Skip to content

Commit

Permalink
Verify Sec-Fetch-Site is correct for domains with trailing dots.
Browse files Browse the repository at this point in the history
`example.com` != `example.com.`. They ought to have the same registrable
domain, and therefore compare as `same-site`, rather than `same-origin`.

Addresses w3c/webappsec-fetch-metadata#15.

Bug: 843478
Change-Id: Ic71afeda69f274c23c19608177756d882307a59d
  • Loading branch information
mikewest authored and chromium-wpt-export-bot committed Mar 23, 2019
1 parent 4cc42c3 commit 88d8cf9
Showing 1 changed file with 45 additions and 0 deletions.
45 changes: 45 additions & 0 deletions fetch/sec-metadata/trailing-dot.tentative.https.sub.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
<!DOCTYPE html>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/fetch/sec-metadata/resources/helper.js></script>
<script>
// Site
promise_test(t => {
return fetch("https://{{host}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-site",
"user": "?F",
"mode": "cors",
});
});
}, "Fetching a resource from the same origin, but spelled with a trailing dot.");

promise_test(t => {
return fetch("https://{{hosts[][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "same-site",
"user": "?F",
"mode": "cors",
});
});
}, "Fetching a resource from the same site, but spelled with a trailing dot.");

promise_test(t => {
return fetch("https://{{hosts[alt][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
.then(r => r.json())
.then(j => {
assert_header_equals(j, {
"dest": "empty",
"site": "cross-site",
"user": "?F",
"mode": "cors",
});
});
}, "Fetching a resource from a cross-site host, spelled with a trailing dot.");
</script>

0 comments on commit 88d8cf9

Please sign in to comment.