src=/fetch/sec-metadata/resources/redirectTestHelper.sub.js></script>
<script src=/common/security-features/resources/common.js></script>
<script src=/common/utils.js></script>
<style>
@font-face {
font-family: myDowngradeUpgradeFont;
src: url(https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fapi%2Fresources%2Fredirect.py%3Flocation%3Dhttps%253A%252F%252F{{host}}%253A{{ports[https][0]}}%252Ffetch%252Fsec-metadata%252Fresources%252Frecord-header.py%253Ffile%253Dfont-https-downgrade-upgrade);
}
#fontTest {
font-family: myDowngradeUpgradeFont;
}
</style>
<body>
<div id="fontTest">Downgraded then upgraded font</div>
<script>
let nonce = token();
let expected = { "dest": "", "site": "same-site", "user": "", "mode": "" };
// Validate various scenarios handle a request that redirects from https => http
// correctly and avoids disclosure of any Sec- headers.
RunCommonRedirectTests("Https downgrade-upgrade", MultipleRedirectTo, expected);
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-https-downgrade-upgrade";
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
});
}, "Https downgrade-upgrade font => No headers");
});
promise_test(() =>
requestViaImage(secureRedirectURL + encodeURIComponent(insecureRedirectURL + encodeURIComponent("https://{{host}}:{{ports[https][0]}}/common/security-features/subresource/image.py")))
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
"dest": undefined,
"site": "same-site",
"user": undefined,
"mode": undefined,
});
}), "Https downgrade-upgrade image => No headers");
</script>
<script src="https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fapi%2Fresources%2Fredirect.py%3Flocation%3Dhttps%253A%252F%252F{{host}}%253A{{ports[https][0]}}%252Ffetch%252Fsec-metadata%252Fresources%252Fecho-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, expected);
}, "Https downgrade-upgrade script => No headers");
</script>
</body>

67
tests/wpt/web-platform-tests/fetch/sec-metadata/redirect/redirect-http-upgrade.tentative.sub.html Normal file
View file

@ -0,0 +1,67 @@
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<script src=/fetch/sec-metadata/resources/redirectTestHelper.sub.js></script>
<script src=/common/security-features/resources/common.js></script>
<script src=/common/utils.js></script>
<style>
@font-face {
font-family: myUpgradedFont;
src: url(http://{{host}}:{{ports[http][0]}}/fetch/api/resources/redirect.py?location=https%3A%2F%2F{{host}}%3A{{ports[https][0]}}%2Ffetch%2Fsec-metadata%2Fresources%2Frecord-header.py%3Ffile%3Dfont-https-upgrade);
}
#fontTest {
font-family: myUpgradedFont;
}
</style>
<body>
<div id="fontTest">Upgraded font</div>
<script>
let nonce = token();
let expected = { "dest": "", "site": "same-site", "user": "", "mode": "" };
// Validate various scenarios handle a request that redirects from http => https correctly and add the proper Sec- headers.
RunCommonRedirectTests("Http upgrade", upgradeRedirectTo, expected);
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-https-upgrade";
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
});
}, "Http upgrade font => No headers");
});
promise_test(() =>
requestViaImage(insecureRedirectURL + encodeURIComponent("https://{{host}}:{{ports[https][0]}}/common/security-features/subresource/image.py"))
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
"dest": undefined,
"site": "same-site",
"user": undefined,
"mode": undefined,
});
}), "Http upgrade image => No headers");
</script>
<script src="http://{{host}}:{{ports[http][0]}}/fetch/api/resources/redirect.py?location=https%3A%2F%2F{{host}}%3A{{ports[https][0]}}%2Ffetch%2Fsec-metadata%2Fresources%2Fecho-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, expected);
}, "Http upgrade script => No headers");
</script>
</body>

68
tests/wpt/web-platform-tests/fetch/sec-metadata/redirect/redirect-https-downgrade.tentative.sub.html Normal file
View file

@ -0,0 +1,68 @@
<!DOCTYPE html>
<html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<script src=/fetch/sec-metadata/resources/redirectTestHelper.sub.js></script>
<script src=/common/security-features/resources/common.js></script>
<script src=/common/utils.js></script>
<style>
@font-face {
font-family: myDowngradedFont;
src: url(https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fsec-metadata%2Fresources%2Frecord-header.py%3Ffile%3Dfont-https-downgrade);
}
#fontTest {
font-family: myDowngradedFont;
}
</style>
<body>
<div id="fontTest">Downgraded font</div>
<script>
let nonce = token();
let expected = { "dest": "", "site": "", "user": "", "mode": "" };
// Validate various scenarios handle a request that redirects from https => http correctly and avoids disclosure of any Sec- headers.
RunCommonRedirectTests("Https downgrade", downgradeRedirectTo, expected);
document.fonts.ready.then(function () {
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "font-https-downgrade";
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expected))
.then(_ => resolve())
.catch(e => reject(e));
});
}, "Https downgrade font => No headers");
});
promise_test(() =>
requestViaImage(secureRedirectURL + encodeURIComponent("http://{{host}}:{{ports[http][0]}}/common/security-features/subresource/image.py"))
.then(result => {
headers = result.headers;
got = {
"dest": headers["sec-fetch-dest"],
"mode": headers["sec-fetch-mode"],
"site": headers["sec-fetch-site"],
"user": headers["sec-fetch-user"]
};
assert_header_equals(got, {
// Note that we're using `undefined` here, as opposed to "" elsewhere because of the way
// that `image.py` encodes data.
"dest": undefined,
"site": undefined,
"user": undefined,
"mode": undefined,
});
}), "Https downgrade image => No headers");
</script>
<script src="https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=http%3A%2F%2F{{host}}%3A{{ports[http][0]}}%2Ffetch%2Fsec-metadata%2Fresources%2Fecho-as-script.py"></script>
<script>
test(t => {
t.add_cleanup(_ => { header = null; });
assert_header_equals(header, expected);
}, "Https downgrade script => No headers");
</script>
</body>

181
tests/wpt/web-platform-tests/fetch/sec-metadata/resources/redirectTestHelper.sub.js Normal file
View file

@ -0,0 +1,181 @@
function createVideoElement() {
let el = document.createElement('video');
el.src = "/media/movie_5.mp4";
el.setAttribute("controls", "");
el.setAttribute("crossorigin", "");
return el;
}
function createTrack() {
let el = document.createElement("track");
el.setAttribute("default", "");
el.setAttribute("kind", "captions");
el.setAttribute("srclang", "en");
return el;
}
let secureRedirectURL = "https://{{host}}:{{ports[https][0]}}/fetch/api/resources/redirect.py?location=";
let insecureRedirectURL = "http://{{host}}:{{ports[http][0]}}/fetch/api/resources/redirect.py?location=";
let secureTestURL = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/";
let insecureTestURL = "http://{{host}}:{{ports[http][0]}}/fetch/sec-metadata/";
// Helper to craft an URL that will go from HTTPS => HTTP => HTTPS to
// simulate us downgrading then upgrading again during the same redirect chain.
function MultipleRedirectTo(partialPath) {
let finalURL = insecureRedirectURL + encodeURIComponent(secureTestURL + partialPath);
return insecureRedirectURL + encodeURIComponent(finalURL);
}
// Helper to craft an URL that will go from HTTP => HTTPS to simulate upgrading a
// given request.
function upgradeRedirectTo(partialPath) {
return insecureRedirectURL + encodeURIComponent(secureTestURL + partialPath);
}
// Helper to craft an URL that will go from HTTPS => HTTP to simulate downgrading a
// given request.
function downgradeRedirectTo(partialPath) {
return secureRedirectURL + encodeURIComponent(insecureTestURL + partialPath);
}
// Helper to run common redirect test cases that don't require special setup on
// the test page itself.
function RunCommonRedirectTests(testNamePrefix, urlHelperMethod, expectedResults) {
async_test(t => {
let i = document.createElement('iframe');
i.src = urlHelperMethod("resources/post-to-owner.py");
window.addEventListener('message', t.step_func(e => {
if (e.source != i.contentWindow) {
return;
}
assert_header_equals(e.data, expectedResults);
t.done();
}));
document.body.appendChild(i);
}, testNamePrefix + " iframe => No headers");
async_test(t => {
let testWindow = window.open(urlHelperMethod("resources/post-to-owner.py"));
t.add_cleanup(_ => testWindow.close());
window.addEventListener('message', t.step_func(e => {
if (e.source != testWindow) {
return;
}
assert_header_equals(e.data, expectedResults);
t.done();
}));
}, testNamePrefix + " top level navigation => No headers");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "embed-redirect-redirect" + nonce;
let e = document.createElement('embed');
e.src = urlHelperMethod("resources/record-header.py?file=" + key);
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expectedResults))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
});
}, testNamePrefix + " embed => No headers");
promise_test(t => {
let key = "fetch-redirect" + nonce;
return fetch(urlHelperMethod("resources/echo-as-json.py?" + key))
.then(r => r.json())
.then(j => {assert_header_equals(j, expectedResults);});
}, testNamePrefix + " fetch() api => No headers");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "object-https-redirect" + nonce;
let e = document.createElement('object');
e.data = urlHelperMethod("resources/record-header.py?file=" + key);
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expectedResults))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
});
}, testNamePrefix + " object => No headers");
if (document.createElement('link').relList.supports('prefetch')) {
async_test(t => {
let key = "prefetch" + nonce;
let e = document.createElement('link');
e.rel = "prefetch";
e.href = urlHelperMethod("resources/record-header.py?file=" + key) + "&simple=true";
e.onload = t.step_func(e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(t.step_func(response => response.text()))
.then(t.step_func_done(text => assert_header_equals(text, expectedResults)))
.catch(t.unreached_func("Fetching and verifying the results should succeed."));
});
e.onerror = t.unreached_func();
document.head.appendChild(e);
}, testNamePrefix + " prefetch => No headers");
}
if (document.createElement('link').relList.supports('preload')) {
async_test(t => {
let key = "preload" + nonce;
let e = document.createElement('link');
e.rel = "preload";
e.href = urlHelperMethod("resources/record-header.py?file=" + key);
e.setAttribute("as", "track");
e.onload = e.onerror = t.step_func_done(e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(t.step_func(response => response.text()))
.then(t.step_func(text => assert_header_equals(text, expectedResults)))
.then(t.step_func_done(_ => resolve()))
.catch(t.unreached_func());
});
document.head.appendChild(e);
}, testNamePrefix + " preload => No headers");
}
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "style-https-redirect" + nonce;
let e = document.createElement('link');
e.rel = "stylesheet";
e.href = urlHelperMethod("resources/record-header.py?file=" + key);
e.onload = e => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expectedResults))
.then(_ => resolve())
.catch(e => reject(e));
};
document.body.appendChild(e);
});
}, testNamePrefix + " stylesheet => No headers");
promise_test(t => {
return new Promise((resolve, reject) => {
let key = "track-https-redirect" + nonce;
let video = createVideoElement();
let el = createTrack();
el.src = urlHelperMethod("resources/record-header.py?file=" + key);
el.onload = t.step_func(_ => {
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
.then(response => response.text())
.then(text => assert_header_equals(text, expectedResults))
.then(_ => resolve());
});
video.appendChild(el);
document.body.appendChild(video);
});
}, testNamePrefix + " track => No headers");
}