diff --git a/fetch/metadata/generated/appcache-manifest.https.sub.tentative.html b/fetch/metadata/generated/appcache-manifest.https.sub.tentative.html
new file mode 100644
index 00000000000000..108b7e9f6efd3f
--- /dev/null
+++ b/fetch/metadata/generated/appcache-manifest.https.sub.tentative.html
@@ -0,0 +1,88 @@
+
+
+
+
+
HTTP headers on request for Appcache manifest
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/audioworklet.https.sub.tentative.html b/fetch/metadata/generated/audioworklet.https.sub.tentative.html
new file mode 100644
index 00000000000000..083fee2985492f
--- /dev/null
+++ b/fetch/metadata/generated/audioworklet.https.sub.tentative.html
@@ -0,0 +1,76 @@
+
+
+
+
+ HTTP headers on request for AudioWorklet module
+
+
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/css-font-face.https.sub.tentative.html b/fetch/metadata/generated/css-font-face.https.sub.tentative.html
index 332effeb1f80a5..170657a6b55a0d 100644
--- a/fetch/metadata/generated/css-font-face.https.sub.tentative.html
+++ b/fetch/metadata/generated/css-font-face.https.sub.tentative.html
@@ -194,6 +194,39 @@
});
}, 'sec-fetch-site - Same-Site -> Cross-Site');
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(t, makeRequestURL(key, ['httpsOrigin']))
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-origin']);
+ });
+ }, 'sec-fetch-frame-ancestors - Same origin');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(t, makeRequestURL(key, ['httpsCrossSite']))
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['cross-site']);
+ });
+ }, 'sec-fetch-frame-ancestors - Cross-site');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(t, makeRequestURL(key, ['httpsSameSite']))
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-site']);
+ });
+ }, 'sec-fetch-frame-ancestors - Same site');
+
promise_test((t) => {
const key = '{{uuid()}}';
diff --git a/fetch/metadata/generated/css-font-face.sub.tentative.html b/fetch/metadata/generated/css-font-face.sub.tentative.html
index 8a0b90cee103db..6fc930183ceb37 100644
--- a/fetch/metadata/generated/css-font-face.sub.tentative.html
+++ b/fetch/metadata/generated/css-font-face.sub.tentative.html
@@ -160,6 +160,36 @@
});
}, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(t, makeRequestURL(key, ['httpOrigin']))
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ });
+ }, 'sec-fetch-frame-ancestors - Not sent to non-trustworthy same-origin destination');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(t, makeRequestURL(key, ['httpSameSite']))
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ });
+ }, 'sec-fetch-frame-ancestors - Not sent to non-trustworthy same-site destination');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(t, makeRequestURL(key, ['httpCrossSite']))
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ });
+ }, 'sec-fetch-frame-ancestors - Not sent to non-trustworthy cross-site destination');
+
promise_test((t) => {
const key = '{{uuid()}}';
diff --git a/fetch/metadata/generated/css-images.https.sub.tentative.html b/fetch/metadata/generated/css-images.https.sub.tentative.html
index 3fa240192894e0..aceca20c3caf13 100644
--- a/fetch/metadata/generated/css-images.https.sub.tentative.html
+++ b/fetch/metadata/generated/css-images.https.sub.tentative.html
@@ -1154,6 +1154,231 @@
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-site - HTTPS downgrade-upgrade');
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsOrigin']);
+
+ declarations.push(`background-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_equals(headers['sec-fetch-frame-ancestors'], 'same-origin');
+ })
+ .then(t.step_func_done(), (error) => t.unreached_func());
+ }, 'background-image sec-fetch-frame-ancestors - Same origin');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsOrigin']);
+
+ declarations.push(`border-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-origin']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'border-image sec-fetch-frame-ancestors - Same origin');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsOrigin']);
+
+ declarations.push(`content: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-origin']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'content sec-fetch-frame-ancestors - Same origin');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsOrigin']);
+
+ declarations.push(`cursor: url("${url}"), auto;`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-origin']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'cursor sec-fetch-frame-ancestors - Same origin');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsOrigin']);
+
+ declarations.push(`list-style-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-origin']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'list-style-image sec-fetch-frame-ancestors - Same origin');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsCrossSite']);
+
+ declarations.push(`background-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_equals(headers['sec-fetch-frame-ancestors'], 'cross-site');
+ })
+ .then(t.step_func_done(), (error) => t.unreached_func());
+ }, 'background-image sec-fetch-frame-ancestors - Cross-site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsCrossSite']);
+
+ declarations.push(`border-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['cross-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'border-image sec-fetch-frame-ancestors - Cross-site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsCrossSite']);
+
+ declarations.push(`content: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['cross-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'content sec-fetch-frame-ancestors - Cross-site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsCrossSite']);
+
+ declarations.push(`cursor: url("${url}"), auto;`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['cross-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'cursor sec-fetch-frame-ancestors - Cross-site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsCrossSite']);
+
+ declarations.push(`list-style-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['cross-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'list-style-image sec-fetch-frame-ancestors - Cross-site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsSameSite']);
+
+ declarations.push(`background-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_equals(headers['sec-fetch-frame-ancestors'], 'same-site');
+ })
+ .then(t.step_func_done(), (error) => t.unreached_func());
+ }, 'background-image sec-fetch-frame-ancestors - Same site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsSameSite']);
+
+ declarations.push(`border-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'border-image sec-fetch-frame-ancestors - Same site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsSameSite']);
+
+ declarations.push(`content: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'content sec-fetch-frame-ancestors - Same site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsSameSite']);
+
+ declarations.push(`cursor: url("${url}"), auto;`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'cursor sec-fetch-frame-ancestors - Same site');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpsSameSite']);
+
+ declarations.push(`list-style-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-site']);
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'list-style-image sec-fetch-frame-ancestors - Same site');
+
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, []);
diff --git a/fetch/metadata/generated/css-images.sub.tentative.html b/fetch/metadata/generated/css-images.sub.tentative.html
index f1ef27cf08730e..12f695d5220493 100644
--- a/fetch/metadata/generated/css-images.sub.tentative.html
+++ b/fetch/metadata/generated/css-images.sub.tentative.html
@@ -869,6 +869,216 @@
.then(t.step_func_done(), t.unreached_func());
}, 'list-style-image sec-fetch-user - Not sent to non-trustworthy cross-site destination');
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpOrigin']);
+
+ declarations.push(`background-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), (error) => t.unreached_func());
+ }, 'background-image sec-fetch-frame-ancestors - Not sent to non-trustworthy same-origin destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpOrigin']);
+
+ declarations.push(`border-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'border-image sec-fetch-frame-ancestors - Not sent to non-trustworthy same-origin destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpOrigin']);
+
+ declarations.push(`content: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'content sec-fetch-frame-ancestors - Not sent to non-trustworthy same-origin destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpOrigin']);
+
+ declarations.push(`cursor: url("${url}"), auto;`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'cursor sec-fetch-frame-ancestors - Not sent to non-trustworthy same-origin destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpOrigin']);
+
+ declarations.push(`list-style-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'list-style-image sec-fetch-frame-ancestors - Not sent to non-trustworthy same-origin destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpSameSite']);
+
+ declarations.push(`background-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), (error) => t.unreached_func());
+ }, 'background-image sec-fetch-frame-ancestors - Not sent to non-trustworthy same-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpSameSite']);
+
+ declarations.push(`border-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'border-image sec-fetch-frame-ancestors - Not sent to non-trustworthy same-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpSameSite']);
+
+ declarations.push(`content: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'content sec-fetch-frame-ancestors - Not sent to non-trustworthy same-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpSameSite']);
+
+ declarations.push(`cursor: url("${url}"), auto;`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'cursor sec-fetch-frame-ancestors - Not sent to non-trustworthy same-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpSameSite']);
+
+ declarations.push(`list-style-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'list-style-image sec-fetch-frame-ancestors - Not sent to non-trustworthy same-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpCrossSite']);
+
+ declarations.push(`background-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), (error) => t.unreached_func());
+ }, 'background-image sec-fetch-frame-ancestors - Not sent to non-trustworthy cross-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpCrossSite']);
+
+ declarations.push(`border-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'border-image sec-fetch-frame-ancestors - Not sent to non-trustworthy cross-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpCrossSite']);
+
+ declarations.push(`content: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'content sec-fetch-frame-ancestors - Not sent to non-trustworthy cross-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpCrossSite']);
+
+ declarations.push(`cursor: url("${url}"), auto;`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'cursor sec-fetch-frame-ancestors - Not sent to non-trustworthy cross-site destination');
+
+ async_test((t) => {
+ const key = '{{uuid()}}';
+ const url = makeRequestURL(key, ['httpCrossSite']);
+
+ declarations.push(`list-style-image: url("${url}");`);
+
+ whenIframeReady
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_not_own_property(headers, 'sec-fetch-frame-ancestors');
+ })
+ .then(t.step_func_done(), t.unreached_func());
+ }, 'list-style-image sec-fetch-frame-ancestors - Not sent to non-trustworthy cross-site destination');
+
async_test((t) => {
const key = '{{uuid()}}';
const url = makeRequestURL(key, ['httpsOrigin', 'httpOrigin']);
diff --git a/fetch/metadata/generated/element-a.https.sub.tentative.html b/fetch/metadata/generated/element-a.https.sub.tentative.html
new file mode 100644
index 00000000000000..bc7ec992219061
--- /dev/null
+++ b/fetch/metadata/generated/element-a.https.sub.tentative.html
@@ -0,0 +1,102 @@
+
+
+
+
+ HTTP headers on request for HTML "a" element navigation
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-a.sub.tentative.html b/fetch/metadata/generated/element-a.sub.tentative.html
new file mode 100644
index 00000000000000..dfc4d7298a9a11
--- /dev/null
+++ b/fetch/metadata/generated/element-a.sub.tentative.html
@@ -0,0 +1,99 @@
+
+
+
+
+ HTTP headers on request for HTML "a" element navigation
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-area.https.sub.tentative.html b/fetch/metadata/generated/element-area.https.sub.tentative.html
new file mode 100644
index 00000000000000..97d88e14b35f23
--- /dev/null
+++ b/fetch/metadata/generated/element-area.https.sub.tentative.html
@@ -0,0 +1,102 @@
+
+
+
+
+ HTTP headers on request for HTML "area" element navigation
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-area.sub.tentative.html b/fetch/metadata/generated/element-area.sub.tentative.html
new file mode 100644
index 00000000000000..9002a6ed2e99e6
--- /dev/null
+++ b/fetch/metadata/generated/element-area.sub.tentative.html
@@ -0,0 +1,99 @@
+
+
+
+
+ HTTP headers on request for HTML "area" element navigation
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-audio.https.sub.tentative.html b/fetch/metadata/generated/element-audio.https.sub.tentative.html
new file mode 100644
index 00000000000000..3a8dec4c57450f
--- /dev/null
+++ b/fetch/metadata/generated/element-audio.https.sub.tentative.html
@@ -0,0 +1,74 @@
+
+
+
+
+ HTTP headers on request for HTML "audio" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-audio.sub.tentative.html b/fetch/metadata/generated/element-audio.sub.tentative.html
new file mode 100644
index 00000000000000..a0618e3dadcf80
--- /dev/null
+++ b/fetch/metadata/generated/element-audio.sub.tentative.html
@@ -0,0 +1,71 @@
+
+
+
+
+ HTTP headers on request for HTML "audio" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-embed.https.sub.tentative.html b/fetch/metadata/generated/element-embed.https.sub.tentative.html
new file mode 100644
index 00000000000000..6737ccac3d817d
--- /dev/null
+++ b/fetch/metadata/generated/element-embed.https.sub.tentative.html
@@ -0,0 +1,71 @@
+
+
+
+
+ HTTP headers on request for HTML "embed" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-embed.sub.tentative.html b/fetch/metadata/generated/element-embed.sub.tentative.html
new file mode 100644
index 00000000000000..bd8ed195f87500
--- /dev/null
+++ b/fetch/metadata/generated/element-embed.sub.tentative.html
@@ -0,0 +1,68 @@
+
+
+
+
+ HTTP headers on request for HTML "embed" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-frame.https.sub.tentative.html b/fetch/metadata/generated/element-frame.https.sub.tentative.html
new file mode 100644
index 00000000000000..d692b48e44f679
--- /dev/null
+++ b/fetch/metadata/generated/element-frame.https.sub.tentative.html
@@ -0,0 +1,83 @@
+
+
+
+
+ HTTP headers on request for HTML "frame" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-frame.sub.tentative.html b/fetch/metadata/generated/element-frame.sub.tentative.html
new file mode 100644
index 00000000000000..ad17c9c4487618
--- /dev/null
+++ b/fetch/metadata/generated/element-frame.sub.tentative.html
@@ -0,0 +1,80 @@
+
+
+
+
+ HTTP headers on request for HTML "frame" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-iframe.https.sub.tentative.html b/fetch/metadata/generated/element-iframe.https.sub.tentative.html
new file mode 100644
index 00000000000000..61a8c2822adaf5
--- /dev/null
+++ b/fetch/metadata/generated/element-iframe.https.sub.tentative.html
@@ -0,0 +1,83 @@
+
+
+
+
+ HTTP headers on request for HTML "frame" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-iframe.sub.tentative.html b/fetch/metadata/generated/element-iframe.sub.tentative.html
new file mode 100644
index 00000000000000..bec0458dd1ffbe
--- /dev/null
+++ b/fetch/metadata/generated/element-iframe.sub.tentative.html
@@ -0,0 +1,80 @@
+
+
+
+
+ HTTP headers on request for HTML "frame" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-img-environment-change.https.sub.tentative.html b/fetch/metadata/generated/element-img-environment-change.https.sub.tentative.html
new file mode 100644
index 00000000000000..35e22a8ad6d1a2
--- /dev/null
+++ b/fetch/metadata/generated/element-img-environment-change.https.sub.tentative.html
@@ -0,0 +1,103 @@
+
+
+
+
+ HTTP headers on image request triggered by change to environment
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-img-environment-change.sub.tentative.html b/fetch/metadata/generated/element-img-environment-change.sub.tentative.html
new file mode 100644
index 00000000000000..6bbda378576bcb
--- /dev/null
+++ b/fetch/metadata/generated/element-img-environment-change.sub.tentative.html
@@ -0,0 +1,100 @@
+
+
+
+
+ HTTP headers on image request triggered by change to environment
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-img.https.sub.tentative.html b/fetch/metadata/generated/element-img.https.sub.tentative.html
new file mode 100644
index 00000000000000..525ba34b2e4ad8
--- /dev/null
+++ b/fetch/metadata/generated/element-img.https.sub.tentative.html
@@ -0,0 +1,122 @@
+
+
+
+
+ HTTP headers on request for HTML "img" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-img.sub.tentative.html b/fetch/metadata/generated/element-img.sub.tentative.html
new file mode 100644
index 00000000000000..e59ff77135e1a8
--- /dev/null
+++ b/fetch/metadata/generated/element-img.sub.tentative.html
@@ -0,0 +1,116 @@
+
+
+
+
+ HTTP headers on request for HTML "img" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-input-image.https.sub.tentative.html b/fetch/metadata/generated/element-input-image.https.sub.tentative.html
new file mode 100644
index 00000000000000..4150ed9cebc9d8
--- /dev/null
+++ b/fetch/metadata/generated/element-input-image.https.sub.tentative.html
@@ -0,0 +1,65 @@
+
+
+
+
+ HTTP headers on request for HTML "input" element with type="button"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-input-image.sub.tentative.html b/fetch/metadata/generated/element-input-image.sub.tentative.html
new file mode 100644
index 00000000000000..d5a71a2e567627
--- /dev/null
+++ b/fetch/metadata/generated/element-input-image.sub.tentative.html
@@ -0,0 +1,62 @@
+
+
+
+
+ HTTP headers on request for HTML "input" element with type="button"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-link-icon.https.sub.tentative.html b/fetch/metadata/generated/element-link-icon.https.sub.tentative.html
new file mode 100644
index 00000000000000..2e9f394460ac51
--- /dev/null
+++ b/fetch/metadata/generated/element-link-icon.https.sub.tentative.html
@@ -0,0 +1,99 @@
+
+
+
+
+ HTTP headers on request for HTML "link" element with rel="icon"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-link-icon.sub.tentative.html b/fetch/metadata/generated/element-link-icon.sub.tentative.html
new file mode 100644
index 00000000000000..7d5cbc4d591d4c
--- /dev/null
+++ b/fetch/metadata/generated/element-link-icon.sub.tentative.html
@@ -0,0 +1,96 @@
+
+
+
+
+ HTTP headers on request for HTML "link" element with rel="icon"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-link-prefetch.https.optional.sub.tentative.html b/fetch/metadata/generated/element-link-prefetch.https.optional.sub.tentative.html
new file mode 100644
index 00000000000000..c07c0241d312ff
--- /dev/null
+++ b/fetch/metadata/generated/element-link-prefetch.https.optional.sub.tentative.html
@@ -0,0 +1,95 @@
+
+
+
+
+ HTTP headers on request for HTML "link" element with rel="prefetch"
+
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-link-prefetch.optional.sub.tentative.html b/fetch/metadata/generated/element-link-prefetch.optional.sub.tentative.html
new file mode 100644
index 00000000000000..8caeb47aecf0d2
--- /dev/null
+++ b/fetch/metadata/generated/element-link-prefetch.optional.sub.tentative.html
@@ -0,0 +1,92 @@
+
+
+
+
+ HTTP headers on request for HTML "link" element with rel="prefetch"
+
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-meta-refresh.https.optional.sub.tentative.html b/fetch/metadata/generated/element-meta-refresh.https.optional.sub.tentative.html
new file mode 100644
index 00000000000000..b4af576d85e1f4
--- /dev/null
+++ b/fetch/metadata/generated/element-meta-refresh.https.optional.sub.tentative.html
@@ -0,0 +1,82 @@
+
+
+
+
+ HTTP headers on request for HTML "meta" element with http-equiv="refresh"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-meta-refresh.optional.sub.tentative.html b/fetch/metadata/generated/element-meta-refresh.optional.sub.tentative.html
new file mode 100644
index 00000000000000..bf13517414f06b
--- /dev/null
+++ b/fetch/metadata/generated/element-meta-refresh.optional.sub.tentative.html
@@ -0,0 +1,79 @@
+
+
+
+
+ HTTP headers on request for HTML "meta" element with http-equiv="refresh"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-picture.https.sub.tentative.html b/fetch/metadata/generated/element-picture.https.sub.tentative.html
new file mode 100644
index 00000000000000..8290e7987e8387
--- /dev/null
+++ b/fetch/metadata/generated/element-picture.https.sub.tentative.html
@@ -0,0 +1,184 @@
+
+
+
+
+ HTTP headers on request for HTML "picture" element source
+
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-picture.sub.tentative.html b/fetch/metadata/generated/element-picture.sub.tentative.html
new file mode 100644
index 00000000000000..b1228c84601ca8
--- /dev/null
+++ b/fetch/metadata/generated/element-picture.sub.tentative.html
@@ -0,0 +1,175 @@
+
+
+
+
+ HTTP headers on request for HTML "picture" element source
+
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-script.https.sub.tentative.html b/fetch/metadata/generated/element-script.https.sub.tentative.html
new file mode 100644
index 00000000000000..9587627c842d93
--- /dev/null
+++ b/fetch/metadata/generated/element-script.https.sub.tentative.html
@@ -0,0 +1,130 @@
+
+
+
+
+ HTTP headers on request for HTML "script" element source
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-script.sub.tentative.html b/fetch/metadata/generated/element-script.sub.tentative.html
new file mode 100644
index 00000000000000..053b962609ffeb
--- /dev/null
+++ b/fetch/metadata/generated/element-script.sub.tentative.html
@@ -0,0 +1,124 @@
+
+
+
+
+ HTTP headers on request for HTML "script" element source
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-video-poster.https.sub.tentative.html b/fetch/metadata/generated/element-video-poster.https.sub.tentative.html
new file mode 100644
index 00000000000000..2df720b2bdfe19
--- /dev/null
+++ b/fetch/metadata/generated/element-video-poster.https.sub.tentative.html
@@ -0,0 +1,79 @@
+
+
+
+
+ HTTP headers on request for HTML "video" element "poster"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-video-poster.sub.tentative.html b/fetch/metadata/generated/element-video-poster.sub.tentative.html
new file mode 100644
index 00000000000000..4c448b0f0da3a3
--- /dev/null
+++ b/fetch/metadata/generated/element-video-poster.sub.tentative.html
@@ -0,0 +1,76 @@
+
+
+
+
+ HTTP headers on request for HTML "video" element "poster"
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-video.https.sub.tentative.html b/fetch/metadata/generated/element-video.https.sub.tentative.html
new file mode 100644
index 00000000000000..4add9a53261452
--- /dev/null
+++ b/fetch/metadata/generated/element-video.https.sub.tentative.html
@@ -0,0 +1,74 @@
+
+
+
+
+ HTTP headers on request for HTML "video" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/element-video.sub.tentative.html b/fetch/metadata/generated/element-video.sub.tentative.html
new file mode 100644
index 00000000000000..d85c486cd2dae8
--- /dev/null
+++ b/fetch/metadata/generated/element-video.sub.tentative.html
@@ -0,0 +1,71 @@
+
+
+
+
+ HTTP headers on request for HTML "video" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/fetch-via-serviceworker.https.sub.tentative.html b/fetch/metadata/generated/fetch-via-serviceworker.https.sub.tentative.html
new file mode 100644
index 00000000000000..2541722d7dcf2a
--- /dev/null
+++ b/fetch/metadata/generated/fetch-via-serviceworker.https.sub.tentative.html
@@ -0,0 +1,140 @@
+
+
+
+
+ HTTP headers on request using the "fetch" API and passing through a Serive Worker
+
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/fetch.https.sub.tentative.html b/fetch/metadata/generated/fetch.https.sub.tentative.html
new file mode 100644
index 00000000000000..524a9e41cd1038
--- /dev/null
+++ b/fetch/metadata/generated/fetch.https.sub.tentative.html
@@ -0,0 +1,65 @@
+
+
+
+
+ HTTP headers on request using the "fetch" API
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/fetch.sub.tentative.html b/fetch/metadata/generated/fetch.sub.tentative.html
new file mode 100644
index 00000000000000..9953b56c88daa6
--- /dev/null
+++ b/fetch/metadata/generated/fetch.sub.tentative.html
@@ -0,0 +1,62 @@
+
+
+
+
+ HTTP headers on request using the "fetch" API
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/form-submission.https.sub.tentative.html b/fetch/metadata/generated/form-submission.https.sub.tentative.html
new file mode 100644
index 00000000000000..8238bba288bf45
--- /dev/null
+++ b/fetch/metadata/generated/form-submission.https.sub.tentative.html
@@ -0,0 +1,138 @@
+
+
+
+
+
+ HTTP headers on request for HTML form navigation
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/form-submission.sub.tentative.html b/fetch/metadata/generated/form-submission.sub.tentative.html
new file mode 100644
index 00000000000000..91fd781454d51f
--- /dev/null
+++ b/fetch/metadata/generated/form-submission.sub.tentative.html
@@ -0,0 +1,132 @@
+
+
+
+
+
+ HTTP headers on request for HTML form navigation
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/header-link.https.sub.tentative.html b/fetch/metadata/generated/header-link.https.sub.tentative.html
index 307c37fbf77c9a..d1a2772c9ebce5 100644
--- a/fetch/metadata/generated/header-link.https.sub.tentative.html
+++ b/fetch/metadata/generated/header-link.https.sub.tentative.html
@@ -32,6 +32,96 @@
});
}
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(
+ makeRequestURL(key, ['httpsOrigin'], {mime: 'text/html'}),
+ 'icon',
+ t
+ )
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-origin']);
+ });
+ }, 'sec-fetch-frame-ancestors rel=icon - Same origin');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(
+ makeRequestURL(key, ['httpsOrigin'], {mime: 'text/html'}),
+ 'stylesheet',
+ t
+ )
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-origin']);
+ });
+ }, 'sec-fetch-frame-ancestors rel=stylesheet - Same origin');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(
+ makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
+ 'icon',
+ t
+ )
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['cross-site']);
+ });
+ }, 'sec-fetch-frame-ancestors rel=icon - Cross-site');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(
+ makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/html'}),
+ 'stylesheet',
+ t
+ )
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['cross-site']);
+ });
+ }, 'sec-fetch-frame-ancestors rel=stylesheet - Cross-site');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(
+ makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
+ 'icon',
+ t
+ )
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-site']);
+ });
+ }, 'sec-fetch-frame-ancestors rel=icon - Same site');
+
+ promise_test((t) => {
+ const key = '{{uuid()}}';
+
+ return induceRequest(
+ makeRequestURL(key, ['httpsSameSite'], {mime: 'text/html'}),
+ 'stylesheet',
+ t
+ )
+ .then(() => retrieve(key))
+ .then((headers) => {
+ assert_own_property(headers, 'sec-fetch-frame-ancestors');
+ assert_array_equals(headers['sec-fetch-frame-ancestors'], ['same-site']);
+ });
+ }, 'sec-fetch-frame-ancestors rel=stylesheet - Same site');
+
promise_test((t) => {
const key = '{{uuid()}}';
diff --git a/fetch/metadata/generated/header-link.sub.tentative.html b/fetch/metadata/generated/header-link.sub.tentative.html
new file mode 100644
index 00000000000000..897097460b9449
--- /dev/null
+++ b/fetch/metadata/generated/header-link.sub.tentative.html
@@ -0,0 +1,120 @@
+
+
+
+
+ HTTP headers on request for HTTP "Link" header
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/header-refresh.https.optional.sub.tentative.html b/fetch/metadata/generated/header-refresh.https.optional.sub.tentative.html
new file mode 100644
index 00000000000000..2313162d92c42e
--- /dev/null
+++ b/fetch/metadata/generated/header-refresh.https.optional.sub.tentative.html
@@ -0,0 +1,78 @@
+
+
+
+
+ HTTP headers on request for HTTP "Refresh" header
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/header-refresh.optional.sub.tentative.html b/fetch/metadata/generated/header-refresh.optional.sub.tentative.html
new file mode 100644
index 00000000000000..8505d77bd5ec04
--- /dev/null
+++ b/fetch/metadata/generated/header-refresh.optional.sub.tentative.html
@@ -0,0 +1,75 @@
+
+
+
+
+ HTTP headers on request for HTTP "Refresh" header
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/script-module-import-dynamic.https.sub.tentative.html b/fetch/metadata/generated/script-module-import-dynamic.https.sub.tentative.html
new file mode 100644
index 00000000000000..25d39da2b4d0d6
--- /dev/null
+++ b/fetch/metadata/generated/script-module-import-dynamic.https.sub.tentative.html
@@ -0,0 +1,59 @@
+
+
+
+
+ HTTP headers on request for dynamic ECMAScript module import
+
+
+
+
+
diff --git a/fetch/metadata/generated/script-module-import-dynamic.sub.tentative.html b/fetch/metadata/generated/script-module-import-dynamic.sub.tentative.html
new file mode 100644
index 00000000000000..d6d675141db18c
--- /dev/null
+++ b/fetch/metadata/generated/script-module-import-dynamic.sub.tentative.html
@@ -0,0 +1,56 @@
+
+
+
+
+ HTTP headers on request for dynamic ECMAScript module import
+
+
+
+
+
diff --git a/fetch/metadata/generated/script-module-import-static.https.sub.tentative.html b/fetch/metadata/generated/script-module-import-static.https.sub.tentative.html
new file mode 100644
index 00000000000000..82fc0ecf2f8d5b
--- /dev/null
+++ b/fetch/metadata/generated/script-module-import-static.https.sub.tentative.html
@@ -0,0 +1,79 @@
+
+
+
+
+ HTTP headers on request for static ECMAScript module import
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/script-module-import-static.sub.tentative.html b/fetch/metadata/generated/script-module-import-static.sub.tentative.html
new file mode 100644
index 00000000000000..5fa72902e05acc
--- /dev/null
+++ b/fetch/metadata/generated/script-module-import-static.sub.tentative.html
@@ -0,0 +1,76 @@
+
+
+
+
+ HTTP headers on request for static ECMAScript module import
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/serviceworker.https.sub.tentative.html b/fetch/metadata/generated/serviceworker.https.sub.tentative.html
new file mode 100644
index 00000000000000..dfe91233703917
--- /dev/null
+++ b/fetch/metadata/generated/serviceworker.https.sub.tentative.html
@@ -0,0 +1,60 @@
+
+
+
+
+
+ HTTP headers on request for Service Workers
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/svg-image.https.sub.tentative.html b/fetch/metadata/generated/svg-image.https.sub.tentative.html
new file mode 100644
index 00000000000000..cbe2f4e2819d22
--- /dev/null
+++ b/fetch/metadata/generated/svg-image.https.sub.tentative.html
@@ -0,0 +1,97 @@
+
+
+
+
+ HTTP headers on request for SVG "image" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/svg-image.sub.tentative.html b/fetch/metadata/generated/svg-image.sub.tentative.html
new file mode 100644
index 00000000000000..c5c8a488d221a3
--- /dev/null
+++ b/fetch/metadata/generated/svg-image.sub.tentative.html
@@ -0,0 +1,94 @@
+
+
+
+
+ HTTP headers on request for SVG "image" element source
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/window-history.https.sub.tentative.html b/fetch/metadata/generated/window-history.https.sub.tentative.html
new file mode 100644
index 00000000000000..147eb080467ba1
--- /dev/null
+++ b/fetch/metadata/generated/window-history.https.sub.tentative.html
@@ -0,0 +1,167 @@
+
+
+
+
+ HTTP headers on request for navigation via the HTML History API
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/window-history.sub.tentative.html b/fetch/metadata/generated/window-history.sub.tentative.html
new file mode 100644
index 00000000000000..a97fc170407431
--- /dev/null
+++ b/fetch/metadata/generated/window-history.sub.tentative.html
@@ -0,0 +1,161 @@
+
+
+
+
+ HTTP headers on request for navigation via the HTML History API
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/window-location.https.sub.tentative.html b/fetch/metadata/generated/window-location.https.sub.tentative.html
new file mode 100644
index 00000000000000..c5ce898971cd3c
--- /dev/null
+++ b/fetch/metadata/generated/window-location.https.sub.tentative.html
@@ -0,0 +1,225 @@
+
+
+
+
+ HTTP headers on request for navigation via the HTML Location API
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/window-location.sub.tentative.html b/fetch/metadata/generated/window-location.sub.tentative.html
new file mode 100644
index 00000000000000..e0cf844ba23466
--- /dev/null
+++ b/fetch/metadata/generated/window-location.sub.tentative.html
@@ -0,0 +1,213 @@
+
+
+
+
+ HTTP headers on request for navigation via the HTML Location API
+
+
+
+
+
+
+
diff --git a/fetch/metadata/generated/worker-dedicated-constructor.sub.tentative.html b/fetch/metadata/generated/worker-dedicated-constructor.sub.tentative.html
new file mode 100644
index 00000000000000..94474e59579459
--- /dev/null
+++ b/fetch/metadata/generated/worker-dedicated-constructor.sub.tentative.html
@@ -0,0 +1,39 @@
+
+
+
+
+ HTTP headers on request for dedicated worker via the "Worker" constructor
+
+
+
+
+
diff --git a/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.tentative.html b/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.tentative.html
new file mode 100644
index 00000000000000..0f1bc350f342ba
--- /dev/null
+++ b/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.tentative.html
@@ -0,0 +1,73 @@
+
+
+
+
+ HTTP headers on request for dedicated worker via the "importScripts" API
+
+
+
+
+
diff --git a/fetch/metadata/generated/worker-dedicated-importscripts.sub.tentative.html b/fetch/metadata/generated/worker-dedicated-importscripts.sub.tentative.html
new file mode 100644
index 00000000000000..e51f35e1314ee0
--- /dev/null
+++ b/fetch/metadata/generated/worker-dedicated-importscripts.sub.tentative.html
@@ -0,0 +1,70 @@
+
+
+
+
+ HTTP headers on request for dedicated worker via the "importScripts" API
+
+
+
+
+
diff --git a/fetch/metadata/tools/fetch-metadata.conf.yml b/fetch/metadata/tools/fetch-metadata.conf.yml
index 11e6140343638f..58d2f6e727a223 100644
--- a/fetch/metadata/tools/fetch-metadata.conf.yml
+++ b/fetch/metadata/tools/fetch-metadata.conf.yml
@@ -42,6 +42,18 @@ cases:
- headerName: sec-fetch-user
origins: [httpCrossSite]
description: Not sent to non-trustworthy cross-site destination
+ - headerName: sec-fetch-frame-ancestors
+ filename_flags: [tentative]
+ origins: [httpOrigin]
+ description: Not sent to non-trustworthy same-origin destination
+ - headerName: sec-fetch-frame-ancestors
+ filename_flags: [tentative]
+ origins: [httpSameSite]
+ description: Not sent to non-trustworthy same-site destination
+ - headerName: sec-fetch-frame-ancestors
+ filename_flags: [tentative]
+ origins: [httpCrossSite]
+ description: Not sent to non-trustworthy cross-site destination
template_axes:
# The `audioWorklet` interface is only available in secure contexts
# https://webaudio.github.io/web-audio-api/#BaseAudioContext
@@ -109,10 +121,13 @@ cases:
- headerName: sec-fetch-user
origins: [httpOrigin]
description: Not sent to non-trustworthy same-origin destination
+ - headerName: sec-fetch-frame-ancestors
+ filename_flags: [tentative]
+ origins: [httpOrigin]
+ description: Not sent to non-trustworthy same-origin destination
template_axes:
# All the templates in this block are unused with the exception of
# `worker-dedicated-constructor`
- appcache-manifest.sub.https.html: []
audioworklet.https.sub.html: []
fetch-via-serviceworker.https.sub.html: []
serviceworker.https.sub.html: []
@@ -449,6 +464,73 @@ cases:
svg-image.sub.html: [{}]
window-location.sub.html: [{}]
+ # Sec-Fetch-Frame-Ancestors - direct requests
+ - all_subtests:
+ headerName: sec-fetch-frame-ancestors
+ filename_flags: [https, tentative]
+ common_axis:
+ - description: Same origin
+ origins: [httpsOrigin]
+ expected: same-origin
+ - description: Cross-site
+ origins: [httpsCrossSite]
+ expected: cross-site
+ - description: Same site
+ origins: [httpsSameSite]
+ expected: same-site
+ template_axes:
+ # Unused
+ # - the request mode of all "classic" worker scripts is set to
+ # "same-origin"
+ # https://html.spec.whatwg.org/#fetch-a-classic-worker-script
+ # - the request mode of all "top-level "module" worker scripts is set to
+ # "same-origin":
+ # https://html.spec.whatwg.org/#fetch-a-single-module-script
+ worker-dedicated-constructor.sub.html: []
+
+ audioworklet.https.sub.html: [{}]
+ css-images.sub.html:
+ - filename_flags: [tentative]
+ css-font-face.sub.html:
+ - filename_flags: [tentative]
+ element-a.sub.html: [{}]
+ element-area.sub.html: [{}]
+ element-audio.sub.html: [{}]
+ element-embed.sub.html: [{}]
+ element-frame.sub.html: [{}]
+ element-iframe.sub.html: [{}]
+ element-img.sub.html:
+ - sourceAttr: src
+ - sourceAttr: srcset
+ element-img-environment-change.sub.html: [{}]
+ element-input-image.sub.html: [{}]
+ element-link-icon.sub.html: [{}]
+ element-link-prefetch.optional.sub.html: [{}]
+ element-meta-refresh.optional.sub.html: [{}]
+ element-picture.sub.html: [{}]
+ element-script.sub.html:
+ - {}
+ - elementAttrs: { type: module }
+ element-video.sub.html: [{}]
+ element-video-poster.sub.html: [{}]
+ fetch.sub.html: [{ init: { mode: no-cors } }]
+ fetch-via-serviceworker.https.sub.html: [{ init: { mode: no-cors } }]
+ form-submission.sub.html:
+ - method: GET
+ - method: POST
+ header-link.sub.html:
+ - rel: icon
+ - rel: stylesheet
+ header-refresh.optional.sub.html: [{}]
+ window-location.sub.html: [{}]
+ script-module-import-dynamic.sub.html: [{}]
+ script-module-import-static.sub.html: [{}]
+ serviceworker.https.sub.html: [{}]
+ svg-image.sub.html: [{}]
+ window-history.sub.html: [{}]
+ worker-dedicated-importscripts.sub.html: [{}]
+
+
# Sec-Fetch-Mode
# These tests are served over HTTPS so the induced requests will be both
# same-origin with the document [1] and a potentially-trustworthy URL [2].