Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 37 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /service-workers/service-worker/navigation-headers.https.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<title>Service Worker: Navigation Post Request Origin Header</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
<body>
<script>
'use strict';
const script = new URL('./resources/fetch-rewrite-worker.js', self.location);
const base = './resources/navigation-headers-server.py';
const scope = base + '?with-sw';
let registration;
async function post_and_get_headers(t, form_host, method, swaction,
redirect_hosts=[]) {
if (swaction === 'navpreload') {
assert_true('navigationPreload' in registration,
'navigation preload must be supported');
}
let target_string;
if (swaction === 'no-sw') {
target_string = base + '?no-sw';
} else if (swaction === 'fallback') {
target_string = `${scope}&ignore`;
} else {
target_string = `${scope}&${swaction}`;
}
let target = new URL(target_string, self.location);
for (let i = redirect_hosts.length - 1; i >= 0; --i) {
const redirect_url = new URL('./resources/redirect.py', self.location);
redirect_url.hostname = redirect_hosts[i];
redirect_url.search = `?Status=307&Redirect=${encodeURIComponent(target)}`;
target = redirect_url;
}
let popup_url_path;
if (method === 'GET') {
popup_url_path = './resources/location-setter.html';
} else if (method === 'POST') {
popup_url_path = './resources/form-poster.html';
}
const popup_url = new URL(popup_url_path, self.location);
popup_url.hostname = form_host;
popup_url.search = `?target=${encodeURIComponent(target.href)}`;
const message_promise = new Promise(resolve => {
self.addEventListener('message', evt => {
resolve(evt.data);
});
});
const frame = await with_iframe(popup_url);
t.add_cleanup(() => frame.remove());
return await message_promise;
}
const SAME_ORIGIN = new URL(self.location.origin);
const SAME_SITE = new URL(get_host_info().HTTPS_REMOTE_ORIGIN);
const CROSS_SITE = new URL(get_host_info().HTTPS_NOTSAMESITE_ORIGIN);
promise_test(async t => {
registration = await service_worker_unregister_and_register(t, script, scope);
await wait_for_state(t, registration.installing, 'activated');
if (registration.navigationPreload)
await registration.navigationPreload.enable();
}, 'Setup service worker');
//
// Origin and referer headers
//
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'no-sw');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'GET Navigation, same-origin with no service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'no-sw');
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with no service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'passthrough');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'GET Navigation, same-origin with passthrough service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'passthrough');
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with passthrough service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'fallback');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'GET Navigation, same-origin with fallback service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'fallback');
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with fallback service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'navpreload');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'GET Navigation, same-origin with navpreload service worker sets correct ' +
'origin and referer headers.');
// There is no POST test for navpreload since the feature only supports GET
// requests.
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'change-request');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'GET Navigation, same-origin with service worker that changes the ' +
'request sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'change-request');
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'POST Navigation, same-origin with service worker that changes the ' +
'request sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'no-sw');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_SITE.href, 'referer header');
}, 'GET Navigation, same-site with no service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'no-sw');
assert_equals(result.origin, SAME_SITE.origin, 'origin header');
assert_equals(result.referer, SAME_SITE.href, 'referer header');
}, 'POST Navigation, same-site with no service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'passthrough');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_SITE.href, 'referer header');
}, 'GET Navigation, same-site with passthrough service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'passthrough');
assert_equals(result.origin, SAME_SITE.origin, 'origin header');
assert_equals(result.referer, SAME_SITE.href, 'referer header');
}, 'POST Navigation, same-site with passthrough service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'fallback');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_SITE.href, 'referer header');
}, 'GET Navigation, same-site with fallback service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'fallback');
assert_equals(result.origin, SAME_SITE.origin, 'origin header');
assert_equals(result.referer, SAME_SITE.href, 'referer header');
}, 'POST Navigation, same-site with fallback service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'navpreload');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, SAME_SITE.href, 'referer header');
}, 'GET Navigation, same-site with navpreload service worker sets correct ' +
'origin and referer headers.');
// There is no POST test for navpreload since the feature only supports GET
// requests.
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'change-request');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'GET Navigation, same-site with service worker that changes the ' +
'request sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'change-request');
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'POST Navigation, same-site with service worker that changes the ' +
'request sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'no-sw');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, CROSS_SITE.href, 'referer header');
}, 'GET Navigation, cross-site with no service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'no-sw');
assert_equals(result.origin, CROSS_SITE.origin, 'origin header');
assert_equals(result.referer, CROSS_SITE.href, 'referer header');
}, 'POST Navigation, cross-site with no service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'passthrough');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, CROSS_SITE.href, 'referer header');
}, 'GET Navigation, cross-site with passthrough service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'passthrough');
assert_equals(result.origin, CROSS_SITE.origin, 'origin header');
assert_equals(result.referer, CROSS_SITE.href, 'referer header');
}, 'POST Navigation, cross-site with passthrough service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'fallback');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, CROSS_SITE.href, 'referer header');
}, 'GET Navigation, cross-site with fallback service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'fallback');
assert_equals(result.origin, CROSS_SITE.origin, 'origin header');
assert_equals(result.referer, CROSS_SITE.href, 'referer header');
}, 'POST Navigation, cross-site with fallback service worker sets correct ' +
'origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'navpreload');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, CROSS_SITE.href, 'referer header');
}, 'GET Navigation, cross-site with navpreload service worker sets correct ' +
'origin and referer headers.');
// There is no POST test for navpreload since the feature only supports GET
// requests.
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'change-request');
assert_equals(result.origin, 'not set', 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'GET Navigation, cross-site with service worker that changes the ' +
'request sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'change-request');
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'POST Navigation, cross-site with service worker that changes the ' +
'request sets correct origin and referer headers.');
//
// Origin and referer header tests using redirects
//
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'no-sw', [SAME_SITE.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with same-site redirect and no service worker ' +
'sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'passthrough', [SAME_SITE.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with same-site redirect and passthrough service ' +
'worker sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'fallback', [SAME_SITE.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with same-site redirect and fallback service ' +
'worker sets correct origin and referer headers.');
// There is no navpreload case because it does not work with POST requests.
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'change-request', [SAME_SITE.hostname]);
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'POST Navigation, same-origin with same-site redirect and change-request service ' +
'worker sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'no-sw', [CROSS_SITE.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect and no service worker ' +
'sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'passthrough', [CROSS_SITE.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect and passthrough service ' +
'worker sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'fallback', [CROSS_SITE.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect and fallback service ' +
'worker sets correct origin and referer headers.');
// There is no navpreload case because it does not work with POST requests.
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'change-request', [CROSS_SITE.hostname]);
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect and change-request service ' +
'worker sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'no-sw', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and no service worker sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'passthrough', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and passthrough service worker sets correct origin and referer headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'fallback', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result.origin, 'null', 'origin header');
assert_equals(result.referer, SAME_ORIGIN.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and fallback service worker sets correct origin and referer headers.');
// There is no navpreload case because it does not work with POST requests.
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'change-request', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result.origin, SAME_ORIGIN.origin, 'origin header');
assert_equals(result.referer, script.href, 'referer header');
}, 'POST Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and change-request service worker sets correct origin and referer headers.');
//
// Sec-Fetch-* Headers (separated since not all browsers implement them)
//
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'no-sw');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with no service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'no-sw');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'POST Navigation, same-origin with no service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'passthrough');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with passthrough service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'passthrough');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'POST Navigation, same-origin with passthrough service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'fallback');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with fallback service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'fallback');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'POST Navigation, same-origin with fallback service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'navpreload');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with navpreload service worker sets correct ' +
'sec-fetch headers.');
// There is no POST test for navpreload since the feature only supports GET
// requests.
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'change-request');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with service worker that changes the ' +
'request sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'POST',
'change-request');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'POST Navigation, same-origin with service worker that changes the ' +
'request sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'no-sw');
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-site with no service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'no-sw');
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'POST Navigation, same-site with no service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'passthrough');
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-site with passthrough service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'passthrough');
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'POST Navigation, same-site with passthrough service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'fallback');
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-site with fallback service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'fallback');
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'POST Navigation, same-site with fallback service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'navpreload');
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-site with navpreload service worker sets correct ' +
'sec-fetch headers.');
// There is no POST test for navpreload since the feature only supports GET
// requests.
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'GET',
'change-request');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-site with service worker that changes the ' +
'request sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_SITE.hostname, 'POST',
'change-request');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'POST Navigation, same-site with service worker that changes the ' +
'request sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'no-sw');
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, cross-site with no service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'no-sw');
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'POST Navigation, cross-site with no service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'passthrough');
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, cross-site with passthrough service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'passthrough');
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'POST Navigation, cross-site with passthrough service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'fallback');
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, cross-site with fallback service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'fallback');
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'POST Navigation, cross-site with fallback service worker sets correct ' +
'sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'navpreload');
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, cross-site with navpreload service worker sets correct ' +
'sec-fetch headers.');
// There is no POST test for navpreload since the feature only supports GET
// requests.
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'GET',
'change-request');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, cross-site with service worker that changes the ' +
'request sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, CROSS_SITE.hostname, 'POST',
'change-request');
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'POST Navigation, cross-site with service worker that changes the ' +
'request sets correct sec-fetch headers.');
//
// Sec-Fetch-* header tests using redirects
//
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'no-sw', [SAME_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with same-site redirect and no service worker ' +
'sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'passthrough', [SAME_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with same-site redirect and passthrough service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'fallback', [SAME_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with same-site redirect and fallback service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'navpreload', [SAME_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'same-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with same-site redirect and navpreload service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'change-request', [SAME_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with same-site redirect and change-request service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'no-sw', [CROSS_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect and no service worker ' +
'sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'passthrough', [CROSS_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect and passthrough service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'fallback', [CROSS_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect and fallback service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'navpreload', [CROSS_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect and navpreload service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'change-request', [CROSS_SITE.hostname]);
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect and change-request service ' +
'worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'no-sw', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and no service worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'passthrough', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and passthrough service worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'fallback', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and fallback service worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'navpreload', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result['sec-fetch-site'], 'cross-site', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'navigate', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'iframe', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and navpreload service worker sets correct sec-fetch headers.');
promise_test(async t => {
const result = await post_and_get_headers(t, SAME_ORIGIN.hostname, 'GET',
'change-request', [CROSS_SITE.hostname,
SAME_ORIGIN.hostname]);
assert_equals(result['sec-fetch-site'], 'same-origin', 'sec-fetch-site header');
assert_equals(result['sec-fetch-mode'], 'same-origin', 'sec-fetch-mode header');
assert_equals(result['sec-fetch-dest'], 'empty', 'sec-fetch-dest header');
}, 'GET Navigation, same-origin with cross-site redirect, same-origin redirect, ' +
'and change-request service worker sets correct sec-fetch headers.');
promise_test(async t => {
await registration.unregister();
}, 'Cleanup service worker');
</script>
</body>