nodejs · metcoder95 · Dec 12, 2024 · Dec 12, 2024
diff --git a/test/fixtures/wpt/fetch/metadata/generated/audioworklet.https.sub.html b/test/fixtures/wpt/fetch/metadata/generated/audioworklet.https.sub.html
@@ -266,6 +266,32 @@
           assert_not_own_property(headers, 'sec-fetch-user');
         });
   }, 'sec-fetch-user');
+
+  promise_test((t) => {
+    const key = '{{uuid()}}';
+
+    return induceRequest(
+        makeRequestURL(key, ['httpsCrossSite'], {mime: 'text/javascript'}),
+        t
+      )
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+        });
+  }, 'sec-fetch-storage-access - Cross-site');
+
+  promise_test((t) => {
+    const key = '{{uuid()}}';
+
+    return induceRequest(
+        makeRequestURL(key, ['httpsSameSite'], {mime: 'text/javascript'}),
+        t
+      )
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+        });
+  }, 'sec-fetch-storage-access - Same site');
   </script>
   </body>
 </html>
diff --git a/test/fixtures/wpt/fetch/metadata/generated/css-font-face.https.sub.tentative.html b/test/fixtures/wpt/fetch/metadata/generated/css-font-face.https.sub.tentative.html
@@ -225,6 +225,26 @@
           assert_not_own_property(headers, 'sec-fetch-user');
       });
   }, 'sec-fetch-user');
+
+  promise_test((t) => {
+    const key = '{{uuid()}}';
+
+    return induceRequest(t, makeRequestURL(key, ['httpsCrossSite']))
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+      });
+  }, 'sec-fetch-storage-access - Cross-site');
+
+  promise_test((t) => {
+    const key = '{{uuid()}}';
+
+    return induceRequest(t, makeRequestURL(key, ['httpsSameSite']))
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+      });
+  }, 'sec-fetch-storage-access - Same site');
   </script>
   </body>
 </html>
diff --git a/test/fixtures/wpt/fetch/metadata/generated/css-font-face.sub.tentative.html b/test/fixtures/wpt/fetch/metadata/generated/css-font-face.sub.tentative.html
@@ -160,6 +160,36 @@
       });
   }, 'sec-fetch-user - Not sent to non-trustworthy cross-site destination');
 
+  promise_test((t) => {
+    const key = '{{uuid()}}';
+
+    return induceRequest(t, makeRequestURL(key, ['httpOrigin']))
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+      });
+  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-origin destination');
+
+  promise_test((t) => {
+    const key = '{{uuid()}}';
+
+    return induceRequest(t, makeRequestURL(key, ['httpSameSite']))
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+      });
+  }, 'sec-fetch-storage-access - Not sent to non-trustworthy same-site destination');
+
+  promise_test((t) => {
+    const key = '{{uuid()}}';
+
+    return induceRequest(t, makeRequestURL(key, ['httpCrossSite']))
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+      });
+  }, 'sec-fetch-storage-access - Not sent to non-trustworthy cross-site destination');
+
   promise_test((t) => {
     const key = '{{uuid()}}';
 

diff --git a/test/fixtures/wpt/fetch/metadata/generated/css-images.https.sub.tentative.html b/test/fixtures/wpt/fetch/metadata/generated/css-images.https.sub.tentative.html
@@ -1374,6 +1374,151 @@
       .then(t.step_func_done(), t.unreached_func());
   }, 'list-style-image sec-fetch-user');
 
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsCrossSite']);
+
+    declarations.push(`background-image: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_own_property(headers, 'sec-fetch-storage-access');
+          assert_equals(headers['sec-fetch-storage-access'], 'none');
+        })
+        .then(t.step_func_done(), (error) => t.unreached_func());
+  }, 'background-image sec-fetch-storage-access - Cross-site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsCrossSite']);
+
+    declarations.push(`border-image: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_own_property(headers, 'sec-fetch-storage-access');
+          assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'border-image sec-fetch-storage-access - Cross-site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsCrossSite']);
+
+    declarations.push(`content: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_own_property(headers, 'sec-fetch-storage-access');
+          assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'content sec-fetch-storage-access - Cross-site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsCrossSite']);
+
+    declarations.push(`cursor: url("${url}"), auto;`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_own_property(headers, 'sec-fetch-storage-access');
+          assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'cursor sec-fetch-storage-access - Cross-site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsCrossSite']);
+
+    declarations.push(`list-style-image: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_own_property(headers, 'sec-fetch-storage-access');
+          assert_array_equals(headers['sec-fetch-storage-access'], ['none']);
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'list-style-image sec-fetch-storage-access - Cross-site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsSameSite']);
+
+    declarations.push(`background-image: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+        })
+        .then(t.step_func_done(), (error) => t.unreached_func());
+  }, 'background-image sec-fetch-storage-access - Same site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsSameSite']);
+
+    declarations.push(`border-image: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'border-image sec-fetch-storage-access - Same site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsSameSite']);
+
+    declarations.push(`content: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'content sec-fetch-storage-access - Same site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsSameSite']);
+
+    declarations.push(`cursor: url("${url}"), auto;`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'cursor sec-fetch-storage-access - Same site');
+
+  async_test((t) => {
+    const key = '{{uuid()}}';
+    const url = makeRequestURL(key, ['httpsSameSite']);
+
+    declarations.push(`list-style-image: url("${url}");`);
+
+    whenIframeReady
+      .then(() => retrieve(key))
+      .then((headers) => {
+          assert_not_own_property(headers, 'sec-fetch-storage-access');
+        })
+      .then(t.step_func_done(), t.unreached_func());
+  }, 'list-style-image sec-fetch-storage-access - Same site');
+
   iframe.srcdoc = declarations.map((declaration, index) => `
     <style>.el${index} { ${declaration} }</style><div class="el${index}"></div>`
     ).join('');