Verify Sec-Fetch-Site is correct for domains with trailing dots.

`example.com` != `example.com.`. These are clearly distinct origins, and we don't currently consider them to have the same registrable domain (though there's a bit of a question about that. See publicsuffix/list#792), so they ought to compare as `cross-site` This patch adds a test for this behavior, and teaches the test harness to resolve domains that end in `.test.`. Closes w3c/webappsec-fetch-metadata#15. Bug: 843478 Change-Id: Ic71afeda69f274c23c19608177756d882307a59d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1536180 Commit-Queue: Mike West <[email protected]> Reviewed-by: Łukasz Anforowicz <[email protected]> Cr-Commit-Position: refs/heads/master@{#644261}
web-platform-tests · Mar 26, 2019 · 405c943 · 405c943
1 parent a960bba
commit 405c943
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/fetch/sec-metadata/trailing-dot.tentative.https.sub.html b/fetch/sec-metadata/trailing-dot.tentative.https.sub.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/fetch/sec-metadata/resources/helper.js></script>
+<script>
+  // Site
+  promise_test(t => {
+    return fetch("https://{{host}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from the same origin, but spelled with a trailing dot.");
+
+  promise_test(t => {
+    return fetch("https://{{hosts[][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from the same site, but spelled with a trailing dot.");
+
+  promise_test(t => {
+    return fetch("https://{{hosts[alt][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from a cross-site host, spelled with a trailing dot.");
+</script>