Script messaging - cross-origin Script request

If you can read JSON encoded HTTP request headers of the Script below, the messaging works as expected.

https://www1.wpt.live:/common/security-features/subresource/script.py:

{
  "host": "www1.wpt.live",
  "connection": "keep-alive",
  "pragma": "no-cache",
  "cache-control": "no-cache",
  "sec-ch-ua-platform": "\"Windows\"",
  "user-agent": "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)",
  "sec-ch-ua": "\"HeadlessChrome\";v=\"129\", \"Not=A?Brand\";v=\"8\", \"Chromium\";v=\"129\"",
  "sec-ch-ua-mobile": "?0",
  "accept": "*/*",
  "sec-fetch-site": "same-site",
  "sec-fetch-mode": "no-cors",
  "sec-fetch-dest": "script",
  "referer": "https://wpt.live/",
  "accept-encoding": "gzip, deflate, br, zstd"
}

Summary

Harness status: OK

Found 1 tests

1 Pass

Details

Result

Test Name

Message

Pass

Script is responding with HTTP headers

Asserts run

Pass

assert_own_property(object "[object Object]", "host")
    at  /referrer-policy/generic/subresource-test/script-messaging.html:30:15

Pass

assert_own_property(object "[object Object]", "connection")
    at  /referrer-policy/generic/subresource-test/script-messaging.html:31:15