From eab3b0ef26b7a11fee4febb12790319e26fecab9 Mon Sep 17 00:00:00 2001 From: Youenn Fablet Date: Fri, 25 May 2018 13:29:16 -0700 Subject: [PATCH] Fetch: Cross-Origin-Resource-Policy tests For https://github.com/whatwg/fetch/pull/733. WebKit export of https://bugs.webkit.org/show_bug.cgi?id=185840. --- common/get-host-info.sub.js | 2 + .../fetch-in-iframe.html | 67 ++++++++++++++ fetch/cross-origin-resource-policy/fetch.html | 83 ++++++++++++++++++ .../iframe-loads.html | 46 ++++++++++ .../image-loads.html | 53 +++++++++++ .../resources/green.png | Bin 0 -> 87 bytes .../resources/hello.py | 6 ++ .../resources/iframe.py | 5 ++ .../resources/iframeFetch.html | 19 ++++ .../resources/image.py | 21 +++++ .../resources/redirect.py | 6 ++ .../resources/script.py | 6 ++ .../script-loads.html | 51 +++++++++++ 13 files changed, 365 insertions(+) create mode 100644 fetch/cross-origin-resource-policy/fetch-in-iframe.html create mode 100644 fetch/cross-origin-resource-policy/fetch.html create mode 100644 fetch/cross-origin-resource-policy/iframe-loads.html create mode 100644 fetch/cross-origin-resource-policy/image-loads.html create mode 100644 fetch/cross-origin-resource-policy/resources/green.png create mode 100644 fetch/cross-origin-resource-policy/resources/hello.py create mode 100644 fetch/cross-origin-resource-policy/resources/iframe.py create mode 100644 fetch/cross-origin-resource-policy/resources/iframeFetch.html create mode 100644 fetch/cross-origin-resource-policy/resources/image.py create mode 100644 fetch/cross-origin-resource-policy/resources/redirect.py create mode 100644 fetch/cross-origin-resource-policy/resources/script.py create mode 100644 fetch/cross-origin-resource-policy/script-loads.html diff --git a/common/get-host-info.sub.js b/common/get-host-info.sub.js index c0ad19bc7a3ad2..35acad33a8fa42 100644 --- a/common/get-host-info.sub.js +++ b/common/get-host-info.sub.js @@ -6,6 +6,7 @@ function get_host_info() { var ORIGINAL_HOST = '{{host}}'; var REMOTE_HOST = (ORIGINAL_HOST === 'localhost') ? '127.0.0.1' : ('www1.' + ORIGINAL_HOST); var OTHER_HOST = '{{domains[www2]}}'; + var NOTSAMESITE_HOST = (ORIGINAL_HOST === 'localhost') ? '127.0.0.1' : ('not-' + ORIGINAL_HOST); return { HTTP_PORT: HTTP_PORT, @@ -19,6 +20,7 @@ function get_host_info() { HTTPS_ORIGIN_WITH_CREDS: 'https://foo:bar@' + ORIGINAL_HOST + ':' + HTTPS_PORT, HTTP_ORIGIN_WITH_DIFFERENT_PORT: 'http://' + ORIGINAL_HOST + ':' + HTTP_PORT2, HTTP_REMOTE_ORIGIN: 'http://' + REMOTE_HOST + ':' + HTTP_PORT, + HTTP_NOTSAMESITE_ORIGIN: 'http://' + NOTSAMESITE_HOST + ':' + HTTP_PORT, HTTP_REMOTE_ORIGIN_WITH_DIFFERENT_PORT: 'http://' + REMOTE_HOST + ':' + HTTP_PORT2, HTTPS_REMOTE_ORIGIN: 'https://' + REMOTE_HOST + ':' + HTTPS_PORT, HTTPS_REMOTE_ORIGIN_WITH_CREDS: 'https://foo:bar@' + REMOTE_HOST + ':' + HTTPS_PORT, diff --git a/fetch/cross-origin-resource-policy/fetch-in-iframe.html b/fetch/cross-origin-resource-policy/fetch-in-iframe.html new file mode 100644 index 00000000000000..cc6a3a81bcf4cb --- /dev/null +++ b/fetch/cross-origin-resource-policy/fetch-in-iframe.html @@ -0,0 +1,67 @@ + + + + + + + + + + + diff --git a/fetch/cross-origin-resource-policy/fetch.html b/fetch/cross-origin-resource-policy/fetch.html new file mode 100644 index 00000000000000..7cf8d60050aa7b --- /dev/null +++ b/fetch/cross-origin-resource-policy/fetch.html @@ -0,0 +1,83 @@ + + + + + + + + + + + diff --git a/fetch/cross-origin-resource-policy/iframe-loads.html b/fetch/cross-origin-resource-policy/iframe-loads.html new file mode 100644 index 00000000000000..63902c302b7ce6 --- /dev/null +++ b/fetch/cross-origin-resource-policy/iframe-loads.html @@ -0,0 +1,46 @@ + + + + + + + + + + + diff --git a/fetch/cross-origin-resource-policy/image-loads.html b/fetch/cross-origin-resource-policy/image-loads.html new file mode 100644 index 00000000000000..8a0458f107abdf --- /dev/null +++ b/fetch/cross-origin-resource-policy/image-loads.html @@ -0,0 +1,53 @@ + + + + + + + + +
+ + + diff --git a/fetch/cross-origin-resource-policy/resources/green.png b/fetch/cross-origin-resource-policy/resources/green.png new file mode 100644 index 0000000000000000000000000000000000000000..28a1faab37797ef39454aa1deac1b470712f7be4 GIT binary patch literal 87 zcmeAS@N?(olHy`uVBq!ia0vp^DL`z*$P6SW{C@KnNHGWagt#*NXE2F7umZ^C_jGX# j(GX2ekYHV$kio>jw1

The iframe

" + diff --git a/fetch/cross-origin-resource-policy/resources/iframeFetch.html b/fetch/cross-origin-resource-policy/resources/iframeFetch.html new file mode 100644 index 00000000000000..257185805d96d2 --- /dev/null +++ b/fetch/cross-origin-resource-policy/resources/iframeFetch.html @@ -0,0 +1,19 @@ + + + + + + +

The iframe making a same origin fetch call.

+ + diff --git a/fetch/cross-origin-resource-policy/resources/image.py b/fetch/cross-origin-resource-policy/resources/image.py new file mode 100644 index 00000000000000..ba6198135a2aad --- /dev/null +++ b/fetch/cross-origin-resource-policy/resources/image.py @@ -0,0 +1,21 @@ +import os.path + +def main(request, response): + type = request.GET.first("type", None) + + body = open(os.path.join(os.path.dirname(__file__), "green.png"), "rb").read() + + response.add_required_headers = False + response.writer.write_status(200) + + if 'corp' in request.GET: + response.writer.write_header("cross-origin-resource-policy", request.GET['corp']) + if 'acao' in request.GET: + response.writer.write_header("access-control-allow-origin", request.GET['acao']) + response.writer.write_header("content-length", len(body)) + if(type != None): + response.writer.write_header("content-type", type) + response.writer.end_headers() + + response.writer.write(body) + diff --git a/fetch/cross-origin-resource-policy/resources/redirect.py b/fetch/cross-origin-resource-policy/resources/redirect.py new file mode 100644 index 00000000000000..73793b074272e9 --- /dev/null +++ b/fetch/cross-origin-resource-policy/resources/redirect.py @@ -0,0 +1,6 @@ +def main(request, response): + headers = [("Location", request.GET['redirectTo'])] + if 'corp' in request.GET: + headers.append(('Cross-Origin-Resource-Policy', request.GET['corp'])) + + return 302, headers, "" diff --git a/fetch/cross-origin-resource-policy/resources/script.py b/fetch/cross-origin-resource-policy/resources/script.py new file mode 100644 index 00000000000000..c9bd6b9c9ee861 --- /dev/null +++ b/fetch/cross-origin-resource-policy/resources/script.py @@ -0,0 +1,6 @@ +def main(request, response): + headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])] + if 'origin' in request.headers: + headers.append(('Access-Control-Allow-Origin', request.headers['origin'])) + + return 200, headers, "" diff --git a/fetch/cross-origin-resource-policy/script-loads.html b/fetch/cross-origin-resource-policy/script-loads.html new file mode 100644 index 00000000000000..5850e0109f18c2 --- /dev/null +++ b/fetch/cross-origin-resource-policy/script-loads.html @@ -0,0 +1,51 @@ + + + + + + + + +
+ + +