Bug 1467848 [wpt PR 11428] - Fetch: test Cross-Origin-Resource-Policy…

…: same-site's scheme restriction, a=testonly Automatic update from web-platform-testsFetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction Supplements #11171. For whatwg/fetch#733. -- wpt-commits: 7f0a106f3d5e9d3e7f70ba52aae896a3fffc2cc6 wpt-pr: 11428
mozilla · Jul 11, 2018 · 8fb33ec · 8fb33ec
1 parent bf2444f
commit 8fb33ec
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 2 deletions.
diff --git a/testing/web-platform/meta/MANIFEST.json b/testing/web-platform/meta/MANIFEST.json
@@ -338943,6 +338943,22 @@
      {}
     ]
    ],
+   "fetch/cross-origin-resource-policy/scheme-restriction.any.js": [
+    [
+     "/fetch/cross-origin-resource-policy/scheme-restriction.any.html",
+     {}
+    ],
+    [
+     "/fetch/cross-origin-resource-policy/scheme-restriction.any.worker.html",
+     {}
+    ]
+   ],
+   "fetch/cross-origin-resource-policy/scheme-restriction.https.window.js": [
+    [
+     "/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html",
+     {}
+    ]
+   ],
    "fetch/cross-origin-resource-policy/script-loads.html": [
     [
      "/fetch/cross-origin-resource-policy/script-loads.html",
@@ -569233,7 +569249,7 @@
    "support"
   ],
   "fetch/cross-origin-resource-policy/resources/image.py": [
-   "72f4bbf045fbb61623246d44b763bd06024c0f63",
+   "1eba6cc92e4bc3f0d83814c0ead1ba6b23aa5182",
    "support"
   ],
   "fetch/cross-origin-resource-policy/resources/redirect.py": [
@@ -569244,6 +569260,14 @@
    "330a0ae1420b41e63bd639fa24f75e64e4528bcc",
    "support"
   ],
+  "fetch/cross-origin-resource-policy/scheme-restriction.any.js": [
+   "e1221ddd258f4d699dad395284f7a2cb0a719888",
+   "testharness"
+  ],
+  "fetch/cross-origin-resource-policy/scheme-restriction.https.window.js": [
+   "e0272587c66b6c220dce1a5a055d49628c84d0fd",
+   "testharness"
+  ],
   "fetch/cross-origin-resource-policy/script-loads.html": [
    "cd28267293f2d20ee78d6b946fe6b8793edf1bae",
    "testharness"

diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py
@@ -18,4 +18,3 @@ def main(request, response):
     response.writer.end_headers()
 
     response.writer.write(body)
-
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js
@@ -0,0 +1,7 @@
+// META: script=/common/get-host-info.sub.js
+
+promise_test(t => {
+  return promise_rejects(t,
+                         new TypeError(),
+                         fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" }));
+}, "Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP");
diff --git a/.../web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js b/.../web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js
@@ -0,0 +1,13 @@
+// META: script=/common/get-host-info.sub.js
+
+promise_test(t => {
+  const img = new Image();
+  img.src = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site";
+  return new Promise((resolve, reject) => {
+    img.onload = resolve;
+    img.onerror = reject;
+    document.body.appendChild(img);
+  }).finally(() => {
+    img.remove();
+  });
+}, "Cross-Origin-Resource-Policy does not block Mixed Content <img>");
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,4 +18,3 @@ def main(request, response):
		response.writer.end_headers()

		response.writer.write(body)