From aba7f32dbb06e11db9d1ed131dfe8a9b7f5e0452 Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Fri, 4 Oct 2019 11:40:03 +0000 Subject: [PATCH] Bug 1539632 [wpt PR 16036] - Verify `Sec-Fetch-Site` is correct for domains with trailing dots., a=testonly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Automatic update from web-platform-tests Verify `Sec-Fetch-Site` is correct for domains with trailing dots. `example.com` != `example.com.`. These are clearly distinct origins, and we don't currently consider them to have the same registrable domain (though there's a bit of a question about that. See https://github.com/publicsuffix/list/issues/792), so they ought to compare as `cross-site` This patch adds a test for this behavior, and teaches the test harness to resolve domains that end in `.test.`. Closes https://github.com/mikewest/sec-metadata/issues/15. Bug: 843478 Change-Id: Ic71afeda69f274c23c19608177756d882307a59d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1536180 Commit-Queue: Mike West Reviewed-by: Ɓukasz Anforowicz Cr-Commit-Position: refs/heads/master{#644261} -- wpt-commits: 22be9a97638436380f88d871ecefac3f1aebfe53 wpt-pr: 16036 UltraBlame original commit: 0a934b7e89ef947c2709720d115a98691dcb4add --- .../trailing-dot.tentative.https.sub.html | 465 ++++++++++++++++++ 1 file changed, 465 insertions(+) create mode 100644 testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html diff --git a/testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html b/testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html new file mode 100644 index 0000000000000..7fcfca75cab7f --- /dev/null +++ b/testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html @@ -0,0 +1,465 @@ +< +! +DOCTYPE +html +> +< +script +src += +/ +resources +/ +testharness +. +js +> +< +/ +script +> +< +script +src += +/ +resources +/ +testharnessreport +. +js +> +< +/ +script +> +< +script +src += +/ +fetch +/ +sec +- +metadata +/ +resources +/ +helper +. +js +> +< +/ +script +> +< +script +> +/ +/ +Site +promise_test +( +t += +> +{ +return +fetch +( +" +https +: +/ +/ +{ +{ +host +} +} +. +: +{ +{ +ports +[ +https +] +[ +0 +] +} +} +/ +fetch +/ +sec +- +metadata +/ +resources +/ +echo +- +as +- +json +. +py +" +) +. +then +( +r += +> +r +. +json +( +) +) +. +then +( +j += +> +{ +assert_header_equals +( +j +{ +" +dest +" +: +" +empty +" +" +site +" +: +" +cross +- +site +" +" +user +" +: +" +? +F +" +" +mode +" +: +" +cors +" +} +) +; +} +) +; +} +" +Fetching +a +resource +from +the +same +origin +but +spelled +with +a +trailing +dot +. +" +) +; +promise_test +( +t += +> +{ +return +fetch +( +" +https +: +/ +/ +{ +{ +hosts +[ +] +[ +www +] +} +} +. +: +{ +{ +ports +[ +https +] +[ +0 +] +} +} +/ +fetch +/ +sec +- +metadata +/ +resources +/ +echo +- +as +- +json +. +py +" +) +. +then +( +r += +> +r +. +json +( +) +) +. +then +( +j += +> +{ +assert_header_equals +( +j +{ +" +dest +" +: +" +empty +" +" +site +" +: +" +cross +- +site +" +" +user +" +: +" +? +F +" +" +mode +" +: +" +cors +" +} +) +; +} +) +; +} +" +Fetching +a +resource +from +the +same +site +but +spelled +with +a +trailing +dot +. +" +) +; +promise_test +( +t += +> +{ +return +fetch +( +" +https +: +/ +/ +{ +{ +hosts +[ +alt +] +[ +www +] +} +} +. +: +{ +{ +ports +[ +https +] +[ +0 +] +} +} +/ +fetch +/ +sec +- +metadata +/ +resources +/ +echo +- +as +- +json +. +py +" +) +. +then +( +r += +> +r +. +json +( +) +) +. +then +( +j += +> +{ +assert_header_equals +( +j +{ +" +dest +" +: +" +empty +" +" +site +" +: +" +cross +- +site +" +" +user +" +: +" +? +F +" +" +mode +" +: +" +cors +" +} +) +; +} +) +; +} +" +Fetching +a +resource +from +a +cross +- +site +host +spelled +with +a +trailing +dot +. +" +) +; +< +/ +script +>