From 8fb33ecb965c36c31c596f3fe451f1ec13f28dc9 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Fri, 6 Jul 2018 17:27:55 +0000 Subject: [PATCH] Bug 1467848 [wpt PR 11428] - Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction, a=testonly Automatic update from web-platform-testsFetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction Supplements #11171. For https://github.com/whatwg/fetch/pull/733. -- wpt-commits: 7f0a106f3d5e9d3e7f70ba52aae896a3fffc2cc6 wpt-pr: 11428 --- testing/web-platform/meta/MANIFEST.json | 26 ++++++++++++++++++- .../resources/image.py | 1 - .../scheme-restriction.any.js | 7 +++++ .../scheme-restriction.https.window.js | 13 ++++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js create mode 100644 testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js diff --git a/testing/web-platform/meta/MANIFEST.json b/testing/web-platform/meta/MANIFEST.json index 845d07a77b9e8..ed6ba692512e5 100644 --- a/testing/web-platform/meta/MANIFEST.json +++ b/testing/web-platform/meta/MANIFEST.json @@ -338943,6 +338943,22 @@ {} ] ], + "fetch/cross-origin-resource-policy/scheme-restriction.any.js": [ + [ + "/fetch/cross-origin-resource-policy/scheme-restriction.any.html", + {} + ], + [ + "/fetch/cross-origin-resource-policy/scheme-restriction.any.worker.html", + {} + ] + ], + "fetch/cross-origin-resource-policy/scheme-restriction.https.window.js": [ + [ + "/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html", + {} + ] + ], "fetch/cross-origin-resource-policy/script-loads.html": [ [ "/fetch/cross-origin-resource-policy/script-loads.html", @@ -569233,7 +569249,7 @@ "support" ], "fetch/cross-origin-resource-policy/resources/image.py": [ - "72f4bbf045fbb61623246d44b763bd06024c0f63", + "1eba6cc92e4bc3f0d83814c0ead1ba6b23aa5182", "support" ], "fetch/cross-origin-resource-policy/resources/redirect.py": [ @@ -569244,6 +569260,14 @@ "330a0ae1420b41e63bd639fa24f75e64e4528bcc", "support" ], + "fetch/cross-origin-resource-policy/scheme-restriction.any.js": [ + "e1221ddd258f4d699dad395284f7a2cb0a719888", + "testharness" + ], + "fetch/cross-origin-resource-policy/scheme-restriction.https.window.js": [ + "e0272587c66b6c220dce1a5a055d49628c84d0fd", + "testharness" + ], "fetch/cross-origin-resource-policy/script-loads.html": [ "cd28267293f2d20ee78d6b946fe6b8793edf1bae", "testharness" diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py index ba6198135a2aa..ad9295cf68287 100644 --- a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py +++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py @@ -18,4 +18,3 @@ def main(request, response): response.writer.end_headers() response.writer.write(body) - diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js new file mode 100644 index 0000000000000..192572e28421b --- /dev/null +++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js @@ -0,0 +1,7 @@ +// META: script=/common/get-host-info.sub.js + +promise_test(t => { + return promise_rejects(t, + new TypeError(), + fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" })); +}, "Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP"); diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js new file mode 100644 index 0000000000000..4c7457187419e --- /dev/null +++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js @@ -0,0 +1,13 @@ +// META: script=/common/get-host-info.sub.js + +promise_test(t => { + const img = new Image(); + img.src = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site"; + return new Promise((resolve, reject) => { + img.onload = resolve; + img.onerror = reject; + document.body.appendChild(img); + }).finally(() => { + img.remove(); + }); +}, "Cross-Origin-Resource-Policy does not block Mixed Content ");