Fix Sec-Fetch-Site header (#37277)

While working on #37209 I discovered that the header was computed incorrectly. After carefully reading the specification, I realized that the link in the spec was wrong and we were missing the fact that for host-domains, we should operate on the registrable domain. Additionally, the same-site call was missing the negation. Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-08-14 09:55:35 +01:00 · 2025-06-07 18:57:29 +02:00 · 2025-06-07 18:57:29 +02:00 · c808ff7666
commit c808ff7666
parent a625420b23
36 changed files with 41 additions and 444 deletions
--- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini
+++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini
@ -1,21 +1,6 @@
 [script-module-import-dynamic.https.sub.html]
-  [sec-fetch-site - Cross-site]
+  [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect]
    expected: FAIL

-  [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect]
-    expected: FAIL
-
-  [sec-fetch-site - Cross-Site -> Same Origin]
-    expected: FAIL
-
-  [sec-fetch-site - Cross-Site -> Same-Site]
-    expected: FAIL
-
-  [sec-fetch-site - Cross-Site -> Cross-Site]
-    expected: FAIL
-
-  [sec-fetch-site - Same-Origin -> Cross-Site]
-    expected: FAIL
-
-  [sec-fetch-site - Same-Site -> Cross-Site]
+  [sec-fetch-site - Same-Site -> Same Origin]
    expected: FAIL