Cross-Origin-Resource-Policy tests #11171
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
annevk
reviewed
May 29, 2018
| loadScript(remoteBaseURL + "resources/script.py?corp=same&acao=*", ko); | ||
|
|
||
| title = "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header."; | ||
| loadScript(remoteBaseURL + "resources/script.py?corp=same-site&acao=*", ko); |
There was a problem hiding this comment.
Since remote host will be 'www1.' + ORIGINAL_HOST, wouldn't this be ok as it's same site?
There was a problem hiding this comment.
This concern applies more generally it seems.
| }, title); | ||
| } | ||
|
|
||
| title = "Same-origin script load with a 'Cross-Origin-Resource-Policy: same' response header."; |
There was a problem hiding this comment.
Can you change this to pass the title in as an argument? This seems like a rather strange style.
|
The other thing that'd be nice to test is ensuring the header is properly parsed. E.g., |
annevk
added a commit
that referenced
this pull request
Jun 8, 2018
annevk
added a commit
that referenced
this pull request
Jun 8, 2018
annevk
approved these changes
Jun 8, 2018
|
The reason this is timing out is because it changes |
annevk
added a commit
to whatwg/fetch
that referenced
this pull request
Jun 8, 2018
This header makes it easier for sites to block unwanted "no-cors" cross-origin requests. Tests: * web-platform-tests/wpt#11171 * web-platform-tests/wpt#11427 * web-platform-tests/wpt#11428 Follow-up: #760. Fixes #687.
annevk
force-pushed
the
wpt-export-for-webkit-185840
branch
from
d591b6a to
eab3b0e
Compare
annevk
added a commit
that referenced
this pull request
Jun 18, 2018
|
Rebase+merge button pressed as requested by @annevk on IRC. |
annevk
added a commit
that referenced
this pull request
Jun 18, 2018
annevk
added a commit
that referenced
this pull request
Jun 18, 2018
annevk
added a commit
that referenced
this pull request
Jun 18, 2018
annevk
added a commit
to whatwg/fetch
that referenced
this pull request
Jun 18, 2018
This header makes it easier for sites to block unwanted "no-cors" cross-origin requests. Tests: * web-platform-tests/wpt#11171 * web-platform-tests/wpt#11427 * web-platform-tests/wpt#11428 Follow-up: #760 & #767. Fixes #687.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These are initial tests targeting whatwg/fetch#733
These are based on https://bugs.webkit.org/show_bug.cgi?id=185840.