1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
<!DOCTYPE html>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="../resources/utils.js"></script>
<script src="resources/utils.sub.js"></script>
<meta name="variant" content="?cross-origin=true">
<meta name="variant" content="?cross-origin=false">
<script>
setup(() => assertSpeculationRulesIsSupported());
let cross_origin = Object.fromEntries(new URLSearchParams(location.search))["cross-origin"] === "true";
promise_test(async t => {
let executor = "authenticate.py";
let credentials = { username: "user", password: "pass" };
let agent = await spawnWindow(t, { executor, ...credentials });
let request_credentials = await agent.getRequestCredentials();
assert_equals(request_credentials.username, credentials.username);
assert_equals(request_credentials.password, credentials.password);
let host = cross_origin ? { hostname: get_host_info().NOTSAMESITE_HOST } : {};
let nextUrl = agent.getExecutorURL({ page: 2, executor, ...host });
await agent.forceSinglePrefetch(nextUrl);
await agent.navigate(nextUrl);
let requestHeaders = await agent.getRequestHeaders();
request_credentials = await agent.getRequestCredentials();
if (cross_origin) {
assert_equals(request_credentials.username, undefined);
assert_equals(request_credentials.password, undefined);
}
else {
assert_equals(request_credentials.username, credentials.username);
assert_equals(request_credentials.password, credentials.password);
}
assert_prefetched(requestHeaders);
}, "test www-authenticate basic does not forward credentials to cross-origin pages.");
</script>
|
