// META: timeout=long
// META: global=window,worker
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// Helpers that return headers objects with a particular guard
function headersGuardNone(fill) {
if (fill) return new Headers(fill);
return new Headers();
}
function headersGuardResponse(fill) {
const opts = {};
if (fill) opts.headers = fill;
return new Response('', opts).headers;
}
function headersGuardRequest(fill) {
const opts = {};
if (fill) opts.headers = fill;
return new Request('./', opts).headers;
}
function headersGuardRequestNoCors(fill) {
const opts = { mode: 'no-cors' };
if (fill) opts.headers = fill;
return new Request('./', opts).headers;
}
const headerGuardTypes = [
['none', headersGuardNone],
['response', headersGuardResponse],
['request', headersGuardRequest]
];
for (const [guardType, createHeaders] of headerGuardTypes) {
test(() => {
// There are three ways to set headers.
// Filling, appending, and setting. Test each:
let headers = createHeaders({ Range: 'foo' });
assert_equals(headers.get('Range'), 'foo');
headers = createHeaders();
headers.append('Range', 'foo');
assert_equals(headers.get('Range'), 'foo');
headers = createHeaders();
headers.set('Range', 'foo');
assert_equals(headers.get('Range'), 'foo');
}, `Range header setting allowed for guard type: ${guardType}`);
}
test(() => {
let headers = headersGuardRequestNoCors({ Range: 'foo' });
assert_false(headers.has('Range'));
headers = headersGuardRequestNoCors();
headers.append('Range', 'foo');
assert_false(headers.has('Range'));
headers = headersGuardRequestNoCors();
headers.set('Range', 'foo');
assert_false(headers.has('Range'));
}, `Privileged header not allowed for guard type: request-no-cors`);
promise_test(async () => {
const wavURL = new URL('resources/long-wav.py', location);
const stashTakeURL = new URL('resources/stash-take.py', location);
function changeToken() {
const stashToken = token();
wavURL.searchParams.set('accept-encoding-key', stashToken);
stashTakeURL.searchParams.set('key', stashToken);
}
const rangeHeaders = [
'bytes=0-10',
'foo=0-10',
'foo',
''
];
for (const rangeHeader of rangeHeaders) {
changeToken();
await fetch(wavURL, {
headers: { Range: rangeHeader }
});
const response = await fetch(stashTakeURL);
assert_regexp_match(await response.json(),
/.*\bidentity\b.*/,
`Expect identity accept-encoding if range header is ${JSON.stringify(rangeHeader)}`);
}
}, `Fetch with range header will be sent with Accept-Encoding: identity`);
promise_test(async () => {
const wavURL = new URL(get_host_info().HTTP_REMOTE_ORIGIN + '/fetch/range/resources/long-wav.py');
const stashTakeURL = new URL('resources/stash-take.py', location);
function changeToken() {
const stashToken = token();
wavURL.searchParams.set('accept-encoding-key', stashToken);
stashTakeURL.searchParams.set('key', stashToken);
}
const rangeHeaders = [
'bytes=10-9',
'bytes=-0',
'bytes=0000000000000000000000000000000000000000000000000000000000011-0000000000000000000000000000000000000000000000000000000000111',
];
for (const rangeHeader of rangeHeaders) {
changeToken();
await fetch(wavURL, { headers: { Range : rangeHeader} }).then(() => { throw "loaded with range header " + rangeHeader }, () => { });
}
}, `Cross Origin Fetch with non safe range header`);
promise_test(async () => {
const wavURL = new URL(get_host_info().HTTP_REMOTE_ORIGIN + '/fetch/range/resources/long-wav.py');
const stashTakeURL = new URL('resources/stash-take.py', location);
function changeToken() {
const stashToken = token();
wavURL.searchParams.set('accept-encoding-key', stashToken);
stashTakeURL.searchParams.set('key', stashToken);
}
const rangeHeaders = [
'bytes=0-10',
'bytes=0-',
'bytes=00000000000000000000000000000000000000000000000000000000011-00000000000000000000000000000000000000000000000000000000000111',
];
for (const rangeHeader of rangeHeaders) {
changeToken();
await fetch(wavURL, { headers: { Range: rangeHeader } }).then(() => { }, () => { throw "failed load with range header " + rangeHeader });
}
}, `Cross Origin Fetch with safe range header`);
Codebase Browser
chromium