| <html> |
| <meta name="Accept-CH" content="Sec-CH-DPR, DPR, Sec-CH-Width, Width, Sec-CH-Viewport-Width, Viewport-Width, Sec-CH-Device-Memory, Device-Memory, rtt, downlink, ect"> |
| <title>Accept-CH meta-name insecure transport test</title> |
| <body> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| |
| <script> |
| |
| // Even though this HTML file contains "Accept-CH" meta-name headers, the |
| // browser should NOT attach the specified client hints in the HTTP request |
| // headers since the page is being fetched over an insecure transport. |
| // Test this functionality by fetching an XHR from this page hosted on |
| // an insecure HTTP server. |
| |
| // resources/echo-client-hints-received.py sets the response headers depending on the set |
| // of client hints it receives in the request headers. |
| |
| promise_test(t => { |
| return fetch("/client-hints/resources/echo-client-hints-received.py").then(r => { |
| assert_equals(r.status, 200) |
| // Verify that the browser does not include client hints in the headers |
| // when fetching the XHR from an insecure HTTP server. |
| assert_false(r.headers.has("device-memory-received"), "device-memory-received"); |
| assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received"); |
| assert_false(r.headers.has("dpr-received"), "dpr-received"); |
| assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received"); |
| assert_false(r.headers.has("viewport-width-received"), "viewport-width-received"); |
| assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received"); |
| assert_false(r.headers.has("rtt-received"), "rtt-received"); |
| assert_false(r.headers.has("downlink-received"), "downlink-received"); |
| assert_false(r.headers.has("ect-received"), "ect-received"); |
| assert_false(r.headers.has("prefers-color-scheme-received"), "prefers-color-scheme-received"); |
| }); |
| }, "Accept-CH meta-name test over insecure transport"); |
| |
| </script> |
| </body> |
| </html> |