From b93752a06f9498f774aed288663259cd738f1a7c Mon Sep 17 00:00:00 2001 From: Mike West Date: Sat, 30 Mar 2019 00:57:26 -0700 Subject: [PATCH] Send `Sec-Fetch-User` only for user-activated, navigational requests. As per the conversation in mikewest/sec-metadata#23 and mikewest/sec-metadata#19, this patch drops the `Sec-Fetch-User` header for non-navigational requests, and for navigational requests that are not user-activated. Bug: 947444 Change-Id: Ica4846bda6ccf4e8bce1323803954f4fef9c18a3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1545871 Reviewed-by: Alex Moshchuk Commit-Queue: Mike West Cr-Commit-Position: refs/heads/master@{#646086} --- .../embed.tentative.https.sub.html | 6 +- .../fetch.tentative.https.sub.html | 12 +- .../font.tentative.https.sub.html | 6 +- .../iframe.tentative.https.sub.html | 134 ++++++++++-------- .../sec-metadata/img.tentative.https.sub.html | 12 +- .../object.tentative.https.sub.html | 6 +- ...oss-site-redirect.tentative.https.sub.html | 6 +- ...direct-cross-site.tentative.https.sub.html | 2 +- ...edirect-same-site.tentative.https.sub.html | 2 +- ...e-origin-redirect.tentative.https.sub.html | 6 +- ...ame-site-redirect.tentative.https.sub.html | 6 +- .../report.tentative.https.sub.html | 6 +- .../script.tentative.https.sub.html | 8 +- .../serviceworker.tentative.https.sub.html | 2 +- .../sharedworker.tentative.https.sub.html | 2 +- .../style.tentative.https.sub.html | 8 +- .../track.tentative.https.sub.html | 8 +- .../trailing-dot.tentative.https.sub.html | 6 +- .../window-open.tentative.https.sub.html | 12 +- .../worker.tentative.https.sub.html | 2 +- .../xslt.tentative.https.sub.html | 6 +- 21 files changed, 143 insertions(+), 115 deletions(-) diff --git a/fetch/sec-metadata/embed.tentative.https.sub.html b/fetch/sec-metadata/embed.tentative.https.sub.html index b97de9ef2fd4c0..c46765b37c6325 100644 --- a/fetch/sec-metadata/embed.tentative.https.sub.html +++ b/fetch/sec-metadata/embed.tentative.https.sub.html @@ -16,7 +16,7 @@ let e = document.createElement('embed'); e.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"embed", "site":"same-origin", "user":"?F", "mode":"no-cors"}; + let expected = {"dest":"embed", "site":"same-origin", "user":"", "mode":"no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -35,7 +35,7 @@ let e = document.createElement('embed'); e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"embed", "site":"same-site", "user":"?F", "mode":"no-cors"}; + let expected = {"dest":"embed", "site":"same-site", "user":"", "mode":"no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -54,7 +54,7 @@ let e = document.createElement('embed'); e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"embed", "site":"cross-site", "user":"?F", "mode":"no-cors"}; + let expected = {"dest":"embed", "site":"cross-site", "user":"", "mode":"no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) diff --git a/fetch/sec-metadata/fetch.tentative.https.sub.html b/fetch/sec-metadata/fetch.tentative.https.sub.html index dc4b977ac6ec65..bffb4275df8e99 100644 --- a/fetch/sec-metadata/fetch.tentative.https.sub.html +++ b/fetch/sec-metadata/fetch.tentative.https.sub.html @@ -11,7 +11,7 @@ assert_header_equals(j, { "dest": "empty", "site": "same-origin", - "user": "?F", + "user": "", "mode": "cors", }); }); @@ -24,7 +24,7 @@ assert_header_equals(j, { "dest": "empty", "site": "same-site", - "user": "?F", + "user": "", "mode": "cors", }); }); @@ -37,7 +37,7 @@ assert_header_equals(j, { "dest": "empty", "site": "cross-site", - "user": "?F", + "user": "", "mode": "cors", }); }); @@ -51,7 +51,7 @@ assert_header_equals(j, { "dest": "empty", "site": "same-origin", - "user": "?F", + "user": "", "mode": "same-origin", }); }); @@ -64,7 +64,7 @@ assert_header_equals(j, { "dest": "empty", "site": "same-origin", - "user": "?F", + "user": "", "mode": "cors", }); }); @@ -77,7 +77,7 @@ assert_header_equals(j, { "dest": "empty", "site": "same-origin", - "user": "?F", + "user": "", "mode": "no-cors", }); }); diff --git a/fetch/sec-metadata/font.tentative.https.sub.html b/fetch/sec-metadata/font.tentative.https.sub.html index 9792f2dce9427c..60163ee714686f 100644 --- a/fetch/sec-metadata/font.tentative.https.sub.html +++ b/fetch/sec-metadata/font.tentative.https.sub.html @@ -46,7 +46,7 @@ promise_test(t => { return new Promise((resolve, reject) => { let key = "font-same-origin"; - let expected = {"dest":"font", "site":"same-origin", "user":"?F", "mode": "cors"}; + let expected = {"dest":"font", "site":"same-origin", "user":"", "mode": "cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -58,7 +58,7 @@ promise_test(t => { return new Promise((resolve, reject) => { let key = "font-same-site"; - let expected = {"dest":"font", "site":"same-site", "user":"?F", "mode": "cors"}; + let expected = {"dest":"font", "site":"same-site", "user":"", "mode": "cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -70,7 +70,7 @@ promise_test(t => { return new Promise((resolve, reject) => { let key = "font-cross-site"; - let expected = {"dest":"font", "site":"cross-site", "user":"?F", "mode": "cors"}; + let expected = {"dest":"font", "site":"cross-site", "user":"", "mode": "cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) diff --git a/fetch/sec-metadata/iframe.tentative.https.sub.html b/fetch/sec-metadata/iframe.tentative.https.sub.html index 056d8fdba945dd..461d9f28fa1e89 100644 --- a/fetch/sec-metadata/iframe.tentative.https.sub.html +++ b/fetch/sec-metadata/iframe.tentative.https.sub.html @@ -1,63 +1,85 @@ + + + diff --git a/fetch/sec-metadata/img.tentative.https.sub.html b/fetch/sec-metadata/img.tentative.https.sub.html index 802ae25b775c0b..717e385bd040be 100644 --- a/fetch/sec-metadata/img.tentative.https.sub.html +++ b/fetch/sec-metadata/img.tentative.https.sub.html @@ -23,7 +23,9 @@ assert_header_equals(got, { "dest": "image", "site": "same-origin", - "user": "?F", + // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way + // that `image.py` encodes data. + "user": undefined, "mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin` }); }), @@ -45,7 +47,9 @@ assert_header_equals(got, { "dest": "image", "site": "same-site", - "user": "?F", + // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way + // that `image.py` encodes data. + "user": undefined, "mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin` }); }), @@ -67,7 +71,9 @@ assert_header_equals(got, { "dest": "image", "site": "cross-site", - "user": "?F", + // Note that we're using `undefined` here, as opposed to "" elsewhere because of the way + // that `image.py` encodes data. + "user": undefined, "mode": "cors", // Because `loadImageInWindow` tacks on `crossorigin` }); }), diff --git a/fetch/sec-metadata/object.tentative.https.sub.html b/fetch/sec-metadata/object.tentative.https.sub.html index 474962918b0307..b60ae206c78b3d 100644 --- a/fetch/sec-metadata/object.tentative.https.sub.html +++ b/fetch/sec-metadata/object.tentative.https.sub.html @@ -16,7 +16,7 @@ let e = document.createElement('object'); e.data = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"object", "site":"same-origin", "user":"?F", "mode":"no-cors"}; + let expected = {"dest":"object", "site":"same-origin", "user":"", "mode":"no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -35,7 +35,7 @@ let e = document.createElement('object'); e.data = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"object", "site":"same-site", "user":"?F", "mode":"no-cors"}; + let expected = {"dest":"object", "site":"same-site", "user":"", "mode":"no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -54,7 +54,7 @@ let e = document.createElement('object'); e.data = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"object", "site":"cross-site", "user":"?F", "mode":"no-cors"}; + let expected = {"dest":"object", "site":"cross-site", "user":"", "mode":"no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) diff --git a/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html b/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html index 1634a29f379149..06b58744fb5a26 100644 --- a/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html +++ b/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html @@ -15,7 +15,7 @@ let e = document.createElement('img'); e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) @@ -41,7 +41,7 @@ let e = document.createElement('img'); e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) @@ -67,7 +67,7 @@ let e = document.createElement('img'); e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) diff --git a/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html index 7647a5b1c89a99..e173bb053fedd4 100644 --- a/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html +++ b/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html @@ -17,7 +17,7 @@ e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// cross-site "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin - let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) diff --git a/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html b/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html index e83d6fd97e844f..d19a1896ad77e6 100644 --- a/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html +++ b/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html @@ -17,7 +17,7 @@ e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-site "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin - let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) diff --git a/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html index 2033eab5979a61..0b4fdfeec58b6f 100644 --- a/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html +++ b/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html @@ -15,7 +15,7 @@ let e = document.createElement('img'); e.src = "/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"same-origin", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"same-origin", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) @@ -42,7 +42,7 @@ let e = document.createElement('img'); e.src = "/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) @@ -69,7 +69,7 @@ let e = document.createElement('img'); e.src = "/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) diff --git a/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html b/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html index c5b6830abed5f1..70c0afef228834 100644 --- a/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html +++ b/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html @@ -15,7 +15,7 @@ let e = document.createElement('img'); e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) @@ -42,7 +42,7 @@ let e = document.createElement('img'); e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"same-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"same-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) @@ -69,7 +69,7 @@ let e = document.createElement('img'); e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; - let expected = {"dest":"image", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"image", "site":"cross-site", "user":"", "mode": "no-cors"}; e.onload = e => { fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) diff --git a/fetch/sec-metadata/report.tentative.https.sub.html b/fetch/sec-metadata/report.tentative.https.sub.html index 405964e08923ae..eb6c76b57c75a7 100644 --- a/fetch/sec-metadata/report.tentative.https.sub.html +++ b/fetch/sec-metadata/report.tentative.https.sub.html @@ -22,9 +22,9 @@ document.addEventListener("securitypolicyviolation", (e) => { counter++; if (counter == 3) { - generate_test({"dest":"report", "site":"same-origin", "user":"?F", "mode": "no-cors"}, "same-origin"); - generate_test({"dest":"report", "site":"same-site", "user":"?F", "mode": "no-cors"}, "same-site"); - generate_test({"dest":"report", "site":"cross-site", "user":"?F", "mode": "no-cors"}, "cross-site"); + generate_test({"dest":"report", "site":"same-origin", "user":"", "mode": "no-cors"}, "same-origin"); + generate_test({"dest":"report", "site":"same-site", "user":"", "mode": "no-cors"}, "same-site"); + generate_test({"dest":"report", "site":"cross-site", "user":"", "mode": "no-cors"}, "cross-site"); done(); } diff --git a/fetch/sec-metadata/script.tentative.https.sub.html b/fetch/sec-metadata/script.tentative.https.sub.html index a35e753c7898cc..b2874a37da1ebb 100644 --- a/fetch/sec-metadata/script.tentative.https.sub.html +++ b/fetch/sec-metadata/script.tentative.https.sub.html @@ -12,7 +12,7 @@ assert_header_equals(header, { "dest": "script", "site": "same-origin", - "user": "?F", + "user": "", "mode": "no-cors", }); }, "Same-origin script"); @@ -27,7 +27,7 @@ assert_header_equals(header, { "dest": "script", "site": "same-site", - "user": "?F", + "user": "", "mode": "no-cors", }); }, "Same-site script"); @@ -42,7 +42,7 @@ assert_header_equals(header, { "dest": "script", "site": "cross-site", - "user": "?F", + "user": "", "mode": "no-cors", }); }, "Cross-site script"); @@ -57,7 +57,7 @@ assert_header_equals(header, { "dest": "script", "site": "same-origin", - "user": "?F", + "user": "", "mode": "cors", }); }, "Same-origin CORS script"); diff --git a/fetch/sec-metadata/serviceworker.tentative.https.sub.html b/fetch/sec-metadata/serviceworker.tentative.https.sub.html index 590a6c33475d26..ee436d9265ff85 100644 --- a/fetch/sec-metadata/serviceworker.tentative.https.sub.html +++ b/fetch/sec-metadata/serviceworker.tentative.https.sub.html @@ -38,7 +38,7 @@ function test_same_origin(){ promise_test(t => { return new Promise((resolve, reject) => { - let expected = {"dest":"serviceworker", "site":"same-origin", "user":"?F", "mode": "same-origin"}; + let expected = {"dest":"serviceworker", "site":"same-origin", "user":"", "mode": "same-origin"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) diff --git a/fetch/sec-metadata/sharedworker.tentative.https.sub.html b/fetch/sec-metadata/sharedworker.tentative.https.sub.html index a1c558ad35dfbd..ddd4cc9914eb28 100644 --- a/fetch/sec-metadata/sharedworker.tentative.https.sub.html +++ b/fetch/sec-metadata/sharedworker.tentative.https.sub.html @@ -28,7 +28,7 @@ function test_same_origin(){ promise_test(t => { return new Promise((resolve, reject) => { - let expected = {"dest":"sharedworker", "site":"same-origin", "user":"?F", "mode": "same-origin"}; + let expected = {"dest":"sharedworker", "site":"same-origin", "user":"", "mode": "same-origin"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) diff --git a/fetch/sec-metadata/style.tentative.https.sub.html b/fetch/sec-metadata/style.tentative.https.sub.html index 46f64f49bde0ce..19cc16d8017cc2 100644 --- a/fetch/sec-metadata/style.tentative.https.sub.html +++ b/fetch/sec-metadata/style.tentative.https.sub.html @@ -17,7 +17,7 @@ e.rel = "stylesheet"; e.href = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"style", "site":"same-origin", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"style", "site":"same-origin", "user":"", "mode": "no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -37,7 +37,7 @@ e.rel = "stylesheet"; e.href = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"style", "site":"same-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"style", "site":"same-site", "user":"", "mode": "no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -57,7 +57,7 @@ e.rel = "stylesheet"; e.href = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.onload = e => { - let expected = {"dest":"style", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"style", "site":"cross-site", "user":"", "mode": "no-cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) @@ -78,7 +78,7 @@ e.href = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key; e.crossOrigin = "anonymous"; e.onload = e => { - let expected = {"dest":"style", "site":"same-origin", "user":"?F", "mode": "cors"}; + let expected = {"dest":"style", "site":"same-origin", "user":"", "mode": "cors"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) diff --git a/fetch/sec-metadata/track.tentative.https.sub.html b/fetch/sec-metadata/track.tentative.https.sub.html index 817e4845edb215..fe525caf155233 100644 --- a/fetch/sec-metadata/track.tentative.https.sub.html +++ b/fetch/sec-metadata/track.tentative.https.sub.html @@ -36,7 +36,7 @@ expected = { "dest": "track", "site": "same-origin", - "user": "?F", + "user": "", "mode": "cors" // Because the `video` element has `crossorigin` }; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) @@ -59,7 +59,7 @@ expected = { "dest": "track", "site": "same-site", - "user": "?F", + "user": "", "mode": "cors" // Because the `video` element has `crossorigin` }; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) @@ -84,7 +84,7 @@ expected = { "dest": "track", "site": "cross-site", - "user": "?F", + "user": "", "mode": "cors" // Because the `video` element has `crossorigin` }; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) @@ -112,7 +112,7 @@ expected = { "dest":"track", "site":"same-origin", - "user":"?F", + "user":"", "mode": "same-origin" }; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) diff --git a/fetch/sec-metadata/trailing-dot.tentative.https.sub.html b/fetch/sec-metadata/trailing-dot.tentative.https.sub.html index 85f9c73c6ae22f..ff0e842d5118cb 100644 --- a/fetch/sec-metadata/trailing-dot.tentative.https.sub.html +++ b/fetch/sec-metadata/trailing-dot.tentative.https.sub.html @@ -11,7 +11,7 @@ assert_header_equals(j, { "dest": "empty", "site": "cross-site", - "user": "?F", + "user": "", "mode": "cors", }); }); @@ -24,7 +24,7 @@ assert_header_equals(j, { "dest": "empty", "site": "cross-site", - "user": "?F", + "user": "", "mode": "cors", }); }); @@ -37,7 +37,7 @@ assert_header_equals(j, { "dest": "empty", "site": "cross-site", - "user": "?F", + "user": "", "mode": "cors", }); }); diff --git a/fetch/sec-metadata/window-open.tentative.https.sub.html b/fetch/sec-metadata/window-open.tentative.https.sub.html index ef2bc81824ea5f..0be9f2ce577d5c 100644 --- a/fetch/sec-metadata/window-open.tentative.https.sub.html +++ b/fetch/sec-metadata/window-open.tentative.https.sub.html @@ -17,7 +17,7 @@ assert_header_equals(e.data, { "dest": "document", "site": "same-origin", - "user": "?F", + "user": "", "mode": "navigate", }); t.done(); @@ -34,7 +34,7 @@ assert_header_equals(e.data, { "dest": "document", "site": "same-site", - "user": "?F", + "user": "", "mode": "navigate", }); t.done(); @@ -51,7 +51,7 @@ assert_header_equals(e.data, { "dest": "document", "site": "cross-site", - "user": "?F", + "user": "", "mode": "navigate", }); t.done(); @@ -70,7 +70,7 @@ assert_header_equals(e.data, { "dest": "document", "site": "same-origin", - "user": "?F", + "user": "", "mode": "navigate", }); @@ -94,7 +94,7 @@ assert_header_equals(e.data, { "dest": "document", "site": "same-site", - "user": "?F", + "user": "", "mode": "navigate", }); @@ -118,7 +118,7 @@ assert_header_equals(e.data, { "dest": "document", "site": "cross-site", - "user": "?F", + "user": "", "mode": "navigate", }); diff --git a/fetch/sec-metadata/worker.tentative.https.sub.html b/fetch/sec-metadata/worker.tentative.https.sub.html index dc21d0324f442a..940e25b2a51a41 100644 --- a/fetch/sec-metadata/worker.tentative.https.sub.html +++ b/fetch/sec-metadata/worker.tentative.https.sub.html @@ -13,7 +13,7 @@ let key = "worker-same-origin" + nonce; let w = new Worker("/fetch/sec-metadata/resources/record-header.py?file=" + key); w.onmessage = e => { - let expected = {"dest":"worker", "site":"same-origin", "user":"?F", "mode": "same-origin"}; + let expected = {"dest":"worker", "site":"same-origin", "user":"", "mode": "same-origin"}; fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key) .then(response => response.text()) .then(text => assert_header_equals(text, expected)) diff --git a/fetch/sec-metadata/xslt.tentative.https.sub.html b/fetch/sec-metadata/xslt.tentative.https.sub.html index eea2329900e000..0d429266288e8a 100644 --- a/fetch/sec-metadata/xslt.tentative.https.sub.html +++ b/fetch/sec-metadata/xslt.tentative.https.sub.html @@ -12,21 +12,21 @@ return; promise_test(t => { - let expected = {"dest":"xslt", "site":"same-origin", "user":"?F", "mode": "same-origin"}; + let expected = {"dest":"xslt", "site":"same-origin", "user":"", "mode": "same-origin"}; return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-same-origin") .then(response => response.text()) .then(text => assert_header_equals(text, expected)); }, "Same-Origin xslt"); promise_test(t => { - let expected = {"dest":"xslt", "site":"same-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"xslt", "site":"same-site", "user":"", "mode": "no-cors"}; return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-same-site") .then(response => response.text()) .then(text => assert_header_equals(text, expected)); }, "Same-site xslt"); promise_test(t => { - let expected = {"dest":"xslt", "site":"cross-site", "user":"?F", "mode": "no-cors"}; + let expected = {"dest":"xslt", "site":"cross-site", "user":"", "mode": "no-cors"}; return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-cross-site") .then(response => response.text()) .then(text => assert_header_equals(text, expected));