These tests exercise different ways to fetch a resource (image, font-face, svg references), generated via the sub-resource python script in ./generic/subresource/
(for example, loading an image: /common/security-features/subresource/image.py?id=<UUID>
) and later verify the headers used to fetch the resource.
Since there is no way to wait for a resource referenced from CSS to be loaded, all tests use step_timeout()
to delay the verification step until after the resource (hopefully) was loaded.
Since there is also no way to retrieve headers (or other information) from resources loaded via CSS, we store the headers with the given UUID
as key on the server, and retrieve them later via an XHR, for example: /common/security-features/subresource/image.py?id=<UUID>&report-headers
.