diff --git a/components/net/fetch/headers.rs b/components/net/fetch/headers.rs index e113ac0ed20..23b05519eb9 100644 --- a/components/net/fetch/headers.rs +++ b/components/net/fetch/headers.rs @@ -2,8 +2,19 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ -use headers::HeaderMap; +use content_security_policy::Destination; +use headers::{Error, Header, HeaderMap}; +use http::{HeaderName, HeaderValue}; use net_traits::fetch::headers::get_decode_and_split_header_name; +use net_traits::request::RequestMode; + +static SEC_FETCH_DEST: HeaderName = HeaderName::from_static("sec-fetch-dest"); + +static SEC_FETCH_MODE: HeaderName = HeaderName::from_static("sec-fetch-mode"); + +static SEC_FETCH_SITE: HeaderName = HeaderName::from_static("sec-fetch-site"); + +static SEC_FETCH_USER: HeaderName = HeaderName::from_static("sec-fetch-user"); /// pub fn determine_nosniff(headers: &HeaderMap) -> bool { @@ -14,3 +25,187 @@ pub fn determine_nosniff(headers: &HeaderMap) -> bool { Some(values) => !values.is_empty() && values[0].eq_ignore_ascii_case("nosniff"), } } + +/// The `sec-fetch-dest` header +pub struct SecFetchDest(pub Destination); + +/// The `sec-fetch-mode` header +/// +/// This is effectively the same as a [RequestMode], except +/// it doesn't keep track of the websocket protocols +pub enum SecFetchMode { + SameOrigin, + Cors, + NoCors, + Navigate, + WebSocket, +} + +/// The `sec-fetch-user` header +pub struct SecFetchUser; + +/// The `sec-fetch-site` header +#[derive(Eq, PartialEq)] +pub enum SecFetchSite { + None, + SameOrigin, + SameSite, + CrossSite, +} + +impl Header for SecFetchDest { + fn name() -> &'static HeaderName { + &SEC_FETCH_DEST + } + + fn decode<'i, I>(_: &mut I) -> Result + where + Self: Sized, + I: Iterator, + { + // TODO + Err(Error::invalid()) + } + + fn encode(&self, values: &mut E) + where + E: Extend, + { + let value = HeaderValue::from_static(destination_as_str(self.0)); + values.extend(std::iter::once(value)); + } +} + +impl From for SecFetchDest { + fn from(value: Destination) -> Self { + Self(value) + } +} + +impl Header for SecFetchMode { + fn name() -> &'static HeaderName { + &SEC_FETCH_MODE + } + + fn decode<'i, I>(_: &mut I) -> Result + where + Self: Sized, + I: Iterator, + { + // TODO + Err(Error::invalid()) + } + + fn encode(&self, values: &mut E) + where + E: Extend, + { + let value = HeaderValue::from_static(self.as_str()); + values.extend(std::iter::once(value)); + } +} + +impl<'a> From<&'a RequestMode> for SecFetchMode { + fn from(value: &'a RequestMode) -> Self { + match value { + RequestMode::SameOrigin => Self::SameOrigin, + RequestMode::CorsMode => Self::Cors, + RequestMode::NoCors => Self::NoCors, + RequestMode::Navigate => Self::Navigate, + RequestMode::WebSocket { .. } => Self::WebSocket, + } + } +} + +impl Header for SecFetchSite { + fn name() -> &'static HeaderName { + &SEC_FETCH_SITE + } + + fn decode<'i, I>(_: &mut I) -> Result + where + Self: Sized, + I: Iterator, + { + // TODO + Err(Error::invalid()) + } + + fn encode(&self, values: &mut E) + where + E: Extend, + { + let s = match self { + Self::None => "none", + Self::SameSite => "same-site", + Self::CrossSite => "cross-site", + Self::SameOrigin => "same-origin", + }; + let value = HeaderValue::from_static(s); + values.extend(std::iter::once(value)); + } +} + +impl Header for SecFetchUser { + fn name() -> &'static HeaderName { + &SEC_FETCH_USER + } + + fn decode<'i, I>(_: &mut I) -> Result + where + Self: Sized, + I: Iterator, + { + // TODO + Err(Error::invalid()) + } + + fn encode(&self, values: &mut E) + where + E: Extend, + { + let value = HeaderValue::from_static("?1"); + values.extend(std::iter::once(value)); + } +} + +const fn destination_as_str(destination: Destination) -> &'static str { + match destination { + Destination::None => "empty", + Destination::Audio => "audio", + Destination::AudioWorklet => "audioworklet", + Destination::Document => "document", + Destination::Embed => "embed", + Destination::Font => "font", + Destination::Frame => "frame", + Destination::IFrame => "iframe", + Destination::Image => "image", + Destination::Json => "json", + Destination::Manifest => "manifest", + Destination::Object => "object", + Destination::PaintWorklet => "paintworklet", + Destination::Report => "report", + Destination::Script => "script", + Destination::ServiceWorker => "serviceworker", + Destination::SharedWorker => "sharedworker", + Destination::Style => "style", + Destination::Track => "track", + Destination::Video => "video", + Destination::WebIdentity => "webidentity", + Destination::Worker => "worker", + Destination::Xslt => "xslt", + } +} + +impl SecFetchMode { + /// Converts to the spec representation of a [RequestMode] + fn as_str(&self) -> &'static str { + match self { + Self::SameOrigin => "same-origin", + Self::Cors => "cors", + Self::NoCors => "no-cors", + Self::Navigate => "navigate", + Self::WebSocket => "websocket", + } + } +} diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 6c7251d12d2..33f063db570 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -67,6 +67,7 @@ use crate::cookie::ServoCookie; use crate::cookie_storage::CookieStorage; use crate::decoder::Decoder; use crate::fetch::cors_cache::CorsCache; +use crate::fetch::headers::{SecFetchDest, SecFetchMode, SecFetchSite, SecFetchUser}; use crate::fetch::methods::{main_fetch, Data, DoneChannel, FetchContext, Target}; use crate::hsts::HstsList; use crate::http_cache::{CacheKey, HttpCache}; @@ -209,6 +210,35 @@ fn strict_origin_when_cross_origin( strip_url_for_use_as_referrer(referrer_url, true) } +/// +fn is_same_site(site_a: &ImmutableOrigin, site_b: &ImmutableOrigin) -> bool { + // Step 1. If A and B are the same opaque origin, then return true. + if !site_a.is_tuple() && !site_b.is_tuple() && site_a == site_b { + return true; + } + + // Step 2. If A or B is an opaque origin, then return false. + let ImmutableOrigin::Tuple(scheme_a, host_a, _) = site_a else { + return false; + }; + let ImmutableOrigin::Tuple(scheme_b, host_b, _) = site_b else { + return false; + }; + + // Step 3. If A's and B's scheme values are different, then return false. + if scheme_a != scheme_b { + return false; + } + + // Step 4. If A's and B's host values are not equal, then return false. + if host_a != host_b { + return false; + } + + // Step 5. Return true. + true +} + /// fn is_schemelessy_same_site(site_a: &ImmutableOrigin, site_b: &ImmutableOrigin) -> bool { // Step 1 @@ -1196,7 +1226,7 @@ async fn http_network_or_cache_fetch( append_a_request_origin_header(http_request); // Step 8.13 Append the Fetch metadata headers for httpRequest. - // TODO(#33616) Implement Sec-Fetch-* headers + append_the_fetch_metadata_headers(http_request); // Step 8.14: If httpRequest’s initiator is "prefetch", then set a structured field value given // (`Sec-Purpose`, the token "prefetch") in httpRequest’s header list. @@ -2356,3 +2386,112 @@ pub fn append_a_request_origin_header(request: &mut Request) { request.headers.typed_insert(serialized_origin); } } + +/// +fn append_the_fetch_metadata_headers(r: &mut Request) { + // Step 1. If r’s url is not an potentially trustworthy URL, return. + if !r.url().is_potentially_trustworthy() { + return; + } + + // Step 2. Set the Sec-Fetch-Dest header for r. + set_the_sec_fetch_dest_header(r); + + // Step 3. Set the Sec-Fetch-Mode header for r. + set_the_sec_fetch_mode_header(r); + + // Step 4. Set the Sec-Fetch-Site header for r. + set_the_sec_fetch_site_header(r); + + // Step 5. Set the Sec-Fetch-User header for r. + set_the_sec_fetch_user_header(r); +} + +/// +fn set_the_sec_fetch_dest_header(r: &mut Request) { + // Step 1. Assert: r’s url is a potentially trustworthy URL. + debug_assert!(r.url().is_potentially_trustworthy()); + + // Step 2. Let header be a Structured Header whose value is a token. + // Step 3. If r’s destination is the empty string, set header’s value to the string "empty". + // Otherwise, set header’s value to r’s destination. + let header = r.destination; + + // Step 4. Set a structured field value `Sec-Fetch-Dest`/header in r’s header list. + r.headers.typed_insert(SecFetchDest(header)); +} + +/// +fn set_the_sec_fetch_mode_header(r: &mut Request) { + // Step 1. Assert: r’s url is a potentially trustworthy URL. + debug_assert!(r.url().is_potentially_trustworthy()); + + // Step 2. Let header be a Structured Header whose value is a token. + // Step 3. Set header’s value to r’s mode. + let header = &r.mode; + + // Step 4. Set a structured field value `Sec-Fetch-Mode`/header in r’s header list. + r.headers.typed_insert(SecFetchMode::from(header)); +} + +/// +fn set_the_sec_fetch_site_header(r: &mut Request) { + // The webappsec spec seems to have a similar issue as + // https://github.com/whatwg/fetch/issues/1773 + let Origin::Origin(request_origin) = &r.origin else { + panic!("request origin cannot be \"client\" at this point") + }; + + // Step 1. Assert: r’s url is a potentially trustworthy URL. + debug_assert!(r.url().is_potentially_trustworthy()); + + // Step 2. Let header be a Structured Header whose value is a token. + // Step 3. Set header’s value to same-origin. + let mut header = SecFetchSite::SameOrigin; + + // TODO: Step 3. If r is a navigation request that was explicitly caused by a + // user’s interaction with the user agent, then set header’s value to none. + + // Step 5. If header’s value is not none, then for each url in r’s url list: + if header != SecFetchSite::None { + for url in &r.url_list { + // Step 5.1 If url is same origin with r’s origin, continue. + if url.origin() == *request_origin { + continue; + } + + // Step 5.2 Set header’s value to cross-site. + header = SecFetchSite::CrossSite; + + // Step 5.3 If r’s origin is not same site with url’s origin, then break. + if is_same_site(request_origin, &url.origin()) { + break; + } + + // Step 5.4 Set header’s value to same-site. + header = SecFetchSite::SameSite; + } + } + + // Step 6. Set a structured field value `Sec-Fetch-Site`/header in r’s header list. + r.headers.typed_insert(header); +} + +/// +fn set_the_sec_fetch_user_header(r: &mut Request) { + // Step 1. Assert: r’s url is a potentially trustworthy URL. + debug_assert!(r.url().is_potentially_trustworthy()); + + // Step 2. If r is not a navigation request, or if r’s user-activation is false, return. + // TODO user activation + if !r.is_navigation_request() { + return; + } + + // Step 3. Let header be a Structured Header whose value is a token. + // Step 4. Set header’s value to true. + let header = SecFetchUser; + + // Step 5. Set a structured field value `Sec-Fetch-User`/header in r’s header list. + r.headers.typed_insert(header); +} diff --git a/components/net/tests/fetch.rs b/components/net/tests/fetch.rs index 03d2826fc01..bc0d19a5b9a 100644 --- a/components/net/tests/fetch.rs +++ b/components/net/tests/fetch.rs @@ -1368,6 +1368,20 @@ fn test_fetch_with_devtools() { HeaderValue::from_static("gzip, deflate, br"), ); + // Append fetch metadata headers + headers.insert( + HeaderName::from_static("sec-fetch-dest"), + HeaderValue::from_static("empty"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-mode"), + HeaderValue::from_static("no-cors"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-site"), + HeaderValue::from_static("same-origin"), + ); + let httprequest = DevtoolsHttpRequest { url: url, method: Method::GET, diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs index 11b31c87606..fac0101baba 100644 --- a/components/net/tests/http_loader.rs +++ b/components/net/tests/http_loader.rs @@ -26,7 +26,7 @@ use headers::{ }; use http::header::{self, HeaderMap, HeaderValue}; use http::uri::Authority; -use http::{Method, StatusCode}; +use http::{HeaderName, Method, StatusCode}; use hyper::{Body, Request as HyperRequest, Response as HyperResponse}; use ipc_channel::ipc; use ipc_channel::router::ROUTER; @@ -149,6 +149,24 @@ fn test_check_default_headers_loaded_in_every_request() { headers.typed_insert::(crate::DEFAULT_USER_AGENT.parse().unwrap()); + // Append fetch metadata headers + headers.insert( + HeaderName::from_static("sec-fetch-dest"), + HeaderValue::from_static("document"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-mode"), + HeaderValue::from_static("no-cors"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-site"), + HeaderValue::from_static("same-origin"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-user"), + HeaderValue::from_static("?1"), + ); + *expected_headers.lock().unwrap() = Some(headers.clone()); // Testing for method.GET @@ -159,7 +177,7 @@ fn test_check_default_headers_loaded_in_every_request() { .pipeline_id(Some(TEST_PIPELINE_ID)) .build(); - let response = fetch(&mut request, None); + let response = dbg!(fetch(&mut request, None)); assert!(response .internal_response .unwrap() @@ -282,6 +300,24 @@ fn test_request_and_response_data_with_network_messages() { HeaderValue::from_static("gzip, deflate, br"), ); + // Append fetch metadata headers + headers.insert( + HeaderName::from_static("sec-fetch-dest"), + HeaderValue::from_static("document"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-mode"), + HeaderValue::from_static("no-cors"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-site"), + HeaderValue::from_static("same-site"), + ); + headers.insert( + HeaderName::from_static("sec-fetch-user"), + HeaderValue::from_static("?1"), + ); + let httprequest = DevtoolsHttpRequest { url: url, method: Method::GET, diff --git a/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini b/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini index f290329dfbe..0147b1bc84c 100644 --- a/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini +++ b/tests/wpt/meta/fetch/metadata/fetch-preflight.https.sub.any.js.ini @@ -1,16 +1,10 @@ [fetch-preflight.https.sub.any.html] - [Same-site fetch with preflight] - expected: FAIL - - [Cross-site fetch with preflight] + [Cross-site fetch with preflight: sec-fetch-site] expected: FAIL [fetch-preflight.https.sub.any.worker.html] - [Same-site fetch with preflight] - expected: FAIL - - [Cross-site fetch with preflight] + [Cross-site fetch with preflight: sec-fetch-site] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini b/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini index 3d653a386bc..31cda1be01e 100644 --- a/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini +++ b/tests/wpt/meta/fetch/metadata/fetch.https.sub.any.js.ini @@ -1,114 +1,12 @@ [fetch.https.sub.any.html] - [CORS mode: sec-fetch-site] - expected: FAIL - - [Same-origin mode: sec-fetch-dest] - expected: FAIL - - [Cross-site fetch: sec-fetch-dest] - expected: FAIL - [Cross-site fetch: sec-fetch-site] expected: FAIL - [Same-origin fetch: sec-fetch-mode] - expected: FAIL - - [CORS mode: sec-fetch-mode] - expected: FAIL - - [Same-origin mode: sec-fetch-mode] - expected: FAIL - - [Same-origin mode: sec-fetch-site] - expected: FAIL - - [Same-origin fetch: sec-fetch-site] - expected: FAIL - - [Cross-site fetch: sec-fetch-mode] - expected: FAIL - - [CORS mode: sec-fetch-dest] - expected: FAIL - - [Same-origin fetch: sec-fetch-dest] - expected: FAIL - - [no-CORS mode: sec-fetch-dest] - expected: FAIL - - [Same-site fetch: sec-fetch-dest] - expected: FAIL - - [no-CORS mode: sec-fetch-site] - expected: FAIL - - [Same-site fetch: sec-fetch-site] - expected: FAIL - - [no-CORS mode: sec-fetch-mode] - expected: FAIL - - [Same-site fetch: sec-fetch-mode] - expected: FAIL - [fetch.https.sub.any.worker.html] - [CORS mode: sec-fetch-site] - expected: FAIL - - [Same-origin mode: sec-fetch-dest] - expected: FAIL - - [Cross-site fetch: sec-fetch-dest] - expected: FAIL - [Cross-site fetch: sec-fetch-site] expected: FAIL - [Same-origin fetch: sec-fetch-mode] - expected: FAIL - - [CORS mode: sec-fetch-mode] - expected: FAIL - - [Same-origin mode: sec-fetch-mode] - expected: FAIL - - [Same-origin mode: sec-fetch-site] - expected: FAIL - - [Same-origin fetch: sec-fetch-site] - expected: FAIL - - [Cross-site fetch: sec-fetch-mode] - expected: FAIL - - [CORS mode: sec-fetch-dest] - expected: FAIL - - [Same-origin fetch: sec-fetch-dest] - expected: FAIL - - [no-CORS mode: sec-fetch-dest] - expected: FAIL - - [Same-site fetch: sec-fetch-dest] - expected: FAIL - - [no-CORS mode: sec-fetch-site] - expected: FAIL - - [Same-site fetch: sec-fetch-site] - expected: FAIL - - [no-CORS mode: sec-fetch-mode] - expected: FAIL - - [Same-site fetch: sec-fetch-mode] - expected: FAIL - [fetch.https.sub.any.sharedworker.html] expected: ERROR diff --git a/tests/wpt/meta/fetch/metadata/generated/css-font-face.https.sub.tentative.html.ini b/tests/wpt/meta/fetch/metadata/generated/css-font-face.https.sub.tentative.html.ini index f2eb0d19401..37454f3ed97 100644 --- a/tests/wpt/meta/fetch/metadata/generated/css-font-face.https.sub.tentative.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/css-font-face.https.sub.tentative.html.ini @@ -44,8 +44,5 @@ [sec-fetch-mode] expected: FAIL - [sec-fetch-dest] - expected: FAIL - [sec-fetch-user] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini index 6f19fd27de4..dd0b375d338 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-a.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade - no attributes] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent) - no attributes] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini index 4a4d16a5676..03e98a8db48 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-audio.https.sub.html.ini @@ -1,19 +1,10 @@ [element-audio.https.sub.html] - [sec-fetch-site - Same origin, no attributes] - expected: FAIL - [sec-fetch-site - Cross-site, no attributes] expected: FAIL - [sec-fetch-site - Same site, no attributes] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin, no attributes] expected: FAIL @@ -23,38 +14,11 @@ [sec-fetch-site - Cross-Site -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site, no attributes] expected: FAIL [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] expected: FAIL - - [sec-fetch-mode - no attributes] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-dest - no attributes] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini index 3b31ea96366..7cc93481772 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-audio.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent), no attributes] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini index 6d496e923ca..b154a96d9de 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-iframe.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent)] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini index 13f6a1ecd91..a42697b3dc8 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-img.https.sub.html.ini @@ -1,34 +1,16 @@ [element-img.https.sub.html] - [sec-fetch-site - src - Same origin, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same origin, no attributes] - expected: FAIL - [sec-fetch-site - src - Cross-site, no attributes] expected: FAIL [sec-fetch-site - srcset - Cross-site, no attributes] expected: FAIL - [sec-fetch-site - src - Same site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same site, no attributes] - expected: FAIL - [sec-fetch-site - src - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] expected: FAIL [sec-fetch-site - srcset - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] expected: FAIL - [sec-fetch-site - src - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - [sec-fetch-site - src - Cross-Site -> Same Origin, no attributes] expected: FAIL @@ -47,36 +29,12 @@ [sec-fetch-site - srcset - Cross-Site -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - src - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - src - Same-Origin -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Origin -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - src - Same-Origin -> Cross-Site, no attributes] expected: FAIL [sec-fetch-site - srcset - Same-Origin -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - src - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - src - Same-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - srcset - Same-Site -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - src - Same-Site -> Cross-Site, no attributes] expected: FAIL @@ -85,33 +43,3 @@ [sec-fetch-site - src - HTTPS downgrade-upgrade, no attributes] expected: FAIL - - [sec-fetch-mode - src - no attributes] - expected: FAIL - - [sec-fetch-mode - src - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - src - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - src - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-mode - srcset - no attributes] - expected: FAIL - - [sec-fetch-mode - srcset - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - srcset - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - srcset - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-dest - src - no attributes] - expected: FAIL - - [sec-fetch-dest - srcset - no attributes] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini index 2d53a409cf2..cd58db1fdd2 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-img.sub.html.ini @@ -10,3 +10,9 @@ [sec-fetch-site - srcset - HTTPS downgrade-upgrade, no attributes] expected: FAIL + + [sec-fetch-site - src - HTTPS downgrade (header not sent), no attributes] + expected: FAIL + + [sec-fetch-site - srcset - HTTPS downgrade (header not sent), no attributes] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini index f083672c134..a1d357e629e 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.https.optional.sub.html.ini @@ -5,15 +5,9 @@ [sec-fetch-site - Cross-site no attributes] expected: FAIL - [sec-fetch-site - Same site no attributes] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect no attributes] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect no attributes] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin no attributes] expected: FAIL @@ -26,36 +20,12 @@ [sec-fetch-site - Same-Origin -> Same Origin no attributes] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site no attributes] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site no attributes] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site no attributes] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site no attributes] expected: FAIL - [sec-fetch-mode no attributes] - expected: FAIL - - [sec-fetch-mode attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-dest no attributes] - expected: FAIL - [sec-fetch-dest attributes: as=audio] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini index c91344a198e..b75a39a81a0 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-link-prefetch.optional.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade no attributes] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent) no attributes] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini index 1b884336d31..5bc9bb2c8cf 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.https.optional.sub.html.ini @@ -1,7 +1,4 @@ [element-meta-refresh.https.optional.sub.html] - [sec-fetch-site - Same origin] - expected: FAIL - [sec-fetch-site - Cross-site] expected: FAIL @@ -11,9 +8,6 @@ [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin] expected: FAIL @@ -23,18 +17,9 @@ [sec-fetch-site - Cross-Site -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin] - expected: FAIL - [sec-fetch-site - Same-Site -> Same-Site] expected: FAIL @@ -44,8 +29,5 @@ [sec-fetch-site - HTTPS downgrade-upgrade] expected: FAIL - [sec-fetch-mode] - expected: FAIL - - [sec-fetch-dest] + [sec-fetch-user] expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini index f7602907106..6af80d8f7e8 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-meta-refresh.optional.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent)] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini index 2280b961e90..b6973de9897 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-picture.https.sub.html.ini @@ -1,13 +1,4 @@ [element-picture.https.sub.html] - [sec-fetch-site - img[src\] - Same origin, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same origin, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same origin, no attributes] - expected: FAIL - [sec-fetch-site - img[src\] - Cross-site, no attributes] expected: FAIL @@ -17,15 +8,6 @@ [sec-fetch-site - source[srcset\] - Cross-site, no attributes] expected: FAIL - [sec-fetch-site - img[src\] - Same site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same site, no attributes] - expected: FAIL - [sec-fetch-site - img[src\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] expected: FAIL @@ -35,15 +17,6 @@ [sec-fetch-site - source[srcset\] - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] expected: FAIL - [sec-fetch-site - img[src\] - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - [sec-fetch-site - img[src\] - Cross-Site -> Same Origin, no attributes] expected: FAIL @@ -71,24 +44,6 @@ [sec-fetch-site - source[srcset\] - Cross-Site -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - img[src\] - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Same-Origin -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Origin -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Origin -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - img[src\] - Same-Origin -> Cross-Site, no attributes] expected: FAIL @@ -98,24 +53,6 @@ [sec-fetch-site - source[srcset\] - Same-Origin -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - img[src\] - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - img[src\] - Same-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - img[srcset\] - Same-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - source[srcset\] - Same-Site -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - img[src\] - Same-Site -> Cross-Site, no attributes] expected: FAIL @@ -124,48 +61,3 @@ [sec-fetch-site - source[srcset\] - Same-Site -> Cross-Site, no attributes] expected: FAIL - - [sec-fetch-mode - img[src\] - no attributes] - expected: FAIL - - [sec-fetch-mode - img[srcset\] - no attributes] - expected: FAIL - - [sec-fetch-mode - source[srcset\] - no attributes] - expected: FAIL - - [sec-fetch-mode - img[src\] - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - img[srcset\] - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - source[srcset\] - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - img[src\] - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - img[srcset\] - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - source[srcset\] - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - img[src\] - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-mode - img[srcset\] - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-mode - source[srcset\] - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-dest - img[src\] - no attributes] - expected: FAIL - - [sec-fetch-dest - img[srcset\] - no attributes] - expected: FAIL - - [sec-fetch-dest - source[srcset\] - no attributes] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini index 96ee7c6eafe..3232ec358eb 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-picture.sub.html.ini @@ -16,3 +16,12 @@ [sec-fetch-site - source[srcset\] - HTTPS downgrade-upgrade, no attributes] expected: FAIL + + [sec-fetch-site - img[src\] - HTTPS downgrade (header not sent), no attributes] + expected: FAIL + + [sec-fetch-site - img[srcset\] - HTTPS downgrade (header not sent), no attributes] + expected: FAIL + + [sec-fetch-site - source[srcset\] - HTTPS downgrade (header not sent), no attributes] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini index ade689e17a5..217a1c62e79 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-script.https.sub.html.ini @@ -1,34 +1,16 @@ [element-script.https.sub.html] - [sec-fetch-site - Same origin, no attributes] - expected: FAIL - - [sec-fetch-site - Same origin, attributes: type=module] - expected: FAIL - [sec-fetch-site - Cross-site, no attributes] expected: FAIL [sec-fetch-site - Cross-site, attributes: type=module] expected: FAIL - [sec-fetch-site - Same site, no attributes] - expected: FAIL - - [sec-fetch-site - Same site, attributes: type=module] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] expected: FAIL [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, attributes: type=module] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, attributes: type=module] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin, no attributes] expected: FAIL @@ -47,56 +29,14 @@ [sec-fetch-site - Cross-Site -> Cross-Site, attributes: type=module] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same Origin, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site, attributes: type=module] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site, no attributes] expected: FAIL [sec-fetch-site - Same-Origin -> Cross-Site, attributes: type=module] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same Origin, attributes: type=module] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site, attributes: type=module] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site, no attributes] expected: FAIL [sec-fetch-site - Same-Site -> Cross-Site, attributes: type=module] expected: FAIL - - [sec-fetch-mode - no attributes] - expected: FAIL - - [sec-fetch-mode - attributes: type=module] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-dest - no attributes] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini index 247f8800f48..ef877c37311 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-script.sub.html.ini @@ -10,3 +10,9 @@ [sec-fetch-site - HTTPS downgrade-upgrade, attributes: type=module] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent), no attributes] + expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent), attributes: type=module] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini index 56699467370..2978eb8f94f 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-video.https.sub.html.ini @@ -1,19 +1,10 @@ [element-video.https.sub.html] - [sec-fetch-site - Same origin, no attributes] - expected: FAIL - [sec-fetch-site - Cross-site, no attributes] expected: FAIL - [sec-fetch-site - Same site, no attributes] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, no attributes] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, no attributes] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin, no attributes] expected: FAIL @@ -23,38 +14,11 @@ [sec-fetch-site - Cross-Site -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site, no attributes] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin, no attributes] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site, no attributes] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site, no attributes] expected: FAIL [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] expected: FAIL - - [sec-fetch-mode - no attributes] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin=anonymous] - expected: FAIL - - [sec-fetch-mode - attributes: crossorigin=use-credentials] - expected: FAIL - - [sec-fetch-dest - no attributes] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini index a33a4431dcc..70d776ac203 100644 --- a/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/element-video.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade, no attributes] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent), no attributes] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini index 7ae4931e7bc..6153b15aec8 100644 --- a/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/fetch.https.sub.html.ini @@ -1,19 +1,10 @@ [fetch.https.sub.html] - [sec-fetch-site - Same origin, init: mode=no-cors] - expected: FAIL - [sec-fetch-site - Cross-site, init: mode=no-cors] expected: FAIL - [sec-fetch-site - Same site, init: mode=no-cors] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect, init: mode=no-cors] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect, init: mode=no-cors] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin, init: mode=no-cors] expected: FAIL @@ -23,35 +14,8 @@ [sec-fetch-site - Cross-Site -> Cross-Site, init: mode=no-cors] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site, init: mode=no-cors] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site, init: mode=no-cors] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin, init: mode=no-cors] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site, init: mode=no-cors] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site, init: mode=no-cors] expected: FAIL - - [sec-fetch-mode - no init] - expected: FAIL - - [sec-fetch-mode - init: mode=cors] - expected: FAIL - - [sec-fetch-mode - init: mode=no-cors] - expected: FAIL - - [sec-fetch-mode - init: mode=same-origin] - expected: FAIL - - [sec-fetch-dest - no init] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini index b24c676699b..339edb2c742 100644 --- a/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/fetch.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade, no init] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent), no init] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini index 03be57bbc6c..9da83749a21 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.https.sub.html.ini @@ -1,19 +1,10 @@ [script-module-import-dynamic.https.sub.html] - [sec-fetch-site - Same origin] - expected: FAIL - [sec-fetch-site - Cross-site] expected: FAIL - [sec-fetch-site - Same site] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin] expected: FAIL @@ -23,26 +14,8 @@ [sec-fetch-site - Cross-Site -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site] expected: FAIL - - [sec-fetch-mode] - expected: FAIL - - [sec-fetch-dest] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini index 9359c473d82..318935e7f3d 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-dynamic.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent)] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini index bdea2870180..27b82550f15 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.https.sub.html.ini @@ -1,19 +1,10 @@ [script-module-import-static.https.sub.html] - [sec-fetch-site - Same origin] - expected: FAIL - [sec-fetch-site - Cross-site] expected: FAIL - [sec-fetch-site - Same site] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin] expected: FAIL @@ -23,26 +14,8 @@ [sec-fetch-site - Cross-Site -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site] expected: FAIL - - [sec-fetch-mode] - expected: FAIL - - [sec-fetch-dest] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini index f2964cf3a1d..bc7a5e2d884 100644 --- a/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/script-module-import-static.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent)] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini index 54042826d40..6643b0b2cc7 100644 --- a/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/window-location.sub.html.ini @@ -22,3 +22,15 @@ [sec-fetch-site - HTTPS downgrade-upgrade - location.replace] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent) - location] + expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent) - location.href] + expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent) - location.assign] + expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent) - location.replace] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-constructor.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-constructor.https.sub.html.ini deleted file mode 100644 index 71a0d06a338..00000000000 --- a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-constructor.https.sub.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[worker-dedicated-constructor.https.sub.html] - [sec-fetch-mode - no options] - expected: FAIL - - [sec-fetch-mode - options: type=module] - expected: FAIL - - [sec-fetch-dest - no options] - expected: FAIL - - [sec-fetch-dest - options: type=module] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini index adf36ed21d4..c4c3f669fe2 100644 --- a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini @@ -1,19 +1,10 @@ [worker-dedicated-importscripts.https.sub.html] - [sec-fetch-site - Same origin] - expected: FAIL - [sec-fetch-site - Cross-site] expected: FAIL - [sec-fetch-site - Same site] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site -> Same-Origin redirect] expected: FAIL - [sec-fetch-site - Same-Origin -> Same-Site -> Same-Origin redirect] - expected: FAIL - [sec-fetch-site - Cross-Site -> Same Origin] expected: FAIL @@ -23,26 +14,8 @@ [sec-fetch-site - Cross-Site -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Origin -> Same Origin] - expected: FAIL - - [sec-fetch-site - Same-Origin -> Same-Site] - expected: FAIL - [sec-fetch-site - Same-Origin -> Cross-Site] expected: FAIL - [sec-fetch-site - Same-Site -> Same Origin] - expected: FAIL - - [sec-fetch-site - Same-Site -> Same-Site] - expected: FAIL - [sec-fetch-site - Same-Site -> Cross-Site] expected: FAIL - - [sec-fetch-mode] - expected: FAIL - - [sec-fetch-dest] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini index 906554c2f3b..b5ee5020c7a 100644 --- a/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini @@ -4,3 +4,6 @@ [sec-fetch-site - HTTPS downgrade-upgrade] expected: FAIL + + [sec-fetch-site - HTTPS downgrade (header not sent)] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/navigation.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/navigation.https.sub.html.ini index a53ed577de8..e7801fc0b84 100644 --- a/tests/wpt/meta/fetch/metadata/navigation.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/navigation.https.sub.html.ini @@ -1,2 +1,3 @@ [navigation.https.sub.html] - expected: TIMEOUT + [undefined: sec-fetch-site] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini b/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini index 22b7f64784c..77fa4b61164 100644 --- a/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub.html.ini @@ -27,20 +27,17 @@ [Https downgrade-upgrade stylesheet] expected: NOTRUN - [Https downgrade-upgrade top level navigation: sec-fetch-mode] - expected: FAIL - [Https downgrade-upgrade iframe: sec-fetch-site] expected: FAIL [Https downgrade-upgrade embed] expected: TIMEOUT - [Https downgrade-upgrade top level navigation: sec-fetch-dest] - expected: FAIL - [Https downgrade-upgrade preload] expected: TIMEOUT [Https downgrade-upgrade iframe: sec-fetch-mode] expected: FAIL + + [Https downgrade-upgrade top level navigation: sec-fetch-user] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/redirect/redirect-https-downgrade.sub.html.ini b/tests/wpt/meta/fetch/metadata/redirect/redirect-https-downgrade.sub.html.ini index af7c2782618..6520313bed7 100644 --- a/tests/wpt/meta/fetch/metadata/redirect/redirect-https-downgrade.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/redirect/redirect-https-downgrade.sub.html.ini @@ -14,3 +14,15 @@ [Https downgrade track] expected: NOTRUN + + [Https downgrade top level navigation: sec-fetch-dest] + expected: FAIL + + [Https downgrade top level navigation: sec-fetch-mode] + expected: FAIL + + [Https downgrade top level navigation: sec-fetch-site] + expected: FAIL + + [Https downgrade top level navigation: sec-fetch-user] + expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/style.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/style.https.sub.html.ini index 3db9696bd5e..e977bc4e881 100644 --- a/tests/wpt/meta/fetch/metadata/style.https.sub.html.ini +++ b/tests/wpt/meta/fetch/metadata/style.https.sub.html.ini @@ -1,36 +1,3 @@ [style.https.sub.html] - [Same-Origin style: sec-fetch-dest] - expected: FAIL - - [Same-Origin style: sec-fetch-mode] - expected: FAIL - - [Same-Origin style: sec-fetch-site] - expected: FAIL - - [Same-Site style: sec-fetch-dest] - expected: FAIL - - [Same-Site style: sec-fetch-mode] - expected: FAIL - - [Same-Site style: sec-fetch-site] - expected: FAIL - - [Cross-Site style: sec-fetch-dest] - expected: FAIL - - [Cross-Site style: sec-fetch-mode] - expected: FAIL - [Cross-Site style: sec-fetch-site] expected: FAIL - - [Same-Origin, cors style: sec-fetch-dest] - expected: FAIL - - [Same-Origin, cors style: sec-fetch-mode] - expected: FAIL - - [Same-Origin, cors style: sec-fetch-site] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/worker.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/worker.https.sub.html.ini deleted file mode 100644 index 02f3edfffef..00000000000 --- a/tests/wpt/meta/fetch/metadata/worker.https.sub.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker.https.sub.html] - [undefined: sec-fetch-dest] - expected: FAIL - - [undefined: sec-fetch-mode] - expected: FAIL - - [undefined: sec-fetch-site] - expected: FAIL