Skip to content

Commit

Permalink
Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction
Browse files Browse the repository at this point in the history
Supplements #11171.

For whatwg/fetch#733.
  • Loading branch information
annevk committed Jun 18, 2018
1 parent b7373b4 commit 7f0a106
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 1 deletion.
1 change: 0 additions & 1 deletion fetch/cross-origin-resource-policy/resources/image.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,3 @@ def main(request, response):
response.writer.end_headers()

response.writer.write(body)

7 changes: 7 additions & 0 deletions fetch/cross-origin-resource-policy/scheme-restriction.any.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
// META: script=/common/get-host-info.sub.js

promise_test(t => {
return promise_rejects(t,
new TypeError(),
fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" }));
}, "Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP");
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
// META: script=/common/get-host-info.sub.js

promise_test(t => {
const img = new Image();
img.src = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site";
return new Promise((resolve, reject) => {
img.onload = resolve;
img.onerror = reject;
document.body.appendChild(img);
}).finally(() => {
img.remove();
});
}, "Cross-Origin-Resource-Policy does not block Mixed Content <img>");

0 comments on commit 7f0a106

Please sign in to comment.