From 539546ab7407fb76945fb86ff9ff5e42a5846e51 Mon Sep 17 00:00:00 2001
From: Yury Semikhatsky <yurys@chromium.org>
Date: Mon, 2 May 2022 12:38:33 -0700
Subject: [PATCH] test: can delete origin header in route.continue (#13879)

---
 tests/library/defaultbrowsercontext-2.spec.ts | 32 +++++++++++++++++++
 tests/page/page-request-continue.spec.ts      | 31 ++++++++++++++++++
 2 files changed, 63 insertions(+)

diff --git a/tests/library/defaultbrowsercontext-2.spec.ts b/tests/library/defaultbrowsercontext-2.spec.ts
index 00d83763d8..93bda385bb 100644
--- a/tests/library/defaultbrowsercontext-2.spec.ts
+++ b/tests/library/defaultbrowsercontext-2.spec.ts
@@ -251,3 +251,35 @@ it('should connect to a browser with the default page', async ({ browserType,cre
   expect(context.pages().length).toBe(1);
   await context.close();
 });
+
+it('route.continue should delete the origin header', async ({ launchPersistent, server, isAndroid, browserName }) => {
+  it.info().annotations.push({ type: 'issue', description: 'https://github.com/microsoft/playwright/issues/13106' });
+  it.skip(isAndroid, 'No cross-process on Android');
+  it.fail(browserName === 'webkit', 'Does not delete origin in webkit');
+
+  const { page } = await launchPersistent();
+
+  await page.goto(server.PREFIX + '/empty.html');
+  server.setRoute('/something', (request, response) => {
+    response.writeHead(200, { 'Access-Control-Allow-Origin': '*' });
+    response.end('done');
+  });
+  let interceptedRequest;
+  await page.route(server.CROSS_PROCESS_PREFIX + '/something', async (route, request) => {
+    interceptedRequest = request;
+    const headers = await request.allHeaders();
+    delete headers['origin'];
+    route.continue({ headers });
+  });
+
+  const [text, serverRequest] = await Promise.all([
+    page.evaluate(async url => {
+      const data = await fetch(url);
+      return data.text();
+    }, server.CROSS_PROCESS_PREFIX + '/something'),
+    server.waitForRequest('/something')
+  ]);
+  expect(text).toBe('done');
+  expect(interceptedRequest.headers()['origin']).toEqual(server.PREFIX);
+  expect(serverRequest.headers.origin).toBeFalsy();
+});
diff --git a/tests/page/page-request-continue.spec.ts b/tests/page/page-request-continue.spec.ts
index 49291148d4..e5c4077742 100644
--- a/tests/page/page-request-continue.spec.ts
+++ b/tests/page/page-request-continue.spec.ts
@@ -246,3 +246,34 @@ it('should work with Cross-Origin-Opener-Policy', async ({ page, server, browser
   expect(requests.size).toBe(1);
   expect(response.request().failure()).toBeNull();
 });
+
+it('should delete the origin header', async ({ page, server, isAndroid, browserName }) => {
+  it.info().annotations.push({ type: 'issue', description: 'https://github.com/microsoft/playwright/issues/13106' });
+  it.skip(isAndroid, 'No cross-process on Android');
+  it.fail(browserName === 'webkit', 'Does not delete origin in webkit');
+
+  await page.goto(server.PREFIX + '/empty.html');
+  server.setRoute('/something', (request, response) => {
+    response.writeHead(200, { 'Access-Control-Allow-Origin': '*' });
+    response.end('done');
+  });
+  let interceptedRequest;
+  await page.route(server.CROSS_PROCESS_PREFIX + '/something', async (route, request) => {
+    interceptedRequest = request;
+    const headers = await request.allHeaders();
+    delete headers['origin'];
+    route.continue({ headers });
+  });
+
+  const [text, serverRequest] = await Promise.all([
+    page.evaluate(async url => {
+      const data = await fetch(url);
+      return data.text();
+    }, server.CROSS_PROCESS_PREFIX + '/something'),
+    server.waitForRequest('/something')
+  ]);
+  expect(text).toBe('done');
+  expect(interceptedRequest.headers()['origin']).toEqual(server.PREFIX);
+  expect(serverRequest.headers.origin).toBeFalsy();
+});
+