From 78a4251f8e4a599c0142b1531dd8ee71d5ebf0aa Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Thu, 3 Oct 2019 05:47:46 +0000 Subject: [PATCH] Bug 1467848 [wpt PR 11428] - Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction, a=testonly Automatic update from web-platform-testsFetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction Supplements #11171. For https://github.com/whatwg/fetch/pull/733. -- wpt-commits: 7f0a106f3d5e9d3e7f70ba52aae896a3fffc2cc6 wpt-pr: 11428 UltraBlame original commit: 2088a3b878a40a0f734fa8e04ade1417b951e1d4 --- testing/web-platform/meta/MANIFEST.json | 182 +++++++++++++++++- .../scheme-restriction.any.js | 97 ++++++++++ .../scheme-restriction.https.window.js | 138 +++++++++++++ 3 files changed, 416 insertions(+), 1 deletion(-) create mode 100644 testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js create mode 100644 testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js diff --git a/testing/web-platform/meta/MANIFEST.json b/testing/web-platform/meta/MANIFEST.json index 8fd5c4c9e73f4..d1668e768ec22 100644 --- a/testing/web-platform/meta/MANIFEST.json +++ b/testing/web-platform/meta/MANIFEST.json @@ -2073020,6 +2073020,128 @@ resource - policy / +scheme +- +restriction +. +any +. +js +" +: +[ +[ +" +/ +fetch +/ +cross +- +origin +- +resource +- +policy +/ +scheme +- +restriction +. +any +. +html +" +{ +} +] +[ +" +/ +fetch +/ +cross +- +origin +- +resource +- +policy +/ +scheme +- +restriction +. +any +. +worker +. +html +" +{ +} +] +] +" +fetch +/ +cross +- +origin +- +resource +- +policy +/ +scheme +- +restriction +. +https +. +window +. +js +" +: +[ +[ +" +/ +fetch +/ +cross +- +origin +- +resource +- +policy +/ +scheme +- +restriction +. +https +. +window +. +html +" +{ +} +] +] +" +fetch +/ +cross +- +origin +- +resource +- +policy +/ script - loads @@ -3779040,7 +3779162,7 @@ py : [ " -72f4bbf045fbb61623246d44b763bd06024c0f63 +1eba6cc92e4bc3f0d83814c0ead1ba6b23aa5182 " " support @@ -3779109,6 +3779231,64 @@ resource - policy / +scheme +- +restriction +. +any +. +js +" +: +[ +" +e1221ddd258f4d699dad395284f7a2cb0a719888 +" +" +testharness +" +] +" +fetch +/ +cross +- +origin +- +resource +- +policy +/ +scheme +- +restriction +. +https +. +window +. +js +" +: +[ +" +e0272587c66b6c220dce1a5a055d49628c84d0fd +" +" +testharness +" +] +" +fetch +/ +cross +- +origin +- +resource +- +policy +/ script - loads diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js new file mode 100644 index 0000000000000..966ede17d8d13 --- /dev/null +++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js @@ -0,0 +1,97 @@ +/ +/ +META +: +script += +/ +common +/ +get +- +host +- +info +. +sub +. +js +promise_test +( +t += +> +{ +return +promise_rejects +( +t +new +TypeError +( +) +fetch +( +get_host_info +( +) +. +HTTPS_REMOTE_ORIGIN ++ +" +/ +fetch +/ +cross +- +origin +- +resource +- +policy +/ +resources +/ +hello +. +py +? +corp += +same +- +site +" +{ +mode +: +" +no +- +cors +" +} +) +) +; +} +" +Cross +- +Origin +- +Resource +- +Policy +: +same +- +site +blocks +retrieving +HTTPS +from +HTTP +" +) +; diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js new file mode 100644 index 0000000000000..5e9cb1bd1aafa --- /dev/null +++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js @@ -0,0 +1,138 @@ +/ +/ +META +: +script += +/ +common +/ +get +- +host +- +info +. +sub +. +js +promise_test +( +t += +> +{ +const +img += +new +Image +( +) +; +img +. +src += +get_host_info +( +) +. +HTTP_REMOTE_ORIGIN ++ +" +/ +fetch +/ +cross +- +origin +- +resource +- +policy +/ +resources +/ +image +. +py +? +corp += +same +- +site +" +; +return +new +Promise +( +( +resolve +reject +) += +> +{ +img +. +onload += +resolve +; +img +. +onerror += +reject +; +document +. +body +. +appendChild +( +img +) +; +} +) +. +finally +( +( +) += +> +{ +img +. +remove +( +) +; +} +) +; +} +" +Cross +- +Origin +- +Resource +- +Policy +does +not +block +Mixed +Content +< +img +> +" +) +;