From 3403f42f48d327f14ea68492ee548eed01e06c92 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Fri, 8 Jun 2018 12:48:10 +0200 Subject: [PATCH] Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction Supplements #11171. For https://github.com/whatwg/fetch/pull/733. --- .../resources/green.png | Bin 0 -> 87 bytes .../resources/hello.py | 6 ++++++ .../resources/image.py | 20 ++++++++++++++++++ .../scheme-restriction.any.js | 7 ++++++ .../scheme-restriction.https.window.js | 13 ++++++++++++ 5 files changed, 46 insertions(+) create mode 100644 fetch/cross-origin-resource-policy/resources/green.png create mode 100644 fetch/cross-origin-resource-policy/resources/hello.py create mode 100644 fetch/cross-origin-resource-policy/resources/image.py create mode 100644 fetch/cross-origin-resource-policy/scheme-restriction.any.js create mode 100644 fetch/cross-origin-resource-policy/scheme-restriction.https.window.js diff --git a/fetch/cross-origin-resource-policy/resources/green.png b/fetch/cross-origin-resource-policy/resources/green.png new file mode 100644 index 0000000000000000000000000000000000000000..28a1faab37797ef39454aa1deac1b470712f7be4 GIT binary patch literal 87 zcmeAS@N?(olHy`uVBq!ia0vp^DL`z*$P6SW{C@KnNHGWagt#*NXE2F7umZ^C_jGX# j(GX2ekYHV$kio>jw1 { + return promise_rejects(t, + new TypeError(), + fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" })); +}, "Cross-Origin-Resource-Policy: same-site's scheme restriction"); diff --git a/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js b/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js new file mode 100644 index 00000000000000..4c7457187419e0 --- /dev/null +++ b/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js @@ -0,0 +1,13 @@ +// META: script=/common/get-host-info.sub.js + +promise_test(t => { + const img = new Image(); + img.src = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site"; + return new Promise((resolve, reject) => { + img.onload = resolve; + img.onerror = reject; + document.body.appendChild(img); + }).finally(() => { + img.remove(); + }); +}, "Cross-Origin-Resource-Policy does not block Mixed Content ");