Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction #11428

Merged
merged 1 commit into from
Jun 18, 2018
Merged

Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction #11428

merged 1 commit into from
Jun 18, 2018

Conversation

annevk
Copy link
Member

@annevk annevk commented Jun 8, 2018

Supplements #11171.

For whatwg/fetch#733.

annevk added a commit to whatwg/fetch that referenced this pull request Jun 8, 2018
@annevk
Define Cross-Origin-Resource-Policy response header
ce08dff 
This header makes it easier for sites to block unwanted "no-cors"
cross-origin requests.

Tests:

* web-platform-tests/wpt#11171
* web-platform-tests/wpt#11427
* web-platform-tests/wpt#11428

Follow-up: #760.

Fixes #687.
@annevk annevk force-pushed the annevk/corp-scheme-restriction branch from 3403f42 to cd37c77 Compare June 18, 2018 09:45
mikewest
mikewest approved these changes Jun 18, 2018
View reviewed changes
Copy link
Member

@mikewest mikewest left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a nit.

fetch/cross-origin-resource-policy/scheme-restriction.any.js Outdated
return promise_rejects(t,
new TypeError(),
fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" }));
}, "Cross-Origin-Resource-Policy: same-site's scheme restriction");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Perhaps name the test "same-site will block an HTTPS resource's inclusion into an HTTP document." for clarity?

@annevk annevk force-pushed the annevk/corp-scheme-restriction branch from d3d8a27 to b8b37d4 Compare June 18, 2018 13:00
@annevk annevk merged commit 7f0a106 into master Jun 18, 2018
@annevk annevk deleted the annevk/corp-scheme-restriction branch June 18, 2018 13:13
annevk added a commit to whatwg/fetch that referenced this pull request Jun 18, 2018
@annevk
Define Cross-Origin-Resource-Policy response header
0cec471 
This header makes it easier for sites to block unwanted "no-cors"
cross-origin requests.

Tests:

* web-platform-tests/wpt#11171
* web-platform-tests/wpt#11427
* web-platform-tests/wpt#11428

Follow-up: #760 & #767.

Fixes #687.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikewest mikewest mikewest approved these changes

@domfarolino domfarolino Awaiting requested review from domfarolino

@jdm jdm Awaiting requested review from jdm

@mnot mnot Awaiting requested review from mnot

@youennf youennf Awaiting requested review from youennf

@yutakahirano yutakahirano Awaiting requested review from yutakahirano

Assignees
No one assigned
Labels
fetch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@annevk @mikewest @wpt-pr-bot