From f68dc2fd5ce115b44efefe1f59dee0abff4d9275 Mon Sep 17 00:00:00 2001
From: Marco Castelluccio <mcastelluccio@mozilla.com>
Date: Fri, 4 Oct 2019 04:55:08 +0000
Subject: [PATCH] Bug 1539632 [wpt PR 16036] - Verify `Sec-Fetch-Site` is
 correct for domains with trailing dots., a=testonly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Automatic update from web-platform-tests
Verify `Sec-Fetch-Site` is correct for domains with trailing dots.

`example.com` != `example.com.`. These are clearly distinct origins,
and we don't currently consider them to have the same registrable
domain (though there's a bit of a question about that. See
https://github.com/publicsuffix/list/issues/792), so they ought
to compare as `cross-site`

This patch adds a test for this behavior, and teaches the test harness
to resolve domains that end in `.test.`.

Closes https://github.com/mikewest/sec-metadata/issues/15.

Bug: 843478
Change-Id: Ic71afeda69f274c23c19608177756d882307a59d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1536180
Commit-Queue: Mike West <mkwstchromium.org>
Reviewed-by: Łukasz Anforowicz <lukaszachromium.org>
Cr-Commit-Position: refs/heads/master{#644261}

--

wpt-commits: 22be9a97638436380f88d871ecefac3f1aebfe53
wpt-pr: 16036

UltraBlame original commit: 6ca0a07819aec89c6c7b5bee689fc559ff504b8d
---
 .../trailing-dot.tentative.https.sub.html     | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html

diff --git a/testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html b/testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html
new file mode 100644
index 000000000000..85f9c73c6ae2
--- /dev/null
+++ b/testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/fetch/sec-metadata/resources/helper.js></script>
+<script>
+  // Site
+  promise_test(t => {
+    return fetch("https://{{host}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from the same origin, but spelled with a trailing dot.");
+
+  promise_test(t => {
+    return fetch("https://{{hosts[][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from the same site, but spelled with a trailing dot.");
+
+  promise_test(t => {
+    return fetch("https://{{hosts[alt][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from a cross-site host, spelled with a trailing dot.");
+</script>