Chromium Code Reviews Chromium Code Reviews
Issue 1487343002:
Set credentials mode "same-origin" when crossOrigin=anonymous is set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 <!DOCTYPE html> | |
| 2 <title>Check request cookies for image resources with crossOrigin.</title> | |
| 3 <script src="../resources/testharness.js"></script> | |
| 4 <script src="../resources/testharnessreport.js"></script> | |
| 5 <script src="../resources/get-host-info.js?pipe=sub"></script> | |
| 6 <script> | |
| 7 if (window.testRunner) | |
| 8 testRunner.setAlwaysAcceptCookies(true); | |
| 9 | |
| 10 | |
| 11 function load_image(url, cross_origin) { | |
| 12 return new Promise(function(resolve, reject) { | |
| 13 var img = document.createElement('img'); | |
| 14 document.body.appendChild(img); | |
| 15 img.onload = resolve; | |
| 16 img.onerror = reject; | |
| 17 if (cross_origin != '') { | |
| 18 img.crossOrigin = cross_origin; | |
| 19 } | |
| 20 img.src = url; | |
| 21 }); | |
| 22 } | |
| 23 | |
| 24 function assert_resolves(promise, description) { | |
| 25 return promise.catch(function(reason) { | |
| 26 throw description + ' - ' + reason; | |
| 27 }); | |
| 28 } | |
| 29 | |
| 30 promise_test(function(t) { | |
| 31 document.cookie="TestCookie=same"; | |
|
tyoshino (SeeGerritForStatus)
2015/12/08 11:30:31
put spaces around the first =
horo
2015/12/09 02:29:34
Done.
| |
| 32 var host_info = get_host_info(); | |
| 33 var RESOURCES_PATH = host_info['HTTP_ORIGIN'] + '/security/resources/'; | |
| 34 var REMOTE_RESOURCES_PATH = host_info['HTTP_REMOTE_ORIGIN'] + | |
| 35 '/security/resources/'; | |
| 36 | |
| 37 return fetch(new Request(REMOTE_RESOURCES_PATH + '/set-cookie.php?' + | |
|
tyoshino (SeeGerritForStatus)
2015/12/08 11:30:31
redundant /
horo
2015/12/09 02:29:34
Done.
| |
| 38 'name=TestCookie&value=cross', | |
| 39 {mode: 'no-cors', credentials: 'include'})) | |
| 40 .then(function() { | |
| 41 return Promise.all([ | |
| 42 assert_resolves( | |
| 43 load_image( | |
| 44 RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', ''), | |
| 45 'Same-origin request for a resource which CORS setting is ' + | |
| 46 'NoCORS must contain cookies.'), | |
|
tyoshino (SeeGerritForStatus)
2015/12/08 11:30:31
which -> for which
or
which -> whose
or
which
horo
2015/12/09 02:29:34
Done.
| |
| 47 assert_resolves( | |
| 48 load_image( | |
| 49 RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', | |
| 50 'anonymous'), | |
| 51 'Same-origin request for a resource which CORS setting is ' + | |
| 52 'Anonymous must contain cookies.'), | |
| 53 assert_resolves( | |
| 54 load_image( | |
| 55 RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', | |
| 56 'use-credentials'), | |
| 57 'Same-origin request for a resource which CORS setting is ' + | |
| 58 'UseCredentials must contain cookies.'), | |
| 59 assert_resolves( | |
| 60 load_image( | |
| 61 REMOTE_RESOURCES_PATH + 'abe-cookie-check.php?Cookie=cross', | |
| 62 ''), | |
| 63 'Cross-origin request for a resource which CORS setting is ' + | |
| 64 'NoCORS must contain cookies.'), | |
| 65 assert_resolves( | |
| 66 load_image( | |
| 67 REMOTE_RESOURCES_PATH + 'abe-allow-star.php?Cookie=NotSet', | |
| 68 'anonymous'), | |
| 69 'Cross-origin request for a resource which CORS setting is ' + | |
| 70 'Anonymous must not contain cookies.'), | |
| 71 assert_resolves( | |
| 72 load_image( | |
| 73 REMOTE_RESOURCES_PATH + 'abe-allow-credentials.php?' + | |
| 74 'Cookie=cross', | |
| 75 'use-credentials'), | |
| 76 'Cross-origin request for a resource which CORS setting is ' + | |
| 77 'UseCredentials must contain cookies.'), | |
| 78 ]);} | |
| 79 ); | |
| 80 }, 'Check request cookies for image resources with crossOrigin.'); | |
| 81 </script> | |
| OLD | NEW |
