mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 07:15:46 +00:00
Bug 1487339 [wpt PR 12754] - Refactored usage of XHR, added error handling., a=testonly
Automatic update from web-platform-testsRefactored usage of XHR, added error handling. - Added error handling as suggested in https://github.com/web-platform-tests/wpt/pull/12162 - changed XHR calls to FetchAPI - changed async tests to Promise tests - corrected the existing redirect tests and reported bug: crbug/872285 - removed Same-Site and Cross-Origin XSLT tests as they seemed to fail because loading cross origin xslt is not supported "Unsafe attempt to load URL from frame" (No idea why they passed before) - added two test cases for multiple redirects. The idea is that the Sec-Metadata header should be "downgraded" to less secure and should carry the value to the end. If a cross-origin domain controls a redirect at any point of the redirect chain, then the final requests are potentially influenced by the attacker. - (Same-Origin -> Cross-Site -> Same-Origin -> Same-Origin) -> site=cross-site - (Same-Origin -> Same-Site -> Same-Origin -> Same-Origin) -> site=same-site Change-Id: I591af1948cc1f16e3b5c44f51020149e43fc2746 Reviewed-on: https://chromium-review.googlesource.com/1193953 Commit-Queue: Maciek Trzos <mtrzos@google.com> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#587556} -- wpt-commits: 241cb914b6eae52ce48ad26df7d5b8c2e7088613 wpt-pr: 12754
This commit is contained in:
parent
b51b35a327
commit
bd76acd420
@ -353517,57 +353517,33 @@
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html": [
|
||||
"fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html",
|
||||
"/fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html": [
|
||||
"fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html",
|
||||
"/fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html": [
|
||||
"fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html",
|
||||
"/fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html": [
|
||||
"fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html",
|
||||
"/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html": [
|
||||
"fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html": [
|
||||
[
|
||||
"/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html",
|
||||
"/fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
@ -590273,7 +590249,7 @@
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/font.tentative.https.sub.html": [
|
||||
"65432b5bacf3bddf8d5cbaad74bdbaf5e63fb44e",
|
||||
"0a75531c405fc6db3320caec5567bec1ac38c763",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/iframe.tentative.https.sub.html": [
|
||||
@ -590288,40 +590264,24 @@
|
||||
"e1ac53157e023a9c6bc4806feda2e782ef4eefa5",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html": [
|
||||
"e25fd3f61d5487de6026a0204f107201f491afad",
|
||||
"fetch/sec-metadata/redirect/cross-site-redirect.tentative.https.sub.html": [
|
||||
"9f497a9b62b80da4eff2e35220c1d6317e0e2817",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html": [
|
||||
"ac5982d8956c96cd638c2464ec9f8cce3f7e3a34",
|
||||
"fetch/sec-metadata/redirect/multiple-redirect-cross-site.tentative.https.sub.html": [
|
||||
"fdd8733ba6d682b1f6b55fb4e3738d03a1fbbb50",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html": [
|
||||
"5b3b965f5e96d75f93796e55e77cfac94de18a52",
|
||||
"fetch/sec-metadata/redirect/multiple-redirect-same-site.tentative.https.sub.html": [
|
||||
"8fdc943f4c96c0616778c3316587f3cc598606eb",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html": [
|
||||
"ea6b167673f5e64396db4690abde56253e8af914",
|
||||
"fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html": [
|
||||
"dea71c3f67dca694e05f3c00db1d2d7aea5f3744",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html": [
|
||||
"430990a57c48b858fdc509653c0b689abcedcc6d",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html": [
|
||||
"591cf67d18111592a5e696e346371a88770bdb32",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html": [
|
||||
"8592d02c269b6afc4193f4323238b68d8fc26979",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html": [
|
||||
"191dbaa7f77a3ac569b37e95e2db9f2ac4985a3e",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html": [
|
||||
"11d60473981cf056ebc56b15905f27c070dad9c8",
|
||||
"fetch/sec-metadata/redirect/same-site-redirect.tentative.https.sub.html": [
|
||||
"a71163a1bfcb09196083dd1a38f4a6863f46eca8",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/report.tentative.https.sub.html": [
|
||||
@ -590345,15 +590305,15 @@
|
||||
"support"
|
||||
],
|
||||
"fetch/sec-metadata/resources/helper.js": [
|
||||
"cbd96d06863427f34d75d0621839bcfe76c7ad96",
|
||||
"55e36d49fac39e814e10df1629e8b8fec0c8ebef",
|
||||
"support"
|
||||
],
|
||||
"fetch/sec-metadata/resources/post-to-owner.py": [
|
||||
"fe08cd1cbcaa4585fb3be0ce0ee33e7d75759129",
|
||||
"5472aa5b47e424bb6590d6c757df635eb4b6dd1f",
|
||||
"support"
|
||||
],
|
||||
"fetch/sec-metadata/resources/record-header.py": [
|
||||
"06157e4cd8bd35e54b99c04f09a995185ba5686c",
|
||||
"4c30d1e52ac8bfb24c890f790df154ea17947043",
|
||||
"support"
|
||||
],
|
||||
"fetch/sec-metadata/resources/sharedWorker.js": [
|
||||
@ -590369,15 +590329,15 @@
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/serviceworker.tentative.https.sub.html": [
|
||||
"9d1fe2a3449da49b3b4e167f74e63e815ef5cf6c",
|
||||
"cefabb20aaa40c91f5d90d180f52d596086a55cd",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/sharedworker.tentative.https.sub.html": [
|
||||
"aa118e04239691f5488c4d62f3f1cf0ae59e8f1d",
|
||||
"09017ccbb3a2b1b878d15e4199d59cad29a2277a",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/style.tentative.https.sub.html": [
|
||||
"78fac567b43f3c48c81897b44237d820a6209d8a",
|
||||
"609d5764f08ca5b3242692f4bdd94f2b364481b3",
|
||||
"testharness"
|
||||
],
|
||||
"fetch/sec-metadata/track.tentative.https.sub.html": [
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html>
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
@ -43,62 +43,42 @@
|
||||
</body>
|
||||
<script>
|
||||
document.fonts.ready.then(function () {
|
||||
test_same_origin();
|
||||
test_same_site();
|
||||
test_cross_site();
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "font-same-origin";
|
||||
let expected = {"destination":"font", "site":"same-origin"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
});
|
||||
}, "Same-Origin font");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "font-same-site";
|
||||
let expected = {"destination":"font", "site":"same-site"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
});
|
||||
}, "Same-Site font");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "font-cross-site";
|
||||
let expected = {"destination":"font", "site":"cross-site"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
});
|
||||
}, "Cross-Site font");
|
||||
|
||||
});
|
||||
|
||||
function test_same_origin(){
|
||||
var same_origin_test = async_test("Same-Origin font");
|
||||
same_origin_test.step(function () {
|
||||
key = "font-same-origin";
|
||||
expected_same_origin = {"destination":"font", "site":"same-origin"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_origin_xhr = new XMLHttpRequest();
|
||||
same_origin_xhr.open("PUT", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
|
||||
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
|
||||
});
|
||||
same_origin_xhr.send();
|
||||
});
|
||||
}
|
||||
|
||||
function test_same_site(){
|
||||
var same_site_test = async_test("Same-Site font");
|
||||
same_site_test.step(function () {
|
||||
key = "font-same-site";
|
||||
expected_same_site = {"destination":"font", "site":"same-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_site_xhr = new XMLHttpRequest();
|
||||
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
|
||||
verify_response(same_site_xhr, same_site_test, expected_same_site)
|
||||
});
|
||||
same_site_xhr.send();
|
||||
});
|
||||
}
|
||||
|
||||
function test_cross_site(){
|
||||
var cross_site_test = async_test("Cross-Site font");
|
||||
cross_site_test.step(function () {
|
||||
key = "font-cross-site";
|
||||
expected_cross_site = {"destination":"font", "site":"cross-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
cross_site_xhr = new XMLHttpRequest();
|
||||
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
|
||||
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
|
||||
});
|
||||
cross_site_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
||||
</html>
|
||||
|
@ -0,0 +1,86 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body></body>
|
||||
<script>
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-cross-site-same-origin";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"cross-site"};
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Cross-Site -> Same-Origin redirect");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-cross-site-same-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"cross-site"};
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Cross-Site -> Same-Site redirect");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-cross-site-cross-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"cross-site"};
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Cross-Site -> Cross-Site redirect");
|
||||
</script>
|
@ -1,30 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
<!-- redirect Cross-Site -> Cross-Site -->
|
||||
<img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-cross-site"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_cross_site(){
|
||||
var cross_site_test = async_test("Cross-Site -> Cross-Site redirect");
|
||||
cross_site_test.step(function () {
|
||||
filename = "redirect-cross-site-cross-site";
|
||||
expected_cross_site = {"destination":"image", "site":"cross-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
cross_site_xhr = new XMLHttpRequest();
|
||||
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
|
||||
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
|
||||
});
|
||||
cross_site_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
|
||||
<!-- redirect Cross-Site -> Same-Origin -->
|
||||
<img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-same-origin"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_same_origin(){
|
||||
var same_origin_test = async_test("Cross-Site -> Same-Origin redirect");
|
||||
same_origin_test.step(function () {
|
||||
filename = "redirect-cross-site-same-origin";
|
||||
expected_same_origin = {"destination":"image", "site":"cross-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_origin_xhr = new XMLHttpRequest();
|
||||
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
|
||||
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
|
||||
});
|
||||
same_origin_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -1,30 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
<!-- redirect Cross-Site -> Same-Site -->
|
||||
<img onload="test_same_site()" onerror="test_same_site()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-same-site"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_same_site(){
|
||||
var same_site_test = async_test("Cross-Site -> Same-Site redirect");
|
||||
same_site_test.step(function () {
|
||||
filename = "redirect-cross-site-same-site";
|
||||
expected_same_site = {"destination":"image", "site":"cross-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_site_xhr = new XMLHttpRequest();
|
||||
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
|
||||
verify_response(same_site_xhr, same_site_test, expected_same_site)
|
||||
});
|
||||
same_site_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -0,0 +1,37 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body></body>
|
||||
<script>
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-multiple-cross-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
|
||||
"https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// cross-site
|
||||
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
|
||||
let expected = {"destination":"image", "site":"cross-site"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Origin -> Cross-Site -> Same-Origin redirect");
|
||||
</script>
|
@ -0,0 +1,37 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body></body>
|
||||
<script>
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-multiple-same-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-origin
|
||||
"https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=" +// same-site
|
||||
"https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;// same-origin
|
||||
let expected = {"destination":"image", "site":"same-site"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Origin -> Same-Site -> Same-Origin redirect");
|
||||
</script>
|
@ -0,0 +1,89 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body></body>
|
||||
<script>
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-same-origin-same-origin";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"same-origin"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Origin -> Same-Origin redirect");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-same-origin-same-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"same-site"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Origin -> Same-Site redirect");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-same-origin-cross-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"cross-site"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Origin -> Cross-Site redirect");
|
||||
</script>
|
@ -1,30 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
<!-- redirect Same-Origin -> Cross-Site -->
|
||||
<img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-cross-site"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_cross_site(){
|
||||
var cross_site_test = async_test("Same-Origin -> Cross-Site redirect");
|
||||
cross_site_test.step(function () {
|
||||
filename = "redirect-same-origin-cross-site";
|
||||
expected_cross_site = {"destination":"image", "site":"same-origin"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
cross_site_xhr = new XMLHttpRequest();
|
||||
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
|
||||
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
|
||||
});
|
||||
cross_site_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
|
||||
<!-- redirect Same-Origin -> Same-Origin -->
|
||||
<img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-same-origin"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_same_origin(){
|
||||
var same_origin_test = async_test("Same-Origin -> Same-Origin redirect");
|
||||
same_origin_test.step(function () {
|
||||
filename = "redirect-same-origin-same-origin";
|
||||
expected_same_origin = {"destination":"image", "site":"same-origin"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_origin_xhr = new XMLHttpRequest();
|
||||
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
|
||||
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
|
||||
});
|
||||
same_origin_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
|
||||
<!-- redirect Same-Origin -> Same-Site -->
|
||||
<img onload="test_same_site()" onerror="test_same_site()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-same-site"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_same_site(){
|
||||
var same_site_test = async_test("Same-Origin -> Same-Site redirect");
|
||||
same_site_test.step(function () {
|
||||
filename = "redirect-same-origin-same-site";
|
||||
expected_same_site = {"destination":"image", "site":"same-origin"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_site_xhr = new XMLHttpRequest();
|
||||
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
|
||||
verify_response(same_site_xhr, same_site_test, expected_same_site)
|
||||
});
|
||||
same_site_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -0,0 +1,89 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body></body>
|
||||
<script>
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-same-site-same-origin";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"same-site"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Site -> Same-Origin redirect");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-same-site-same-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"same-site"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Site -> Same-Site redirect");
|
||||
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "redirect-same-site-cross-site";
|
||||
|
||||
let e = document.createElement('img');
|
||||
e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
let expected = {"destination":"image", "site":"cross-site"};
|
||||
|
||||
e.onload = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
e.onerror = e => {
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Site -> Cross-Site redirect");
|
||||
</script>
|
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
|
||||
<!-- redirect Same-Site -> Cross-Site -->
|
||||
<img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-cross-site"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_cross_site(){
|
||||
var cross_site_test = async_test("Same-Site -> Cross-Site redirect");
|
||||
cross_site_test.step(function () {
|
||||
key = "redirect-same-site-cross-site";
|
||||
expected_cross_site = {"destination":"image", "site":"same-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
cross_site_xhr = new XMLHttpRequest();
|
||||
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
|
||||
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
|
||||
});
|
||||
cross_site_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
|
||||
<!-- redirect Same-Site -> Same-Origin -->
|
||||
<img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-same-origin"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_same_origin(){
|
||||
var same_origin_test = async_test("Same-Site -> Same-Origin redirect");
|
||||
same_origin_test.step(function () {
|
||||
key = "redirect-same-site-same-origin";
|
||||
expected_same_origin = {"destination":"image", "site":"same-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_origin_xhr = new XMLHttpRequest();
|
||||
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
|
||||
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
|
||||
});
|
||||
same_origin_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body>
|
||||
|
||||
<!-- redirect Same-Site -> Same-Site -->
|
||||
<img onload="test_same_site()" onerror="test_same_site()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-same-site"></img>
|
||||
</body>
|
||||
|
||||
<script>
|
||||
function test_same_site(){
|
||||
var same_site_test = async_test("Same-Site -> Same-Site redirect");
|
||||
same_site_test.step(function () {
|
||||
key = "redirect-same-site-same-site";
|
||||
expected_same_site = {"destination":"image", "site":"same-site"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_site_xhr = new XMLHttpRequest();
|
||||
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
|
||||
verify_response(same_site_xhr, same_site_test, expected_same_site)
|
||||
});
|
||||
same_site_xhr.send();
|
||||
});
|
||||
}
|
||||
</script>
|
@ -17,10 +17,3 @@ function assert_header_equals(value, expected) {
|
||||
assert_equals(result.target, expected.target, "target");
|
||||
assert_equals(result.site, expected.site, "site");
|
||||
}
|
||||
|
||||
function verify_response(xhr, test, expected){
|
||||
if (xhr.readyState === 4) {
|
||||
assert_header_equals(xhr.responseText, expected);
|
||||
test.done();
|
||||
}
|
||||
}
|
||||
|
@ -12,5 +12,5 @@ def main(request, response):
|
||||
if (window.top != window)
|
||||
window.top.postMessage(data, "*");
|
||||
</script>
|
||||
""" % json.dumps(request.headers["sec-metadata"])
|
||||
""" % json.dumps(request.headers.get("Sec-Metadata", ""))
|
||||
return headers, body
|
||||
|
@ -21,20 +21,23 @@ def main(request, response):
|
||||
if 'retrieve' in request.GET:
|
||||
response.writer.write_status(200)
|
||||
response.writer.end_headers()
|
||||
header_value = request.server.stash.take(testId)
|
||||
if header_value != None:
|
||||
try:
|
||||
header_value = request.server.stash.take(testId)
|
||||
response.writer.write(header_value)
|
||||
except (KeyError, ValueError) as e:
|
||||
response.writer.write("No header has been recorded")
|
||||
pass
|
||||
|
||||
response.close_connection = True
|
||||
|
||||
## Record incoming Sec-Metadata header value
|
||||
else:
|
||||
## Return empty string as a default value ##
|
||||
header = request.headers.get("Sec-Metadata", "")
|
||||
try:
|
||||
## Return empty string as a default value ##
|
||||
header = request.headers.get("Sec-Metadata", "")
|
||||
request.server.stash.put(testId, header)
|
||||
except KeyError:
|
||||
## The header is already recorded
|
||||
## The header is already recorded or it doesn't exist
|
||||
pass
|
||||
|
||||
## Prevent the browser from caching returned responses and allow CORS ##
|
||||
@ -61,6 +64,7 @@ def main(request, response):
|
||||
|
||||
## Return a valid font content and Content-Type ##
|
||||
if key.startswith("font"):
|
||||
response.headers.set("Content-Type", "application/x-font-ttf")
|
||||
file = open("fonts/Ahem.ttf", "r")
|
||||
font = file.read()
|
||||
file.close()
|
||||
|
@ -8,7 +8,7 @@
|
||||
<script>
|
||||
if ('serviceWorker' in navigator) {
|
||||
window.addEventListener('load', function() {
|
||||
navigator.serviceWorker.register('/fetch/sec-metadata/resources/record-header.py?file=serviceworker-same-origin').then(function(registration) {
|
||||
navigator.serviceWorker.register('https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=serviceworker-same-origin').then(function(registration) {
|
||||
test_same_origin();
|
||||
|
||||
// uninstall the serviceworker after the test
|
||||
@ -32,20 +32,16 @@
|
||||
|
||||
<script>
|
||||
function test_same_origin(){
|
||||
var same_origin_test = async_test("Same-Origin serviceworker");
|
||||
same_origin_test.step(function () {
|
||||
key = "serviceworker-same-origin";
|
||||
expected_same_origin = {"destination":"serviceworker", "site":"same-origin"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_origin_xhr = new XMLHttpRequest();
|
||||
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
|
||||
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
|
||||
});
|
||||
same_origin_xhr.send();
|
||||
});
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "serviceworker-same-origin";
|
||||
let expected = {"destination":"serviceworker", "site":"same-origin"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
})
|
||||
})
|
||||
}
|
||||
</script>
|
||||
|
@ -23,22 +23,18 @@
|
||||
}
|
||||
|
||||
function test_same_origin(){
|
||||
var same_origin_test = async_test("Same-Origin sharedworker");
|
||||
same_origin_test.step(function () {
|
||||
key = "sharedworker-same-origin";
|
||||
expected_same_origin = {"destination":"sharedworker", "site":"same-origin"};
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "sharedworker-same-origin";
|
||||
let expected = {"destination":"sharedworker", "site":"same-origin"};
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_origin_xhr = new XMLHttpRequest();
|
||||
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
|
||||
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
|
||||
});
|
||||
same_origin_xhr.send();
|
||||
});
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
})
|
||||
}, "Same-Origin sharedworker")
|
||||
}
|
||||
</script>
|
||||
<body></body>
|
||||
|
||||
|
@ -1,75 +1,70 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html>
|
||||
<link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src=/fetch/sec-metadata/resources/helper.js></script>
|
||||
<body></body>
|
||||
<script>
|
||||
function test_same_origin() {
|
||||
var same_origin_test = async_test("Same-Origin style");
|
||||
same_origin_test.step(function () {
|
||||
key = "style-same-origin";
|
||||
expected_same_origin = {"destination":"style", "site":"same-origin"};
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "style-same-origin";
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_origin_xhr = new XMLHttpRequest();
|
||||
same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
let e = document.createElement('link');
|
||||
e.rel = "stylesheet";
|
||||
e.href = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"destination":"style", "site":"same-origin"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
|
||||
verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
|
||||
});
|
||||
same_origin_xhr.send();
|
||||
});
|
||||
}
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Origin style");
|
||||
|
||||
function test_same_site() {
|
||||
var same_site_test = async_test("Same-Site style");
|
||||
same_site_test.step(function () {
|
||||
key = "style-same-site";
|
||||
expected_same_site = {"destination":"style", "site":"same-site"};
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "style-same-site";
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
same_site_xhr = new XMLHttpRequest();
|
||||
same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
let e = document.createElement('link');
|
||||
e.rel = "stylesheet";
|
||||
e.href = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"destination":"style", "site":"same-site"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
|
||||
verify_response(same_site_xhr, same_site_test, expected_same_site)
|
||||
});
|
||||
same_site_xhr.send();
|
||||
});
|
||||
}
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Same-Site style");
|
||||
|
||||
function test_cross_site() {
|
||||
var cross_site_test = async_test("Cross-Site style");
|
||||
cross_site_test.step(function () {
|
||||
key = "style-cross-site";
|
||||
expected_cross_site = {"destination":"style", "site":"cross-site"};
|
||||
promise_test(t => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let key = "style-cross-site";
|
||||
|
||||
// Requests from the server the saved value of the Sec-Metadata header
|
||||
cross_site_xhr = new XMLHttpRequest();
|
||||
cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
|
||||
let e = document.createElement('link');
|
||||
e.rel = "stylesheet";
|
||||
e.href = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
|
||||
e.onload = e => {
|
||||
let expected = {"destination":"style", "site":"cross-site"};
|
||||
fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
|
||||
.then(response => response.text())
|
||||
.then(text => assert_header_equals(text, expected))
|
||||
.then(_ => resolve())
|
||||
.catch(e => reject(e));
|
||||
};
|
||||
|
||||
// Async test step triggered when the response is loaded
|
||||
cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
|
||||
verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
|
||||
});
|
||||
cross_site_xhr.send();
|
||||
});
|
||||
}
|
||||
document.body.appendChild(e);
|
||||
})
|
||||
}, "Cross-Site style");
|
||||
</script>
|
||||
<body>
|
||||
<!-- Same-Origin request -->
|
||||
<link href="https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=style-same-origin"
|
||||
rel="stylesheet" onload="test_same_origin()" onerror="test_same_origin()">
|
||||
|
||||
<!-- Same-Site request -->
|
||||
<link href="https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=style-same-site"
|
||||
rel="stylesheet" onload="test_same_site()" onerror="test_same_site()">
|
||||
|
||||
<!-- Cross-Site request -->
|
||||
<link href="https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=style-cross-site"
|
||||
rel="stylesheet" onload="test_cross_site()" onerror="test_cross_site()">
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user