| Index: third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-cookies.html
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-cookies.html b/third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-cookies.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..28f6ad271a0d29320bbc5ea0d04d6a36fd44d327
|
| --- /dev/null
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-cookies.html
|
| @@ -0,0 +1,81 @@
|
| +<!DOCTYPE html>
|
| +<title>Check request cookies for image resources with crossOrigin.</title>
|
| +<script src="../resources/testharness.js"></script>
|
| +<script src="../resources/testharnessreport.js"></script>
|
| +<script src="../resources/get-host-info.js?pipe=sub"></script>
|
| +<script>
|
| +if (window.testRunner)
|
| + testRunner.setAlwaysAcceptCookies(true);
|
| +
|
| +
|
| +function load_image(url, cross_origin) {
|
| + return new Promise(function(resolve, reject) {
|
| + var img = document.createElement('img');
|
| + document.body.appendChild(img);
|
| + img.onload = resolve;
|
| + img.onerror = reject;
|
| + if (cross_origin != '') {
|
| + img.crossOrigin = cross_origin;
|
| + }
|
| + img.src = url;
|
| + });
|
| +}
|
| +
|
| +function assert_resolves(promise, description) {
|
| + return promise.catch(function(reason) {
|
| + throw description + ' - ' + reason;
|
| + });
|
| +}
|
| +
|
| +promise_test(function(t) {
|
| + document.cookie = "TestCookie=same";
|
| + var host_info = get_host_info();
|
| + var RESOURCES_PATH = host_info['HTTP_ORIGIN'] + '/security/resources/';
|
| + var REMOTE_RESOURCES_PATH = host_info['HTTP_REMOTE_ORIGIN'] +
|
| + '/security/resources/';
|
| +
|
| + return fetch(new Request(REMOTE_RESOURCES_PATH + 'set-cookie.php?' +
|
| + 'name=TestCookie&value=cross',
|
| + {mode: 'no-cors', credentials: 'include'}))
|
| + .then(function() {
|
| + return Promise.all([
|
| + assert_resolves(
|
| + load_image(
|
| + RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', ''),
|
| + 'Same-origin request for a resource whose CORS setting is ' +
|
| + 'NoCORS must contain cookies.'),
|
| + assert_resolves(
|
| + load_image(
|
| + RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same',
|
| + 'anonymous'),
|
| + 'Same-origin request for a resource whose CORS setting is ' +
|
| + 'Anonymous must contain cookies.'),
|
| + assert_resolves(
|
| + load_image(
|
| + RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same',
|
| + 'use-credentials'),
|
| + 'Same-origin request for a resource whose CORS setting is ' +
|
| + 'UseCredentials must contain cookies.'),
|
| + assert_resolves(
|
| + load_image(
|
| + REMOTE_RESOURCES_PATH + 'abe-cookie-check.php?Cookie=cross',
|
| + ''),
|
| + 'Cross-origin request for a resource whose CORS setting is ' +
|
| + 'NoCORS must contain cookies.'),
|
| + assert_resolves(
|
| + load_image(
|
| + REMOTE_RESOURCES_PATH + 'abe-allow-star.php?Cookie=NotSet',
|
| + 'anonymous'),
|
| + 'Cross-origin request for a resource whose CORS setting is ' +
|
| + 'Anonymous must not contain cookies.'),
|
| + assert_resolves(
|
| + load_image(
|
| + REMOTE_RESOURCES_PATH + 'abe-allow-credentials.php?' +
|
| + 'Cookie=cross',
|
| + 'use-credentials'),
|
| + 'Cross-origin request for a resource whose CORS setting is ' +
|
| + 'UseCredentials must contain cookies.'),
|
| + ]);}
|
| + );
|
| + }, 'Check request cookies for image resources with crossOrigin.');
|
| +</script>
|
|
|
Chromium Code Reviews
Issue 1487343002:
Set credentials mode "same-origin" when crossOrigin=anonymous is set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master