Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(49)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors.html

Issue 135723008: Add CORS support for <link> elements. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Add setCrossOriginAccessControl() helper to avoid repetition matching CORS attribute value Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/security/link-crossorigin-stylesheet-anonymous-expected.txt ('k') | LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors.html
diff --git a/LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors.html b/LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors.html
new file mode 100644
index 0000000000000000000000000000000000000000..c17f2239870bce191f010496201061b933c0bac9
--- /dev/null
+++ b/LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors.html
@@ -0,0 +1,31 @@
+<!DOCTYPE HTML>
+<p>Test that a linked stylesheet with a crossorigin attribute does not load a cross-origin resource that isn't CORS enabled.</p>
+<pre></pre>
+<script>window.test_count = 8;</script>
+<script src="resources/link-crossorigin-common.js"></script>
+<link crossorigin="anonymous" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?1" onload="fail()" onerror="pass()">
+<link crossorigin="use-credentials" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?2" onload="fail()" onerror="pass()">
+<!-- Check that from-cache loads are also failing (and does not generate separate loads.) -->
+<link crossorigin="anonymous" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?1" onload="fail()" onerror="pass()">
+<link crossorigin="use-credentials" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?2" onload="fail()" onerror="pass()">
+<!-- These are same-origin and should load as the fetch wasn't out of origin -->
+<link crossorigin="anonymous" rel="stylesheet" href="resources/green-background.css?3" onload="pass()" onerror="fail()">
+<link crossorigin="use-credentials" rel="stylesheet" href="resources/green-background.css?4" onload="pass()" onerror="fail()">
+<script>
+// Test that dynamically inserted <link> elements are handled the same way.
+var link = document.createElement("link");
+link.rel = "stylesheet";
+link.crossOrigin = "anonymous";
+link.onload = fail;
+link.onerror = pass;
+link.href = "http://localhost:8080/security/resources/green-background.css?8";
+document.body.appendChild(link);
+
+link = document.createElement("link");
+link.rel = "stylesheet";
+link.crossOrigin = "use-credentials";
+link.onload = fail;
+link.onerror = pass;
+link.href = "http://localhost:8080/security/resources/green-background.css?9";
+document.body.appendChild(link);
+</script>
« no previous file with comments | « LayoutTests/http/tests/security/link-crossorigin-stylesheet-anonymous-expected.txt ('k') | LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698