-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1464525 [wpt PR 11171] - Cross-Origin-Resource-Policy tests, a=te…
…stonly Automatic update from web-platform-testsFetch: Cross-Origin-Resource-Policy tests For whatwg/fetch#733. WebKit export of https://bugs.webkit.org/show_bug.cgi?id=185840. -- wpt-commits: 53f7340307c1c0fa4ab96e79d88c69a7870030f4 wpt-pr: 11171
- Loading branch information
Showing
14 changed files
with
479 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| </head> | ||
| <body> | ||
| <script> | ||
| const host = get_host_info(); | ||
| const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
| const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
| const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
|
|
||
| function with_iframe(url) | ||
| { | ||
| return new Promise(function(resolve) { | ||
| var frame = document.createElement('iframe'); | ||
| frame.src = url; | ||
| frame.onload = function() { resolve(frame); }; | ||
| document.body.appendChild(frame); | ||
| }); | ||
| } | ||
|
|
||
| function loadIFrameAndFetch(iframeURL, fetchURL, expectedFetchResult, title) | ||
| { | ||
| promise_test(async () => { | ||
| const frame = await with_iframe(iframeURL); | ||
| let receiveMessage; | ||
| const promise = new Promise((resolve, reject) => { | ||
| receiveMessage = (event) => { | ||
| if (event.data !== expectedFetchResult) { | ||
| reject("Received unexpected message " + event.data); | ||
| return; | ||
| } | ||
| resolve(); | ||
| } | ||
| window.addEventListener("message", receiveMessage, false); | ||
| }); | ||
| frame.contentWindow.postMessage(fetchURL, "*"); | ||
| return promise.finally(() => { | ||
| frame.remove(); | ||
| window.removeEventListener("message", receiveMessage, false); | ||
| }); | ||
| }, title); | ||
| } | ||
|
|
||
| // This above data URL should be equivalent to resources/iframeFetch.html | ||
| var dataIFrameURL = "data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ+CiAgICAgICAgZnVuY3Rpb24gcHJvY2Vzc01lc3NhZ2UoZXZlbnQpCiAgICAgICAgewogICAgICAgICAgICBmZXRjaChldmVudC5kYXRhLCB7IG1vZGU6ICJuby1jb3JzIiB9KS50aGVuKCgpID0+IHsKICAgICAgICAgICAgICAgIHBhcmVudC5wb3N0TWVzc2FnZSgib2siLCAiKiIpOwogICAgICAgICAgICB9LCAoKSA9PiB7CiAgICAgICAgICAgICAgICBwYXJlbnQucG9zdE1lc3NhZ2UoImtvIiwgIioiKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgcHJvY2Vzc01lc3NhZ2UsIGZhbHNlKTsKICAgIDwvc2NyaXB0Pgo8L2hlYWQ+Cjxib2R5PgogICAgPGgzPlRoZSBpZnJhbWUgbWFraW5nIGEgc2FtZSBvcmlnaW4gZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk+CjwvaHRtbD4K"; | ||
|
|
||
| loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same-origin", "ko", | ||
| "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header."); | ||
|
|
||
| loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same-site", "ko", | ||
| "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header."); | ||
|
|
||
| loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", localBaseURL + "resources/hello.py?corp=same-origin", "ko", | ||
| "Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header."); | ||
|
|
||
| loadIFrameAndFetch(notSameSiteBaseURL + "resources/iframeFetch.html", localBaseURL + "resources/hello.py?corp=same-site", "ko", | ||
| "Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header."); | ||
|
|
||
| loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", remoteBaseURL + "resources/hello.py?corp=same-origin", "ok", | ||
| "Same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header."); | ||
| </script> | ||
| </body> | ||
| </html> |
83 changes: 83 additions & 0 deletions
83
testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| </head> | ||
| <body> | ||
| <script> | ||
| const host = get_host_info(); | ||
| const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
| const sameSiteBaseURL = "http://" + host.ORIGINAL_HOST + ":" + host.HTTP_PORT2 + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
| const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
| const httpsBaseURL = host.HTTPS_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
|
|
||
| promise_test(async () => { | ||
| const response = await fetch("./resources/hello.py?corp=same-origin"); | ||
| assert_equals(await response.text(), "hello"); | ||
| }, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header."); | ||
|
|
||
| promise_test(async () => { | ||
| const response = await fetch("./resources/hello.py?corp=same-site"); | ||
| assert_equals(await response.text(), "hello"); | ||
| }, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); | ||
|
|
||
| promise_test(async (test) => { | ||
| const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-origin"); | ||
| assert_equals(await response.text(), "hello"); | ||
| }, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header."); | ||
|
|
||
| promise_test(async (test) => { | ||
| const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-site"); | ||
| assert_equals(await response.text(), "hello"); | ||
| }, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); | ||
|
|
||
| promise_test((test) => { | ||
| const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin"; | ||
| return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" })); | ||
| }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header."); | ||
|
|
||
| promise_test((test) => { | ||
| const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-site"; | ||
| return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" })); | ||
| }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); | ||
|
|
||
| promise_test((test) => { | ||
| const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site"; | ||
| return fetch(remoteURL, { mode: "no-cors" }); | ||
| }, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header."); | ||
|
|
||
| promise_test((test) => { | ||
| const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-origin"; | ||
| return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" })); | ||
| }, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header."); | ||
|
|
||
| promise_test(async (test) => { | ||
| const remoteSameSiteURL = sameSiteBaseURL + "resources/hello.py?corp=same-site"; | ||
|
|
||
| await fetch(remoteSameSiteURL, { mode: "no-cors" }); | ||
|
|
||
| return promise_rejects(test, new TypeError, fetch(sameSiteBaseURL + "resources/hello.py?corp=same-origin", { mode: "no-cors" })); | ||
| }, "Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); | ||
|
|
||
| promise_test((test) => { | ||
| const finalURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin"; | ||
| return promise_rejects(test, new TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" })); | ||
| }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection."); | ||
|
|
||
| promise_test((test) => { | ||
| const finalURL = localBaseURL + "resources/hello.py?corp=same-origin"; | ||
| return fetch(notSameSiteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }); | ||
| }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection."); | ||
|
|
||
| promise_test(async (test) => { | ||
| const finalURL = localBaseURL + "resources/hello.py?corp=same-origin"; | ||
|
|
||
| await fetch(finalURL, { mode: "no-cors" }); | ||
|
|
||
| return promise_rejects(test, new TypeError, fetch(notSameSiteBaseURL + "resources/redirect.py?corp=same-origin&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" })); | ||
| }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header."); | ||
| </script> | ||
| </body> | ||
| </html> |
46 changes: 46 additions & 0 deletions
46
testing/web-platform/tests/fetch/cross-origin-resource-policy/iframe-loads.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="/common/get-host-info.sub.js"></script> | ||
| </head> | ||
| <body> | ||
| <script> | ||
| const host = get_host_info(); | ||
| const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
| const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; | ||
|
|
||
| function with_iframe(url) { | ||
| return new Promise(function(resolve) { | ||
| var frame = document.createElement('iframe'); | ||
| frame.src = url; | ||
| frame.onload = function() { resolve(frame); }; | ||
| document.body.appendChild(frame); | ||
| }); | ||
| } | ||
|
|
||
| promise_test(async() => { | ||
| const url = remoteBaseURL + "resources/iframe.py?corp=same-origin"; | ||
|
|
||
| await new Promise((resolve, reject) => { | ||
| return fetch(url, { mode: "no-cors" }).then(reject, resolve); | ||
| }); | ||
|
|
||
| const iframe = await with_iframe(url); | ||
| return new Promise((resolve, reject) => { | ||
| window.addEventListener("message", (event) => { | ||
| if (event.data !== "pong") { | ||
| reject(event.data); | ||
| return; | ||
| } | ||
| resolve(); | ||
| }, false); | ||
| iframe.contentWindow.postMessage("ping", "*"); | ||
| }).finally(() => { | ||
| iframe.remove(); | ||
| }); | ||
| }, "Load an iframe that has Cross-Origin-Resource-Policy header"); | ||
| </script> | ||
| </body> | ||
| </html> |
Oops, something went wrong.