WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
[patch]
Patch
bug-238265-20220411132849.patch (text/plain), 77.93 KB, created by
Patrick Griffis
on 2022-04-11 11:28:50 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Patrick Griffis
Created:
2022-04-11 11:28:50 PDT
Size:
77.93 KB
patch
obsolete
>Subversion Revision: 291617 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 0ed5018c8763840cacd76fa97e89805f7db481cd..aa5c95c058c5fd205d6f3148edebd278e2ef1fac 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,37 @@ >+2022-03-23 Patrick Griffis <pgriffis@igalia.com> >+ >+ FetchMetadata: Implement Sec-Fetch-Site >+ https://bugs.webkit.org/show_bug.cgi?id=238265 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * loader/CrossOriginAccessControl.cpp: >+ (WebCore::cleanHTTPRequestHeadersForAccessControl): >+ * loader/ResourceLoader.h: >+ * loader/ResourceLoaderOptions.h: >+ (WebCore::ResourceLoaderOptions::fetchMetadataSite): >+ (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): >+ (WebCore::ResourceLoaderOptions::loadedFromPluginElement): Deleted. >+ * loader/SubresourceLoader.cpp: >+ (WebCore::SubresourceLoader::willSendRequestInternal): >+ * loader/ThreadableLoader.cpp: >+ (WebCore::ThreadableLoaderOptions::isolatedCopy const): >+ * loader/cache/CachedResourceLoader.cpp: >+ (WebCore::convertEnumerationToString): >+ (WebCore::updateRequestFetchMetadataHeaders): >+ (WebCore::CachedResourceLoader::computeFetchMetadataSite): >+ (WebCore::CachedResourceLoader::updateRequestAfterRedirection): >+ (WebCore::CachedResourceLoader::updateHTTPRequestHeaders): >+ * loader/cache/CachedResourceLoader.h: >+ * loader/cache/CachedResourceRequest.cpp: >+ (WebCore::CachedResourceRequest::setFetchMetadataSite): >+ (WebCore::CachedResourceRequest::updateFetchMetadataHeaders): Deleted. >+ * loader/cache/CachedResourceRequest.h: >+ * page/SecurityOrigin.cpp: >+ (WebCore::SecurityOrigin::isSameSiteAs const): >+ * page/SecurityOrigin.h: >+ * platform/network/HTTPHeaderNames.in: >+ > 2022-03-22 Zan Dobersek <zdobersek@igalia.com> > > Move TextureMapper member variables, types and code out of GraphicsContextGLANGLE >diff --git a/Source/WebCore/loader/CrossOriginAccessControl.cpp b/Source/WebCore/loader/CrossOriginAccessControl.cpp >index d9ca6fcd9456998f58c62457d21662252652a73b..207d0a5d0586a4146dfc0728305a12cdc8fdf774 100644 >--- a/Source/WebCore/loader/CrossOriginAccessControl.cpp >+++ b/Source/WebCore/loader/CrossOriginAccessControl.cpp >@@ -218,6 +218,7 @@ void cleanHTTPRequestHeadersForAccessControl(ResourceRequest& request, OptionSet > request.removeHTTPHeaderField(HTTPHeaderName::CacheControl); > request.removeHTTPHeaderField(HTTPHeaderName::SecFetchDest); > request.removeHTTPHeaderField(HTTPHeaderName::SecFetchMode); >+ request.removeHTTPHeaderField(HTTPHeaderName::SecFetchSite); > } > > CrossOriginAccessControlCheckDisabler& CrossOriginAccessControlCheckDisabler::singleton() >diff --git a/Source/WebCore/loader/ResourceLoader.h b/Source/WebCore/loader/ResourceLoader.h >index e551d0dc21981b689c44ac6d64ea168284ed9627..a98b438a576d18b4ec899ef6fc942539e7d0bf7f 100644 >--- a/Source/WebCore/loader/ResourceLoader.h >+++ b/Source/WebCore/loader/ResourceLoader.h >@@ -246,10 +246,10 @@ private: > bool m_defersLoading; > bool m_wasAuthenticationChallengeBlocked { false }; > ResourceRequest m_deferredRequest; >- ResourceLoaderOptions m_options; > >-#if ENABLE(CONTENT_EXTENSIONS) > protected: >+ ResourceLoaderOptions m_options; >+#if ENABLE(CONTENT_EXTENSIONS) > OptionSet<ContentExtensions::ResourceType> m_resourceType; > #endif > }; >diff --git a/Source/WebCore/loader/ResourceLoaderOptions.h b/Source/WebCore/loader/ResourceLoaderOptions.h >index 64f4f77b80124a3fcd33157c65c9242199a0d238..8d6d35ce5cd7ae2b36b4604fb32ae532eac609ca 100644 >--- a/Source/WebCore/loader/ResourceLoaderOptions.h >+++ b/Source/WebCore/loader/ResourceLoaderOptions.h >@@ -153,6 +153,14 @@ enum class LoadedFromPluginElement : bool { > }; > static constexpr unsigned bitWidthOfLoadedFromPluginElement = 1; > >+enum class FetchMetadataSite : uint8_t { >+ None, >+ SameOrigin, >+ SameSite, >+ CrossSite >+}; >+static constexpr unsigned bitWidthOfFetchMetadataSite = 2; >+ > struct ResourceLoaderOptions : public FetchOptions { > ResourceLoaderOptions() > : ResourceLoaderOptions(FetchOptions()) >@@ -179,6 +187,7 @@ struct ResourceLoaderOptions : public FetchOptions { > , preflightPolicy(PreflightPolicy::Consider) > , loadedFromOpaqueSource(LoadedFromOpaqueSource::No) > , loadedFromPluginElement(LoadedFromPluginElement::No) >+ , fetchMetadataSite(FetchMetadataSite::None) > { } > > ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentialsPolicy storedCredentialsPolicy, ClientCredentialPolicy credentialPolicy, FetchOptions::Credentials credentials, SecurityCheckPolicy securityCheck, FetchOptions::Mode mode, CertificateInfoPolicy certificateInfoPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition, DefersLoadingPolicy defersLoadingPolicy, CachingPolicy cachingPolicy) >@@ -200,6 +209,7 @@ struct ResourceLoaderOptions : public FetchOptions { > , preflightPolicy(PreflightPolicy::Consider) > , loadedFromOpaqueSource(LoadedFromOpaqueSource::No) > , loadedFromPluginElement(LoadedFromPluginElement::No) >+ , fetchMetadataSite(FetchMetadataSite::None) > > { > this->credentials = credentials; >@@ -234,6 +244,7 @@ struct ResourceLoaderOptions : public FetchOptions { > PreflightPolicy preflightPolicy : bitWidthOfPreflightPolicy; > LoadedFromOpaqueSource loadedFromOpaqueSource : bitWidthOfLoadedFromOpaqueSource; > LoadedFromPluginElement loadedFromPluginElement : bitWidthOfLoadedFromPluginElement; >+ FetchMetadataSite fetchMetadataSite : bitWidthOfFetchMetadataSite; > }; > > } // namespace WebCore >diff --git a/Source/WebCore/loader/SubresourceLoader.cpp b/Source/WebCore/loader/SubresourceLoader.cpp >index 7efcecc493f8b41489772655194d6bacf3164fc1..635b715bc175e66a35495f4b97c0fa521c0b8cdf 100644 >--- a/Source/WebCore/loader/SubresourceLoader.cpp >+++ b/Source/WebCore/loader/SubresourceLoader.cpp >@@ -277,6 +277,8 @@ void SubresourceLoader::willSendRequestInternal(ResourceRequest&& newRequest, co > m_frame->page()->diagnosticLoggingClient().logDiagnosticMessageWithResult(DiagnosticLoggingKeys::cachedResourceRevalidationKey(), emptyString(), DiagnosticLoggingResultFail, ShouldSample::Yes); > } > >+ m_options.fetchMetadataSite = m_documentLoader->cachedResourceLoader().computeFetchMetadataSite(newRequest, m_resource->type(), options().mode, m_origin, options().fetchMetadataSite); >+ > if (!m_documentLoader->cachedResourceLoader().updateRequestAfterRedirection(m_resource->type(), newRequest, options(), originalRequest().url())) { > SUBRESOURCELOADER_RELEASE_LOG("willSendRequestInternal: resource load canceled because CachedResourceLoader::updateRequestAfterRedirection (really CachedResourceLoader::canRequestAfterRedirection) said no"); > cancel(); >diff --git a/Source/WebCore/loader/ThreadableLoader.cpp b/Source/WebCore/loader/ThreadableLoader.cpp >index 208687ad1565385199499b490cc2b1c851c52533..3fe4221b8615e263a043d7040b81753044126810 100644 >--- a/Source/WebCore/loader/ThreadableLoader.cpp >+++ b/Source/WebCore/loader/ThreadableLoader.cpp >@@ -92,6 +92,7 @@ ThreadableLoaderOptions ThreadableLoaderOptions::isolatedCopy() const > copy.maxRedirectCount = this->maxRedirectCount; > copy.preflightPolicy = this->preflightPolicy; > copy.navigationPreloadIdentifier = this->navigationPreloadIdentifier; >+ copy.fetchMetadataSite = this->fetchMetadataSite; > > // ThreadableLoaderOptions > copy.contentSecurityPolicyEnforcement = this->contentSecurityPolicyEnforcement; >diff --git a/Source/WebCore/loader/cache/CachedResourceLoader.cpp b/Source/WebCore/loader/cache/CachedResourceLoader.cpp >index 7d61ccb52b7f50d7f8c96b6f2b514afdad7ccd9f..1a667486eb6b2c6a58792fdec888835d83db035a 100644 >--- a/Source/WebCore/loader/cache/CachedResourceLoader.cpp >+++ b/Source/WebCore/loader/cache/CachedResourceLoader.cpp >@@ -631,6 +631,67 @@ bool CachedResourceLoader::canRequestAfterRedirection(CachedResource::Type type, > return true; > } > >+// Created by binding generator. >+String convertEnumerationToString(FetchOptions::Destination); >+String convertEnumerationToString(FetchOptions::Mode); >+ >+static const String& convertEnumerationToString(FetchMetadataSite enumerationValue) >+{ >+ static NeverDestroyed<const String> none(MAKE_STATIC_STRING_IMPL("none")); >+ static NeverDestroyed<const String> sameOrigin(MAKE_STATIC_STRING_IMPL("same-origin")); >+ static NeverDestroyed<const String> sameSite(MAKE_STATIC_STRING_IMPL("same-site")); >+ static NeverDestroyed<const String> crossSite(MAKE_STATIC_STRING_IMPL("cross-site")); >+ >+ switch (enumerationValue) { >+ case FetchMetadataSite::None: >+ return none; >+ case FetchMetadataSite::SameOrigin: >+ return sameOrigin; >+ case FetchMetadataSite::SameSite: >+ return sameSite; >+ case FetchMetadataSite::CrossSite: >+ return crossSite; >+ } >+ >+ ASSERT_NOT_REACHED(); >+ return emptyString(); >+} >+ >+static void updateRequestFetchMetadataHeaders(ResourceRequest& request, const ResourceLoaderOptions& options) >+{ >+ // Implementing step 13 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch as of 22 Feb 2022 >+ // https://w3c.github.io/webappsec-fetch-metadata/#fetch-integration >+ auto requestOrigin = SecurityOrigin::create(request.url()); >+ if (!requestOrigin->isPotentiallyTrustworthy()) >+ return; >+ >+ // The Fetch IDL documents this as "" while FetchMetadata expects "empty", otherwise they match. >+ String destinationString = options.destination == FetchOptions::Destination::EmptyString ? "empty"_s : convertEnumerationToString(options.destination); >+ request.setHTTPHeaderField(HTTPHeaderName::SecFetchDest, WTFMove(destinationString)); >+ request.setHTTPHeaderField(HTTPHeaderName::SecFetchMode, convertEnumerationToString(options.mode)); >+ request.setHTTPHeaderField(HTTPHeaderName::SecFetchSite, convertEnumerationToString(options.fetchMetadataSite)); >+} >+ >+FetchMetadataSite CachedResourceLoader::computeFetchMetadataSite(ResourceRequest& request, CachedResource::Type type, FetchOptions::Mode mode, RefPtr<SecurityOrigin> originalOrigin, FetchMetadataSite originalSite) >+{ >+ // This is true when a user causes a request, such as entering a URL. >+ if (mode == FetchOptions::Mode::Navigate && type == CachedResource::Type::MainResource && !request.hasHTTPReferrer()) >+ return FetchMetadataSite::None; >+ >+ if (!originalOrigin) >+ return FetchMetadataSite::CrossSite; >+ >+ // If this is a redirect we start with the old value. >+ // The value can never get more "secure" so a full redirect >+ // chain only degrades towards cross-site. >+ Ref<SecurityOrigin> requestOrigin = SecurityOrigin::create(request.url()); >+ if (originalSite == FetchMetadataSite::SameOrigin && originalOrigin->isSameOriginAs(requestOrigin)) >+ return FetchMetadataSite::SameOrigin; >+ if (originalSite != FetchMetadataSite::CrossSite && originalOrigin->isSameSiteAs(requestOrigin)) >+ return FetchMetadataSite::SameSite; >+ return FetchMetadataSite::CrossSite; >+} >+ > bool CachedResourceLoader::updateRequestAfterRedirection(CachedResource::Type type, ResourceRequest& request, const ResourceLoaderOptions& options, const URL& preRedirectURL) > { > ASSERT(m_documentLoader); >@@ -639,6 +700,21 @@ bool CachedResourceLoader::updateRequestAfterRedirection(CachedResource::Type ty > > // FIXME: We might want to align the checks done here with the ones done in CachedResourceLoader::requestResource, content extensions blocking in particular. > >+#if ENABLE(PUBLIC_SUFFIX_LIST) >+ if (m_documentLoader->frame()->settings().fetchMetadataEnabled()) { >+ auto requestOrigin = SecurityOrigin::create(request.url()); >+ >+ // In the case of a protocol downgrade we strip all FetchMetadata headers. >+ // Otherwise we add or update FetchMetadata. >+ if (!requestOrigin->isPotentiallyTrustworthy()) { >+ request.removeHTTPHeaderField(HTTPHeaderName::SecFetchDest); >+ request.removeHTTPHeaderField(HTTPHeaderName::SecFetchMode); >+ request.removeHTTPHeaderField(HTTPHeaderName::SecFetchSite); >+ } else >+ updateRequestFetchMetadataHeaders(request, options); >+ } >+#endif // ENABLE(PUBLIC_SUFFIX_LIST) >+ > return canRequestAfterRedirection(type, request.url(), options, preRedirectURL); > } > >@@ -795,8 +871,15 @@ void CachedResourceLoader::updateHTTPRequestHeaders(FrameLoader& frameLoader, Ca > // FIXME: We should reconcile handling of MainResource with other resources. > if (type != CachedResource::Type::MainResource) > request.updateReferrerAndOriginHeaders(frameLoader); >- if (frameLoader.frame().settings().fetchMetadataEnabled()) >- request.updateFetchMetadataHeaders(); >+#if ENABLE(PUBLIC_SUFFIX_LIST) >+ // FetchMetadata depends on PSL to determine same-site relationships and without this >+ // ability it is best to not set any FetchMetadata headers as sites generally expect >+ // all of them or none. >+ if (frameLoader.frame().settings().fetchMetadataEnabled()) { >+ request.setFetchMetadataSite(computeFetchMetadataSite(request.resourceRequest(), type, request.options().mode, &frameLoader.frame().document()->securityOrigin())); >+ updateRequestFetchMetadataHeaders(request.resourceRequest(), request.options()); >+ } >+#endif // ENABLE(PUBLIC_SUFFIX_LIST) > request.updateUserAgentHeader(frameLoader); > > request.updateAccordingCacheMode(); >diff --git a/Source/WebCore/loader/cache/CachedResourceLoader.h b/Source/WebCore/loader/cache/CachedResourceLoader.h >index 3fad9a4930725f86b52f7135b2ba69b9a55449f2..20954fc767beadbcca6bb7d565fb4b514a3fae91 100644 >--- a/Source/WebCore/loader/cache/CachedResourceLoader.h >+++ b/Source/WebCore/loader/cache/CachedResourceLoader.h >@@ -169,6 +169,8 @@ public: > > Vector<CachedResource*> visibleResourcesToPrioritize(); > >+ static FetchMetadataSite computeFetchMetadataSite(ResourceRequest&, CachedResource::Type, FetchOptions::Mode, RefPtr<SecurityOrigin> originalOrigin, FetchMetadataSite originalSite = FetchMetadataSite::SameOrigin); >+ > private: > explicit CachedResourceLoader(DocumentLoader*); > >diff --git a/Source/WebCore/loader/cache/CachedResourceRequest.cpp b/Source/WebCore/loader/cache/CachedResourceRequest.cpp >index 2ae7930f66c1578066f601823115584f84ebecea..2e7d3986648ff7f084413bf25d05d30b37969b44 100644 >--- a/Source/WebCore/loader/cache/CachedResourceRequest.cpp >+++ b/Source/WebCore/loader/cache/CachedResourceRequest.cpp >@@ -41,10 +41,6 @@ > > namespace WebCore { > >-// Created by binding generator. >-String convertEnumerationToString(FetchOptions::Destination); >-String convertEnumerationToString(FetchOptions::Mode); >- > CachedResourceRequest::CachedResourceRequest(ResourceRequest&& resourceRequest, const ResourceLoaderOptions& options, std::optional<ResourceLoadPriority> priority, String&& charset) > : m_resourceRequest(WTFMove(resourceRequest)) > , m_charset(WTFMove(charset)) >@@ -254,20 +250,6 @@ void CachedResourceRequest::updateReferrerAndOriginHeaders(FrameLoader& frameLoa > FrameLoader::addHTTPOriginIfNeeded(m_resourceRequest, outgoingOrigin); > } > >-void CachedResourceRequest::updateFetchMetadataHeaders() >-{ >- // Implementing step 13 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch as of 22 Feb 2022 >- // https://w3c.github.io/webappsec-fetch-metadata/#fetch-integration >- auto requestOrigin = SecurityOrigin::create(m_resourceRequest.url()); >- if (!requestOrigin->isPotentiallyTrustworthy()) >- return; >- >- // The Fetch IDL documents this as "" while FetchMetadata expects "empty", otherwise they match. >- String destinationString = m_options.destination == FetchOptions::Destination::EmptyString ? "empty"_s : convertEnumerationToString(m_options.destination); >- m_resourceRequest.setHTTPHeaderField(HTTPHeaderName::SecFetchDest, WTFMove(destinationString)); >- m_resourceRequest.setHTTPHeaderField(HTTPHeaderName::SecFetchMode, convertEnumerationToString(m_options.mode)); >-} >- > void CachedResourceRequest::updateUserAgentHeader(FrameLoader& frameLoader) > { > frameLoader.applyUserAgentIfNeeded(m_resourceRequest); >@@ -296,6 +278,11 @@ void CachedResourceRequest::setDestinationIfNotSet(FetchOptions::Destination des > m_options.destination = destination; > } > >+void CachedResourceRequest::setFetchMetadataSite(FetchMetadataSite site) >+{ >+ m_options.fetchMetadataSite = site; >+} >+ > #if ENABLE(SERVICE_WORKER) > void CachedResourceRequest::setClientIdentifierIfNeeded(ScriptExecutionContextIdentifier clientIdentifier) > { >diff --git a/Source/WebCore/loader/cache/CachedResourceRequest.h b/Source/WebCore/loader/cache/CachedResourceRequest.h >index 57415170c6a2bb7671d0e5f64e157f6d6a997441..ff8a44c7a4e901a390052b37a0f6347dc4b25d84 100644 >--- a/Source/WebCore/loader/cache/CachedResourceRequest.h >+++ b/Source/WebCore/loader/cache/CachedResourceRequest.h >@@ -75,10 +75,10 @@ public: > void setIgnoreForRequestCount(bool ignoreForRequestCount) { m_ignoreForRequestCount = ignoreForRequestCount; } > > void setDestinationIfNotSet(FetchOptions::Destination); >+ void setFetchMetadataSite(FetchMetadataSite); > > void updateForAccessControl(Document&); > >- void updateFetchMetadataHeaders(); > void updateReferrerPolicy(ReferrerPolicy); > void updateReferrerAndOriginHeaders(FrameLoader&); > void updateUserAgentHeader(FrameLoader&); >diff --git a/Source/WebCore/page/SecurityOrigin.cpp b/Source/WebCore/page/SecurityOrigin.cpp >index 4ba5191e6b3e409879c219c166a83fe712a3587a..f813eeb333fd7a01ae3848846909b0dce417b4ca 100644 >--- a/Source/WebCore/page/SecurityOrigin.cpp >+++ b/Source/WebCore/page/SecurityOrigin.cpp >@@ -468,6 +468,27 @@ bool SecurityOrigin::isSameOriginAs(const SecurityOrigin& other) const > return isSameSchemeHostPort(other); > } > >+bool SecurityOrigin::isSameSiteAs(const SecurityOrigin& other) const >+{ >+#if ENABLE(PUBLIC_SUFFIX_LIST) >+ // https://html.spec.whatwg.org/#sites:same-site >+ if (isUnique() != other.isUnique()) >+ return false; >+ if (!isUnique() && protocol() != other.protocol()) >+ return false; >+ >+ if (isUnique()) >+ return isSameOriginAs(other); >+ >+ if (domain().isEmpty()) >+ return host() == other.host(); >+ >+ return topPrivatelyControlledDomain(domain()) == topPrivatelyControlledDomain(other.domain()); >+#else >+ return false; >+#endif // ENABLE(PUBLIC_SUFFIX_LIST) >+} >+ > bool SecurityOrigin::isMatchingRegistrableDomainSuffix(const String& domainSuffix, bool treatIPAddressAsDomain) const > { > if (domainSuffix.isEmpty()) >diff --git a/Source/WebCore/page/SecurityOrigin.h b/Source/WebCore/page/SecurityOrigin.h >index 8c86ad57fcd2f8c2680b888ea4ae028a7f306a7b..e0c394cd20a1b45b2d3834bbafd3942a21ae0e53 100644 >--- a/Source/WebCore/page/SecurityOrigin.h >+++ b/Source/WebCore/page/SecurityOrigin.h >@@ -207,6 +207,10 @@ public: > // https://html.spec.whatwg.org/multipage/browsers.html#same-origin > WEBCORE_EXPORT bool isSameOriginAs(const SecurityOrigin&) const; > >+ // This method implements "same site" algorithm from the HTML Standard: >+ // https://html.spec.whatwg.org/multipage/origin.html#same-site >+ WEBCORE_EXPORT bool isSameSiteAs(const SecurityOrigin&) const; >+ > // This method implements the "is a registrable domain suffix of or is equal to" algorithm from the HTML Standard: > // https://html.spec.whatwg.org/multipage/origin.html#is-a-registrable-domain-suffix-of-or-is-equal-to > WEBCORE_EXPORT bool isMatchingRegistrableDomainSuffix(const String&, bool treatIPAddressAsDomain = false) const; >diff --git a/Source/WebCore/platform/network/HTTPHeaderNames.in b/Source/WebCore/platform/network/HTTPHeaderNames.in >index 9edb2b2d7821e171996d7f216ab92e5259f62d71..513d2d7226e9d8b551d4f63c45973370c87f3cab 100644 >--- a/Source/WebCore/platform/network/HTTPHeaderNames.in >+++ b/Source/WebCore/platform/network/HTTPHeaderNames.in >@@ -86,6 +86,7 @@ Refresh > Report-To > Sec-Fetch-Dest > Sec-Fetch-Mode >+Sec-Fetch-Site > Sec-WebSocket-Accept > Sec-WebSocket-Extensions > Sec-WebSocket-Key >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 2c7281e358104273166e0cc15ffe7c5d83b45430..9c76287d512aeb535d11a002e1a7f82718dcad80 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,13 @@ >+2022-03-23 Patrick Griffis <pgriffis@igalia.com> >+ >+ FetchMetadata: Implement Sec-Fetch-Site >+ https://bugs.webkit.org/show_bug.cgi?id=238265 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * TestExpectations: >+ * http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt: >+ > 2022-03-22 Carlos Garcia Campos <cgarcia@igalia.com> > > [GTK][WPE] Remove the ATK implementation >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index 98144e2d3aacc982e23fb40121d83f6409a7f377..a5d7cb9a831bdece88539285521ac1f9d4c621a1 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,34 @@ >+2022-03-23 Patrick Griffis <pgriffis@igalia.com> >+ >+ FetchMetadata: Implement Sec-Fetch-Site >+ https://bugs.webkit.org/show_bug.cgi?id=238265 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt: >+ * web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt: >+ * web-platform-tests/fetch/metadata/fetch.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/font.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/form.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/iframe.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/img.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/navigation.https.sub-expected.txt: Added. >+ * web-platform-tests/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/redirect/redirect-https-downgrade.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/script.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/script.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/unload.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/worker.https.sub-expected.txt: >+ * web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt: >+ * web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt: >+ > 2022-03-22 Ziran Sun <zsun@igalia.com> > > [selection] Change form's selection attribute to unsigned long >diff --git a/LayoutTests/TestExpectations b/LayoutTests/TestExpectations >index e4baf8affb4476679b5836c0c864dab9cdf8b079..624e6e36c8cf1927e804486f96569f36911c021e 100644 >--- a/LayoutTests/TestExpectations >+++ b/LayoutTests/TestExpectations >@@ -1048,7 +1048,6 @@ imported/w3c/web-platform-tests/fetch/metadata/embed.https.sub.tentative.html [ > imported/w3c/web-platform-tests/fetch/metadata/form.https.sub.html [ Skip ] > imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub.html [ Skip ] > imported/w3c/web-platform-tests/fetch/metadata/iframe.sub.html [ Skip ] >-imported/w3c/web-platform-tests/fetch/metadata/navigation.https.sub.html [ Skip ] > imported/w3c/web-platform-tests/fetch/metadata/style.https.sub.html [ Skip ] > imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub.html [ Skip ] > imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub.html [ Skip ] >diff --git a/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt b/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt >index 6546f6b875ec435fa95e157e4f33b2b8e6db23ab..be8c6999fad0f76a3a1a3086d0d1c5e2ae78334e 100644 >--- a/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt >+++ b/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt >@@ -3,6 +3,6 @@ > PASS Same-Origin -> Same-Origin redirect > PASS undefined: sec-fetch-dest > PASS undefined: sec-fetch-mode >-FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS undefined: sec-fetch-site > PASS undefined: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt >index 3cc22cd84126c12feafbac139db4b90512c6a375..319a66fa8bc4d672187c5b874ba1f1bf2c2595fe 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt >@@ -2,6 +2,6 @@ > PASS Sec-Fetch headers after SW fallback > PASS undefined: sec-fetch-dest > PASS undefined: sec-fetch-mode >-FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS undefined: sec-fetch-site > PASS undefined: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt >index 3cc22cd84126c12feafbac139db4b90512c6a375..319a66fa8bc4d672187c5b874ba1f1bf2c2595fe 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt >@@ -2,6 +2,6 @@ > PASS Sec-Fetch headers after SW fallback > PASS undefined: sec-fetch-dest > PASS undefined: sec-fetch-mode >-FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS undefined: sec-fetch-site > PASS undefined: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt >index 9c22634159439f30149adc03b31113b75e8796a5..45d4932eb6baaedccc16f2ebc574758a3b59682c 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt >@@ -8,18 +8,18 @@ PASS CORS mode > PASS no-CORS mode > PASS Same-origin fetch: sec-fetch-dest > PASS Same-origin fetch: sec-fetch-mode >-FAIL Same-origin fetch: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-origin fetch: sec-fetch-site > PASS Same-origin fetch: sec-fetch-user > PASS Same-origin mode: sec-fetch-dest > PASS Same-origin mode: sec-fetch-mode >-FAIL Same-origin mode: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-origin mode: sec-fetch-site > PASS Same-origin mode: sec-fetch-user > PASS CORS mode: sec-fetch-dest > PASS CORS mode: sec-fetch-mode >-FAIL CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS CORS mode: sec-fetch-site > PASS CORS mode: sec-fetch-user > PASS no-CORS mode: sec-fetch-dest > PASS no-CORS mode: sec-fetch-mode >-FAIL no-CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS no-CORS mode: sec-fetch-site > PASS no-CORS mode: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt >index 9c22634159439f30149adc03b31113b75e8796a5..45d4932eb6baaedccc16f2ebc574758a3b59682c 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt >@@ -8,18 +8,18 @@ PASS CORS mode > PASS no-CORS mode > PASS Same-origin fetch: sec-fetch-dest > PASS Same-origin fetch: sec-fetch-mode >-FAIL Same-origin fetch: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-origin fetch: sec-fetch-site > PASS Same-origin fetch: sec-fetch-user > PASS Same-origin mode: sec-fetch-dest > PASS Same-origin mode: sec-fetch-mode >-FAIL Same-origin mode: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-origin mode: sec-fetch-site > PASS Same-origin mode: sec-fetch-user > PASS CORS mode: sec-fetch-dest > PASS CORS mode: sec-fetch-mode >-FAIL CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS CORS mode: sec-fetch-site > PASS CORS mode: sec-fetch-user > PASS no-CORS mode: sec-fetch-dest > PASS no-CORS mode: sec-fetch-mode >-FAIL no-CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS no-CORS mode: sec-fetch-site > PASS no-CORS mode: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt >index 13ad512c1e285ba3416faf5446d2f92d62739d69..54d1821e69a537ffeb5dda2aa89ac1e841b90be2 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt >@@ -3,10 +3,10 @@ PASS http->https fetch (cross-scheme => cross-site) > PASS http->http fetch (non-trustworthy destination => no metadata) > PASS http->https fetch (cross-scheme => cross-site): sec-fetch-dest > PASS http->https fetch (cross-scheme => cross-site): sec-fetch-mode >-FAIL http->https fetch (cross-scheme => cross-site): sec-fetch-site assert_equals: expected "cross-site" but got "" >+PASS http->https fetch (cross-scheme => cross-site): sec-fetch-site > PASS http->https fetch (cross-scheme => cross-site): sec-fetch-user > FAIL http->http fetch (non-trustworthy destination => no metadata): sec-fetch-dest assert_equals: expected "" but got "empty" > FAIL http->http fetch (non-trustworthy destination => no metadata): sec-fetch-mode assert_equals: expected "" but got "cors" >-PASS http->http fetch (non-trustworthy destination => no metadata): sec-fetch-site >+FAIL http->http fetch (non-trustworthy destination => no metadata): sec-fetch-site assert_equals: expected "" but got "same-origin" > PASS http->http fetch (non-trustworthy destination => no metadata): sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt >index 31fd6faaf342fefac08107c2d7d93eea652cab18..8b9c55fb0dbf38a8948526cdfca66a92fd6d9be3 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt >@@ -8,6 +8,6 @@ FAIL Same-Site font assert_not_equals: got disallowed value "No header has been > FAIL Cross-Site font assert_not_equals: got disallowed value "No header has been recorded" > PASS Same-Origin font: sec-fetch-dest > FAIL Same-Origin font: sec-fetch-mode assert_equals: expected "cors" but got "no-cors" >-FAIL Same-Origin font: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-Origin font: sec-fetch-site > PASS Same-Origin font: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/form.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/form.https.sub-expected.txt >index 4246220d2238e1cb75c3019a5f42d8b7a30f503e..fad947a4cbb7240a3ef7812e1f9db346891950e8 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/form.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/form.https.sub-expected.txt >@@ -5,17 +5,25 @@ > Harness Error (TIMEOUT), message = null > > PASS localhost -> localhost:9443 iframe: forced >-TIMEOUT localhost -> www.localhost:9443 iframe: forced Test timed out >+PASS localhost -> www.localhost:9443 iframe: forced > TIMEOUT localhost -> www.127.0.0.1:9443 iframe: forced Test timed out > PASS localhost -> localhost:9443 iframe: user-activated >-TIMEOUT localhost -> www.localhost:9443 iframe: user-activated Test timed out >+PASS localhost -> www.localhost:9443 iframe: user-activated > TIMEOUT localhost -> www.127.0.0.1:9443 iframe: user-activated Test timed out >-FAIL localhost -> localhost:9443 iframe: forced: sec-fetch-dest assert_equals: expected "document" but got "" >-FAIL localhost -> localhost:9443 iframe: forced: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL localhost -> localhost:9443 iframe: forced: sec-fetch-site assert_equals: expected "same-origin" but got "" >-PASS localhost -> localhost:9443 iframe: forced: sec-fetch-user >-FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-dest assert_equals: expected "document" but got "" >-FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS localhost -> localhost:9443 iframe: user-activated: sec-fetch-dest >+PASS localhost -> localhost:9443 iframe: user-activated: sec-fetch-mode >+PASS localhost -> localhost:9443 iframe: user-activated: sec-fetch-site > FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-user assert_equals: expected "?1" but got "" >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-dest >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-mode >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-site >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-user >+PASS localhost -> www.localhost:9443 iframe: forced: sec-fetch-dest >+PASS localhost -> www.localhost:9443 iframe: forced: sec-fetch-mode >+FAIL localhost -> www.localhost:9443 iframe: forced: sec-fetch-site assert_equals: expected "same-site" but got "cross-site" >+PASS localhost -> www.localhost:9443 iframe: forced: sec-fetch-user >+PASS localhost -> www.localhost:9443 iframe: user-activated: sec-fetch-dest >+PASS localhost -> www.localhost:9443 iframe: user-activated: sec-fetch-mode >+FAIL localhost -> www.localhost:9443 iframe: user-activated: sec-fetch-site assert_equals: expected "same-site" but got "cross-site" >+FAIL localhost -> www.localhost:9443 iframe: user-activated: sec-fetch-user assert_equals: expected "?1" but got "" > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt >index 11b10a04f979fafad4bf7661706968d4523ae5e5..2493f3c159789cf8bdc2dff577be3f86546fb5d8 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt >@@ -1,7 +1,5 @@ > Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/post-to-owner.py >-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/post-to-owner.py > Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/post-to-owner.py >-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/post-to-owner.py > This is a link!This is a link!This is a link! > > Harness Error (TIMEOUT), message = null >@@ -12,12 +10,12 @@ TIMEOUT localhost -> www.127.0.0.1:9443 iframe: forced Test timed out > PASS localhost -> localhost:9443 iframe: user-activated > TIMEOUT localhost -> www.localhost:9443 iframe: user-activated Test timed out > TIMEOUT localhost -> www.127.0.0.1:9443 iframe: user-activated Test timed out >-FAIL localhost -> localhost:9443 iframe: forced: sec-fetch-dest assert_equals: expected "iframe" but got "" >-FAIL localhost -> localhost:9443 iframe: forced: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL localhost -> localhost:9443 iframe: forced: sec-fetch-site assert_equals: expected "same-origin" but got "" >-PASS localhost -> localhost:9443 iframe: forced: sec-fetch-user >-FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-dest assert_equals: expected "iframe" but got "" >-FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS localhost -> localhost:9443 iframe: user-activated: sec-fetch-dest >+PASS localhost -> localhost:9443 iframe: user-activated: sec-fetch-mode >+PASS localhost -> localhost:9443 iframe: user-activated: sec-fetch-site > FAIL localhost -> localhost:9443 iframe: user-activated: sec-fetch-user assert_equals: expected "?1" but got "" >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-dest >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-mode >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-site >+PASS localhost -> localhost:9443 iframe: forced: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.sub-expected.txt >index ff9ddb98649dee03f2f010afd8f19daea505a5f5..2a202eb95362b7aec057faab614c0f137b3909be 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.sub-expected.txt >@@ -1,5 +1,4 @@ > Blocked access to external URL http://www.localhost:8800/fetch/metadata/resources/post-to-owner.py >-Blocked access to external URL http://www.127.0.0.1:8800/fetch/metadata/resources/post-to-owner.py > > > Harness Error (TIMEOUT), message = null >@@ -8,12 +7,12 @@ PASS Non-secure same-origin iframe => No headers > TIMEOUT Non-secure same-site iframe => No headers Test timed out > TIMEOUT Non-secure cross-site iframe => No headers. Test timed out > PASS Secure, cross-site (cross-scheme, same-host) iframe >-PASS Non-secure same-origin iframe => No headers: sec-fetch-dest >-PASS Non-secure same-origin iframe => No headers: sec-fetch-mode >-PASS Non-secure same-origin iframe => No headers: sec-fetch-site >+FAIL Non-secure same-origin iframe => No headers: sec-fetch-dest assert_equals: expected "" but got "iframe" >+FAIL Non-secure same-origin iframe => No headers: sec-fetch-mode assert_equals: expected "" but got "navigate" >+FAIL Non-secure same-origin iframe => No headers: sec-fetch-site assert_equals: expected "" but got "same-origin" > PASS Non-secure same-origin iframe => No headers: sec-fetch-user >-FAIL Secure, cross-site (cross-scheme, same-host) iframe: sec-fetch-dest assert_equals: expected "iframe" but got "" >-FAIL Secure, cross-site (cross-scheme, same-host) iframe: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Secure, cross-site (cross-scheme, same-host) iframe: sec-fetch-site assert_equals: expected "cross-site" but got "" >+PASS Secure, cross-site (cross-scheme, same-host) iframe: sec-fetch-dest >+PASS Secure, cross-site (cross-scheme, same-host) iframe: sec-fetch-mode >+PASS Secure, cross-site (cross-scheme, same-host) iframe: sec-fetch-site > PASS Secure, cross-site (cross-scheme, same-host) iframe: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt >index e5003638189170898b2c916bd05aedb989b9af0c..19c1f695e1cedfc18ad9f18ec2dd37550167a4f1 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt >@@ -6,6 +6,6 @@ FAIL Same-site image promise_test: Unhandled rejection with value: object "[obje > FAIL Cross-site image promise_test: Unhandled rejection with value: object "[object Event]" > PASS Same-origin image: sec-fetch-dest > PASS Same-origin image: sec-fetch-mode >-FAIL Same-origin image: sec-fetch-site assert_equals: expected (string) "same-origin" but got (undefined) undefined >+PASS Same-origin image: sec-fetch-site > PASS Same-origin image: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/navigation.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/navigation.https.sub-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..f33c9e6659df9f15ac8ca892f0b8884aed5373a6 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/navigation.https.sub-expected.txt >@@ -0,0 +1,7 @@ >+ >+PASS This page's top-level navigation. >+PASS undefined: sec-fetch-dest >+PASS undefined: sec-fetch-mode >+PASS undefined: sec-fetch-site >+PASS undefined: sec-fetch-user >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub-expected.txt >index 7eb7d10096b57b82f7d4b4c62d039b18c969ed8c..284185a52744927b2141f6a34bfbd165bba16ccb 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub-expected.txt >@@ -5,41 +5,25 @@ Harness Error (TIMEOUT), message = null > > PASS Https downgrade-upgrade iframe > PASS Https downgrade-upgrade top level navigation >-PASS Https downgrade-upgrade embed >-PASS Https downgrade-upgrade fetch() api >-PASS Https downgrade-upgrade object >+TIMEOUT Https downgrade-upgrade embed Test timed out >+NOTRUN Https downgrade-upgrade fetch() api >+NOTRUN Https downgrade-upgrade object > PASS Https downgrade-upgrade preload >-PASS Https downgrade-upgrade stylesheet >-TIMEOUT Https downgrade-upgrade track Test timed out >+NOTRUN Https downgrade-upgrade stylesheet >+NOTRUN Https downgrade-upgrade track > NOTRUN Https downgrade-upgrade image => No headers > PASS Https downgrade-upgrade script => No headers >-FAIL Https downgrade-upgrade script => No headers: sec-fetch-dest assert_equals: expected "script" but got "" >-FAIL Https downgrade-upgrade script => No headers: sec-fetch-mode assert_equals: expected "no-cors" but got "" >-FAIL Https downgrade-upgrade script => No headers: sec-fetch-site assert_equals: expected "cross-site" but got "" >+PASS Https downgrade-upgrade script => No headers: sec-fetch-dest >+PASS Https downgrade-upgrade script => No headers: sec-fetch-mode >+PASS Https downgrade-upgrade script => No headers: sec-fetch-site > PASS Https downgrade-upgrade script => No headers: sec-fetch-user >-FAIL Https downgrade-upgrade iframe: sec-fetch-dest assert_equals: expected "iframe" but got "" >-FAIL Https downgrade-upgrade iframe: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Https downgrade-upgrade iframe: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Https downgrade-upgrade iframe: sec-fetch-user >-FAIL Https downgrade-upgrade top level navigation: sec-fetch-dest assert_equals: expected "document" but got "" >-FAIL Https downgrade-upgrade top level navigation: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Https downgrade-upgrade top level navigation: sec-fetch-site assert_equals: expected "cross-site" but got "" >+PASS Https downgrade-upgrade top level navigation: sec-fetch-dest >+PASS Https downgrade-upgrade top level navigation: sec-fetch-mode >+PASS Https downgrade-upgrade top level navigation: sec-fetch-site > PASS Https downgrade-upgrade top level navigation: sec-fetch-user >+PASS Https downgrade-upgrade iframe: sec-fetch-dest >+PASS Https downgrade-upgrade iframe: sec-fetch-mode >+PASS Https downgrade-upgrade iframe: sec-fetch-site >+PASS Https downgrade-upgrade iframe: sec-fetch-user > NOTRUN Https downgrade-upgrade font => No headers >-FAIL Https downgrade-upgrade embed: sec-fetch-dest assert_equals: expected "embed" but got "" >-FAIL Https downgrade-upgrade embed: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Https downgrade-upgrade embed: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Https downgrade-upgrade embed: sec-fetch-user >-FAIL Https downgrade-upgrade fetch() api: sec-fetch-dest assert_equals: expected "empty" but got "" >-FAIL Https downgrade-upgrade fetch() api: sec-fetch-mode assert_equals: expected "cors" but got "" >-FAIL Https downgrade-upgrade fetch() api: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Https downgrade-upgrade fetch() api: sec-fetch-user >-FAIL Https downgrade-upgrade object: sec-fetch-dest assert_equals: expected "object" but got "" >-FAIL Https downgrade-upgrade object: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Https downgrade-upgrade object: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Https downgrade-upgrade object: sec-fetch-user >-FAIL Https downgrade-upgrade stylesheet: sec-fetch-dest assert_equals: expected "style" but got "" >-FAIL Https downgrade-upgrade stylesheet: sec-fetch-mode assert_equals: expected "no-cors" but got "" >-FAIL Https downgrade-upgrade stylesheet: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Https downgrade-upgrade stylesheet: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub-expected.txt >index e49bb240cf661f255ac5cc100cc66c19f706ff03..34b8421c6c478578ffce0de470e5a8bc56af7fc3 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub-expected.txt >@@ -5,41 +5,25 @@ Harness Error (TIMEOUT), message = null > > PASS Http upgrade iframe > PASS Http upgrade top level navigation >-PASS Http upgrade embed >-PASS Http upgrade fetch() api >-PASS Http upgrade object >+TIMEOUT Http upgrade embed Test timed out >+NOTRUN Http upgrade fetch() api >+NOTRUN Http upgrade object > PASS Http upgrade preload >-PASS Http upgrade stylesheet >-TIMEOUT Http upgrade track Test timed out >+NOTRUN Http upgrade stylesheet >+NOTRUN Http upgrade track > NOTRUN Http upgrade image => No headers > PASS Http upgrade script => No headers >-FAIL Http upgrade script => No headers: sec-fetch-dest assert_equals: expected "script" but got "" >-FAIL Http upgrade script => No headers: sec-fetch-mode assert_equals: expected "no-cors" but got "" >-FAIL Http upgrade script => No headers: sec-fetch-site assert_equals: expected "cross-site" but got "" >+PASS Http upgrade script => No headers: sec-fetch-dest >+PASS Http upgrade script => No headers: sec-fetch-mode >+PASS Http upgrade script => No headers: sec-fetch-site > PASS Http upgrade script => No headers: sec-fetch-user >-FAIL Http upgrade iframe: sec-fetch-dest assert_equals: expected "iframe" but got "" >-FAIL Http upgrade iframe: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Http upgrade iframe: sec-fetch-site assert_equals: expected "cross-site" but got "" >+PASS Http upgrade iframe: sec-fetch-dest >+PASS Http upgrade iframe: sec-fetch-mode >+PASS Http upgrade iframe: sec-fetch-site > PASS Http upgrade iframe: sec-fetch-user >-FAIL Http upgrade top level navigation: sec-fetch-dest assert_equals: expected "document" but got "" >-FAIL Http upgrade top level navigation: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Http upgrade top level navigation: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Http upgrade top level navigation: sec-fetch-user > NOTRUN Http upgrade font => No headers >-FAIL Http upgrade embed: sec-fetch-dest assert_equals: expected "embed" but got "" >-FAIL Http upgrade embed: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Http upgrade embed: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Http upgrade embed: sec-fetch-user >-FAIL Http upgrade fetch() api: sec-fetch-dest assert_equals: expected "empty" but got "" >-FAIL Http upgrade fetch() api: sec-fetch-mode assert_equals: expected "cors" but got "" >-FAIL Http upgrade fetch() api: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Http upgrade fetch() api: sec-fetch-user >-FAIL Http upgrade object: sec-fetch-dest assert_equals: expected "object" but got "" >-FAIL Http upgrade object: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Http upgrade object: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Http upgrade object: sec-fetch-user >-FAIL Http upgrade stylesheet: sec-fetch-dest assert_equals: expected "style" but got "" >-FAIL Http upgrade stylesheet: sec-fetch-mode assert_equals: expected "no-cors" but got "" >-FAIL Http upgrade stylesheet: sec-fetch-site assert_equals: expected "cross-site" but got "" >-PASS Http upgrade stylesheet: sec-fetch-user >+PASS Http upgrade top level navigation: sec-fetch-dest >+PASS Http upgrade top level navigation: sec-fetch-mode >+PASS Http upgrade top level navigation: sec-fetch-site >+PASS Http upgrade top level navigation: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-https-downgrade.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-https-downgrade.sub-expected.txt >index e696679b81b9899274fb289c920cf41618f49549..55df88298ae7185560b22052ea5bb514ce4bd152 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-https-downgrade.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-https-downgrade.sub-expected.txt >@@ -5,41 +5,25 @@ Harness Error (TIMEOUT), message = null > > PASS Https downgrade iframe > PASS Https downgrade top level navigation >-PASS Https downgrade embed >-PASS Https downgrade fetch() api >-PASS Https downgrade object >+TIMEOUT Https downgrade embed Test timed out >+NOTRUN Https downgrade fetch() api >+NOTRUN Https downgrade object > PASS Https downgrade preload >-PASS Https downgrade stylesheet >-TIMEOUT Https downgrade track Test timed out >+NOTRUN Https downgrade stylesheet >+NOTRUN Https downgrade track > NOTRUN Https downgrade image => No headers > PASS Https downgrade script => No headers >-PASS Https downgrade script => No headers: sec-fetch-mode >-PASS Https downgrade script => No headers: sec-fetch-site >+FAIL Https downgrade script => No headers: sec-fetch-mode assert_equals: expected "" but got "no-cors" >+FAIL Https downgrade script => No headers: sec-fetch-site assert_equals: expected "" but got "cross-site" > PASS Https downgrade script => No headers: sec-fetch-user >-PASS Https downgrade script => No headers: sec-fetch-dest >-PASS Https downgrade iframe: sec-fetch-dest >-PASS Https downgrade iframe: sec-fetch-mode >-PASS Https downgrade iframe: sec-fetch-site >-PASS Https downgrade iframe: sec-fetch-user >-PASS Https downgrade top level navigation: sec-fetch-dest >-PASS Https downgrade top level navigation: sec-fetch-mode >-PASS Https downgrade top level navigation: sec-fetch-site >+FAIL Https downgrade script => No headers: sec-fetch-dest assert_equals: expected "" but got "script" >+FAIL Https downgrade top level navigation: sec-fetch-dest assert_equals: expected "" but got "document" >+FAIL Https downgrade top level navigation: sec-fetch-mode assert_equals: expected "" but got "navigate" >+FAIL Https downgrade top level navigation: sec-fetch-site assert_equals: expected "" but got "cross-site" > PASS Https downgrade top level navigation: sec-fetch-user >+FAIL Https downgrade iframe: sec-fetch-dest assert_equals: expected "" but got "iframe" >+FAIL Https downgrade iframe: sec-fetch-mode assert_equals: expected "" but got "navigate" >+FAIL Https downgrade iframe: sec-fetch-site assert_equals: expected "" but got "cross-site" >+PASS Https downgrade iframe: sec-fetch-user > NOTRUN Https downgrade font => No headers >-PASS Https downgrade embed: sec-fetch-dest >-PASS Https downgrade embed: sec-fetch-mode >-PASS Https downgrade embed: sec-fetch-site >-PASS Https downgrade embed: sec-fetch-user >-PASS Https downgrade fetch() api: sec-fetch-dest >-PASS Https downgrade fetch() api: sec-fetch-mode >-PASS Https downgrade fetch() api: sec-fetch-site >-PASS Https downgrade fetch() api: sec-fetch-user >-PASS Https downgrade object: sec-fetch-dest >-PASS Https downgrade object: sec-fetch-mode >-PASS Https downgrade object: sec-fetch-site >-PASS Https downgrade object: sec-fetch-user >-PASS Https downgrade stylesheet: sec-fetch-dest >-PASS Https downgrade stylesheet: sec-fetch-mode >-PASS Https downgrade stylesheet: sec-fetch-site >-PASS Https downgrade stylesheet: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt >index b856ca40d2721a4f40fabf9f018ea1c4df08c27c..d9338a5ee3fd8308534b59fef3fd34dbb1c33212 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt >@@ -4,7 +4,7 @@ Blocked access to external URL https://www.localhost:9443/fetch/metadata/resourc > PASS Same-origin script > PASS Same-origin script: sec-fetch-dest > PASS Same-origin script: sec-fetch-mode >-FAIL Same-origin script: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-origin script: sec-fetch-site > PASS Same-origin script: sec-fetch-user > PASS Same-site script > FAIL Same-site script: sec-fetch-dest null is not an object (evaluating 'value.dest') >@@ -19,6 +19,6 @@ FAIL Cross-site script: sec-fetch-user null is not an object (evaluating 'value. > PASS Same-origin CORS script > PASS Same-origin CORS script: sec-fetch-dest > PASS Same-origin CORS script: sec-fetch-mode >-FAIL Same-origin CORS script: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-origin CORS script: sec-fetch-site > PASS Same-origin CORS script: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt >index 439439d112fc544ddb2b48599d41028526368da2..39f1b57c738fbb80a29f37834eb7a2390d6c8d12 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt >@@ -4,7 +4,7 @@ Blocked access to external URL http://www.localhost:8800/fetch/metadata/resource > PASS Non-secure same-origin script => No headers > FAIL Non-secure same-origin script => No headers: sec-fetch-dest assert_equals: expected "" but got "script" > FAIL Non-secure same-origin script => No headers: sec-fetch-mode assert_equals: expected "" but got "no-cors" >-PASS Non-secure same-origin script => No headers: sec-fetch-site >+FAIL Non-secure same-origin script => No headers: sec-fetch-site assert_equals: expected "" but got "same-origin" > PASS Non-secure same-origin script => No headers: sec-fetch-user > PASS Non-secure same-site script => No headers > FAIL Non-secure same-site script => No headers: sec-fetch-dest null is not an object (evaluating 'value.dest') >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt >index 6e5687d9c67af116e5fc3965331cb5a34c55aa6b..36a55d4e93ffb222a73e5d7895bceb2074c468a2 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt >@@ -2,10 +2,10 @@ > PASS metadata for service worker scripts > PASS Register service worker: sec-fetch-dest > PASS Register service worker: sec-fetch-mode >-FAIL Register service worker: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Register service worker: sec-fetch-site > PASS Register service worker: sec-fetch-user > PASS Update service worker: sec-fetch-dest > PASS Update service worker: sec-fetch-mode >-FAIL Update service worker: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Update service worker: sec-fetch-site > PASS Update service worker: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt >index 30cef3643c5cb7ecb6864e7cf0aac5bf88e8c411..39a45265394744b5fb7254d46954ac579eac83cb 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt >@@ -2,6 +2,6 @@ > PASS Same-Origin sharedworker > PASS undefined: sec-fetch-dest > PASS undefined: sec-fetch-mode >-FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS undefined: sec-fetch-site > PASS undefined: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt >index fff4c17f48812414b813c00dba96449513a0fb03..4d4e207667c61c88bdc3e25f5e38dc2ed4942a8b 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt >@@ -3,6 +3,6 @@ > PASS Fetch from an unload handler > PASS undefined: sec-fetch-dest > PASS undefined: sec-fetch-mode >-FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS undefined: sec-fetch-site > PASS undefined: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt >index bc15bb9c3bb8245e514ef819d5e9b2c43117cc67..4f988cb13a2f02e66ccfb679c7d3634a0738ba68 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt >@@ -1,32 +1,29 @@ > Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/post-to-owner.py >-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/post-to-owner.py > Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/post-to-owner.py >-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/post-to-owner.py > Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/post-to-owner.py >-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/post-to-owner.py > > > Harness Error (TIMEOUT), message = null > > PASS Same-origin window, forced > TIMEOUT Same-site window, forced Test timed out >-TIMEOUT Cross-site window, forced Test timed out >+FAIL Cross-site window, forced The string did not match the expected pattern. > PASS Same-origin window, forced, reloaded > TIMEOUT Same-site window, forced, reloaded Test timed out >-TIMEOUT Cross-site window, forced, reloaded Test timed out >+FAIL Cross-site window, forced, reloaded The string did not match the expected pattern. > PASS Same-origin window, user-activated > TIMEOUT Same-site window, user-activated Test timed out >-TIMEOUT Cross-site window, user-activated Test timed out >-FAIL Same-origin window, forced: sec-fetch-dest assert_equals: expected "document" but got "" >-FAIL Same-origin window, forced: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Same-origin window, forced: sec-fetch-site assert_equals: expected "same-origin" but got "" >+FAIL Cross-site window, user-activated The string did not match the expected pattern. >+PASS Same-origin window, forced: sec-fetch-dest >+PASS Same-origin window, forced: sec-fetch-mode >+PASS Same-origin window, forced: sec-fetch-site > PASS Same-origin window, forced: sec-fetch-user >-FAIL Same-origin window, forced, reloaded: sec-fetch-dest assert_equals: expected "document" but got "" >-FAIL Same-origin window, forced, reloaded: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Same-origin window, forced, reloaded: sec-fetch-site assert_equals: expected "same-origin" but got "" >-PASS Same-origin window, forced, reloaded: sec-fetch-user >-FAIL Same-origin window, user-activated: sec-fetch-dest assert_equals: expected "document" but got "" >-FAIL Same-origin window, user-activated: sec-fetch-mode assert_equals: expected "navigate" but got "" >-FAIL Same-origin window, user-activated: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS Same-origin window, user-activated: sec-fetch-dest >+PASS Same-origin window, user-activated: sec-fetch-mode >+PASS Same-origin window, user-activated: sec-fetch-site > FAIL Same-origin window, user-activated: sec-fetch-user assert_equals: expected "?1" but got "" >+PASS Same-origin window, forced, reloaded: sec-fetch-dest >+PASS Same-origin window, forced, reloaded: sec-fetch-mode >+PASS Same-origin window, forced, reloaded: sec-fetch-site >+PASS Same-origin window, forced, reloaded: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt >index 82a03978e0faf71aa0f8c677dc5515f5689063be..0bdad2787918fe26a078e565470a5e0cb12f78e0 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt >@@ -2,6 +2,6 @@ > PASS Same-Origin worker > PASS undefined: sec-fetch-dest > PASS undefined: sec-fetch-mode >-FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS undefined: sec-fetch-site > PASS undefined: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt >index d0d3c84dab1c6fb9c16b7cd7675d7718d7f76cb6..30f9ab3291a439d67a585641b7dec1b59c3c3867 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt >@@ -2,6 +2,6 @@ > PASS Same-Origin xslt > PASS undefined: sec-fetch-dest > PASS undefined: sec-fetch-mode >-FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got "" >+PASS undefined: sec-fetch-site > PASS undefined: sec-fetch-user > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt >index 1709c55d37394259a5e1f001ad6a9fc5e337bcc4..8a3f00fcb3d613f57f9a27f2f6053a6eb061823e 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt >@@ -39,47 +39,47 @@ PASS POST Navigation, same-origin with cross-site redirect, same-origin redirect > FAIL POST Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct origin and referer headers. assert_equals: origin header expected "null" but got "https://localhost:9443" > PASS POST Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct origin and referer headers. > PASS POST Navigation, same-origin with cross-site redirect, same-origin redirect, and change-request service worker sets correct origin and referer headers. >-FAIL GET Navigation, same-origin with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL POST Navigation, same-origin with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-origin with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL POST Navigation, same-origin with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-origin with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL POST Navigation, same-origin with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-origin with navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-origin with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL POST Navigation, same-origin with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-site with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL POST Navigation, same-site with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL POST Navigation, same-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-site with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL POST Navigation, same-site with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-site with navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL POST Navigation, same-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, cross-site with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL POST Navigation, cross-site with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, cross-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL POST Navigation, cross-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, cross-site with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL POST Navigation, cross-site with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, cross-site with navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, cross-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL POST Navigation, cross-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-origin with same-site redirect and no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-origin with same-site redirect and passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-origin with same-site redirect and fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-origin with same-site redirect and navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "not set" >-FAIL GET Navigation, same-origin with same-site redirect and change-request service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect and no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect and passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect and fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect and navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect and change-request service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect, same-origin redirect, and navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "not set" >-FAIL GET Navigation, same-origin with cross-site redirect, same-origin redirect, and change-request service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-origin" but got "not set" >+PASS GET Navigation, same-origin with no service worker sets correct sec-fetch headers. >+PASS POST Navigation, same-origin with no service worker sets correct sec-fetch headers. >+FAIL GET Navigation, same-origin with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+FAIL POST Navigation, same-origin with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+PASS GET Navigation, same-origin with fallback service worker sets correct sec-fetch headers. >+PASS POST Navigation, same-origin with fallback service worker sets correct sec-fetch headers. >+PASS GET Navigation, same-origin with navpreload service worker sets correct sec-fetch headers. >+FAIL GET Navigation, same-origin with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+FAIL POST Navigation, same-origin with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+FAIL GET Navigation, same-site with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL POST Navigation, same-site with no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL GET Navigation, same-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "same-origin" >+FAIL POST Navigation, same-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "same-origin" >+FAIL GET Navigation, same-site with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL POST Navigation, same-site with fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL GET Navigation, same-site with navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL GET Navigation, same-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+FAIL POST Navigation, same-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+PASS GET Navigation, cross-site with no service worker sets correct sec-fetch headers. >+PASS POST Navigation, cross-site with no service worker sets correct sec-fetch headers. >+FAIL GET Navigation, cross-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "same-origin" >+FAIL POST Navigation, cross-site with passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "same-origin" >+PASS GET Navigation, cross-site with fallback service worker sets correct sec-fetch headers. >+PASS POST Navigation, cross-site with fallback service worker sets correct sec-fetch headers. >+PASS GET Navigation, cross-site with navpreload service worker sets correct sec-fetch headers. >+FAIL GET Navigation, cross-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+FAIL POST Navigation, cross-site with service worker that changes the request sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+FAIL GET Navigation, same-origin with same-site redirect and no service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL GET Navigation, same-origin with same-site redirect and passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "same-origin" >+FAIL GET Navigation, same-origin with same-site redirect and fallback service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL GET Navigation, same-origin with same-site redirect and navpreload service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "same-site" but got "cross-site" >+FAIL GET Navigation, same-origin with same-site redirect and change-request service worker sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+PASS GET Navigation, same-origin with cross-site redirect and no service worker sets correct sec-fetch headers. >+FAIL GET Navigation, same-origin with cross-site redirect and passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "same-origin" >+PASS GET Navigation, same-origin with cross-site redirect and fallback service worker sets correct sec-fetch headers. >+PASS GET Navigation, same-origin with cross-site redirect and navpreload service worker sets correct sec-fetch headers. >+FAIL GET Navigation, same-origin with cross-site redirect and change-request service worker sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" >+PASS GET Navigation, same-origin with cross-site redirect, same-origin redirect, and no service worker sets correct sec-fetch headers. >+FAIL GET Navigation, same-origin with cross-site redirect, same-origin redirect, and passthrough service worker sets correct sec-fetch headers. assert_equals: sec-fetch-site header expected "cross-site" but got "same-origin" >+PASS GET Navigation, same-origin with cross-site redirect, same-origin redirect, and fallback service worker sets correct sec-fetch headers. >+PASS GET Navigation, same-origin with cross-site redirect, same-origin redirect, and navpreload service worker sets correct sec-fetch headers. >+FAIL GET Navigation, same-origin with cross-site redirect, same-origin redirect, and change-request service worker sets correct sec-fetch headers. assert_equals: sec-fetch-dest header expected "empty" but got "iframe" > PASS Cleanup service worker >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=457275">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 238265
:
455507
|
455524
|
456576
|
456854
|
457275
|
457710
|
457749
|
460620
|
460621
|
461641