[WPT] Fetch method normalization

hiroshige-g · chromium-wpt-export-bot · commit c2f1c2bf6f75 · 2021-09-30T01:39:35.000-07:00
This CL adds tests for https://fetch.spec.whatwg.org/#concept-method-normalize to check that the methods not listed there are not uppercased. This CL also adds more complete test coverage around case-sensitiveness of request methods. Discussion for not uppercasing "patch" method: whatwg/fetch#50 Bug: 1228178 Change-Id: I003cd65f0c330cc5b4641d79dce721970795c994 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3032582 Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/main@{#926658}
diff --git a/fetch/api/cors/cors-preflight-star.any.js b/fetch/api/cors/cors-preflight-star.any.js
@@ -40,10 +40,43 @@ preflightTest(true, false, "*", "x-test", "SUPER", ["X-Test", "1"])
 preflightTest(true, false, "*", "*", "OK", ["X-Test", "1"])
 preflightTest(false, true, "*", "*", "OK", ["X-Test", "1"])
 preflightTest(false, true, "*", "", "PUT", [])
-preflightTest(true, true, "PUT", "*", "PUT", [])
 preflightTest(false, true, "get", "*", "GET", ["X-Test", "1"])
 preflightTest(false, true, "*", "*", "GET", ["X-Test", "1"])
 // Exact character match works even for "*" with credentials.
 preflightTest(true, true, "*", "*", "*", ["*", "1"])
-// "PUT" does not pass the case-sensitive method check, and not in the safe list.
-preflightTest(false, true, "put", "*", "PUT", [])
+
+// The following methods are upper-cased for init["method"] by
+// https://fetch.spec.whatwg.org/#concept-method-normalize
+// but not in Access-Control-Allow-Methods response.
+// But they are https://fetch.spec.whatwg.org/#cors-safelisted-method,
+// CORS anyway passes regardless of the cases.
+for (const METHOD of ['GET', 'HEAD', 'POST']) {
+  const method = METHOD.toLowerCase();
+  preflightTest(true, true, METHOD, "*", METHOD, [])
+  preflightTest(true, true, METHOD, "*", method, [])
+  preflightTest(true, true, method, "*", METHOD, [])
+  preflightTest(true, true, method, "*", method, [])
+}
+
+// The following methods are upper-cased for init["method"] by
+// https://fetch.spec.whatwg.org/#concept-method-normalize
+// but not in Access-Control-Allow-Methods response.
+// As they are not https://fetch.spec.whatwg.org/#cors-safelisted-method,
+// Access-Control-Allow-Methods should contain upper-cased methods,
+// while init["method"] can be either in upper or lower case.
+for (const METHOD of ['DELETE', 'PUT']) {
+  const method = METHOD.toLowerCase();
+  preflightTest(true, true, METHOD, "*", METHOD, [])
+  preflightTest(true, true, METHOD, "*", method, [])
+  preflightTest(false, true, method, "*", METHOD, [])
+  preflightTest(false, true, method, "*", method, [])
+}
+
+// "PATCH" is NOT upper-cased in both places because it is not listed in
+// https://fetch.spec.whatwg.org/#concept-method-normalize.
+// So Access-Control-Allow-Methods value and init["method"] should match
+// case-sensitively.
+preflightTest(true, true, "PATCH", "*", "PATCH", [])
+preflightTest(false, true, "PATCH", "*", "patch", [])
+preflightTest(false, true, "patch", "*", "PATCH", [])
+preflightTest(true, true, "patch", "*", "patch", [])
diff --git a/fetch/api/request/forbidden-method.any.js b/fetch/api/request/forbidden-method.any.js
@@ -0,0 +1,13 @@
+// META: global=window,worker
+
+// https://fetch.spec.whatwg.org/#forbidden-method
+for (const method of [
+    'CONNECT', 'TRACE', 'TRACK',
+    'connect', 'trace', 'track'
+  ]) {
+  test(function() {
+    assert_throws_js(TypeError,
+      function() { new Request('./', {method: method}); }
+    );
+  }, 'Request() with a forbidden method ' + method + ' must throw.');
+}
diff --git a/fetch/api/request/request-init-001.sub.html b/fetch/api/request/request-init-001.sub.html
@@ -10,8 +10,20 @@
   </head>
   <body>
     <script>
-      var methods = {"givenValues" : ["GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "head"],
-                     "expectedValues" : ["GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "HEAD"]
+      // https://fetch.spec.whatwg.org/#concept-method-normalize
+      var methods = {
+        "givenValues" : [
+          "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS",
+          "get", "head", "post", "put", "delete", "options",
+          "Get", "hEad", "poSt", "Put", "deleTe", "optionS",
+          "PATCH", "patch", "patCh"
+        ],
+        "expectedValues" : [
+          "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS",
+          "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS",
+          "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS",
+          "PATCH", "patch", "patCh"
+        ]
       };
       var referrers = {"givenValues" : ["/relative/ressource",
                                         "http://{{host}}:{{ports[http][0]}}/relative/ressource?query=true#fragment",
