Bug 1539632 [wpt PR 16036] - Verify `Sec-Fetch-Site` is correct for domains with trailing dots., a=testonly
authorMike West <mkwst@chromium.org>
Thu, 18 Apr 2019 11:55:31 +0000
changeset 529921 6ca0a07819aec89c6c7b5bee689fc559ff504b8d
parent 529920 8879e7c9fbd007093cae6d7c4d9014760648ab40
child 529922 a0b1302eb96beb2ddc4c8657353a9b6fa14e020f
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1539632, 16036, 843478, 1536180, 644261
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1539632 [wpt PR 16036] - Verify `Sec-Fetch-Site` is correct for domains with trailing dots., a=testonly Automatic update from web-platform-tests Verify `Sec-Fetch-Site` is correct for domains with trailing dots. `example.com` != `example.com.`. These are clearly distinct origins, and we don't currently consider them to have the same registrable domain (though there's a bit of a question about that. See https://github.com/publicsuffix/list/issues/792), so they ought to compare as `cross-site` This patch adds a test for this behavior, and teaches the test harness to resolve domains that end in `.test.`. Closes https://github.com/mikewest/sec-metadata/issues/15. Bug: 843478 Change-Id: Ic71afeda69f274c23c19608177756d882307a59d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1536180 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Ɓukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#644261} -- wpt-commits: 22be9a97638436380f88d871ecefac3f1aebfe53 wpt-pr: 16036
testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/fetch/sec-metadata/trailing-dot.tentative.https.sub.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/fetch/sec-metadata/resources/helper.js></script>
+<script>
+  // Site
+  promise_test(t => {
+    return fetch("https://{{host}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from the same origin, but spelled with a trailing dot.");
+
+  promise_test(t => {
+    return fetch("https://{{hosts[][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from the same site, but spelled with a trailing dot.");
+
+  promise_test(t => {
+    return fetch("https://{{hosts[alt][www]}}.:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
+        .then(r => r.json())
+        .then(j => {
+          assert_header_equals(j, {
+            "dest": "empty",
+            "site": "cross-site",
+            "user": "?F",
+            "mode": "cors",
+          });
+        });
+  }, "Fetching a resource from a cross-site host, spelled with a trailing dot.");
+</script>