| OLD | NEW |
|---|
| (Empty) | |
| 1 <!DOCTYPE html> |
| 2 <title>Check request cookies for image resources with crossOrigin.</title> |
| 3 <script src="../resources/testharness.js"></script> |
| 4 <script src="../resources/testharnessreport.js"></script> |
| 5 <script src="../resources/get-host-info.js?pipe=sub"></script> |
| 6 <script> |
| 7 if (window.testRunner) |
| 8 testRunner.setAlwaysAcceptCookies(true); |
| 9 |
| 10 |
| 11 function load_image(url, cross_origin) { |
| 12 return new Promise(function(resolve, reject) { |
| 13 var img = document.createElement('img'); |
| 14 document.body.appendChild(img); |
| 15 img.onload = resolve; |
| 16 img.onerror = reject; |
| 17 if (cross_origin != '') { |
| 18 img.crossOrigin = cross_origin; |
| 19 } |
| 20 img.src = url; |
| 21 }); |
| 22 } |
| 23 |
| 24 function assert_resolves(promise, description) { |
| 25 return promise.catch(function(reason) { |
| 26 throw description + ' - ' + reason; |
| 27 }); |
| 28 } |
| 29 |
| 30 promise_test(function(t) { |
| 31 document.cookie = "TestCookie=same"; |
| 32 var host_info = get_host_info(); |
| 33 var RESOURCES_PATH = host_info['HTTP_ORIGIN'] + '/security/resources/'; |
| 34 var REMOTE_RESOURCES_PATH = host_info['HTTP_REMOTE_ORIGIN'] + |
| 35 '/security/resources/'; |
| 36 |
| 37 return fetch(new Request(REMOTE_RESOURCES_PATH + 'set-cookie.php?' + |
| 38 'name=TestCookie&value=cross', |
| 39 {mode: 'no-cors', credentials: 'include'})) |
| 40 .then(function() { |
| 41 return Promise.all([ |
| 42 assert_resolves( |
| 43 load_image( |
| 44 RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', ''), |
| 45 'Same-origin request for a resource whose CORS setting is ' + |
| 46 'NoCORS must contain cookies.'), |
| 47 assert_resolves( |
| 48 load_image( |
| 49 RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', |
| 50 'anonymous'), |
| 51 'Same-origin request for a resource whose CORS setting is ' + |
| 52 'Anonymous must contain cookies.'), |
| 53 assert_resolves( |
| 54 load_image( |
| 55 RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', |
| 56 'use-credentials'), |
| 57 'Same-origin request for a resource whose CORS setting is ' + |
| 58 'UseCredentials must contain cookies.'), |
| 59 assert_resolves( |
| 60 load_image( |
| 61 REMOTE_RESOURCES_PATH + 'abe-cookie-check.php?Cookie=cross', |
| 62 ''), |
| 63 'Cross-origin request for a resource whose CORS setting is ' + |
| 64 'NoCORS must contain cookies.'), |
| 65 assert_resolves( |
| 66 load_image( |
| 67 REMOTE_RESOURCES_PATH + 'abe-allow-star.php?Cookie=NotSet', |
| 68 'anonymous'), |
| 69 'Cross-origin request for a resource whose CORS setting is ' + |
| 70 'Anonymous must not contain cookies.'), |
| 71 assert_resolves( |
| 72 load_image( |
| 73 REMOTE_RESOURCES_PATH + 'abe-allow-credentials.php?' + |
| 74 'Cookie=cross', |
| 75 'use-credentials'), |
| 76 'Cross-origin request for a resource whose CORS setting is ' + |
| 77 'UseCredentials must contain cookies.'), |
| 78 ]);} |
| 79 ); |
| 80 }, 'Check request cookies for image resources with crossOrigin.'); |
| 81 </script> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1487343002:
Set credentials mode "same-origin" when crossOrigin=anonymous is set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master