LayoutTests/http/tests/htmlimports/redirect.html - Issue 149643003: Improve handling of CORS redirects for some resource loads.

Side by Side Diff: LayoutTests/http/tests/htmlimports/redirect.html

Issue 149643003: Improve handling of CORS redirects for some resource loads. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Use canRequest() when checking redirect origin; remove redundant null checks. Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 <!DOCTYPE html>	1 <!DOCTYPE html>

2 <html>	2 <html>

3 <head>	3 <head>

4 <script src="../../../resources/testharness.js"></script>	4 <script src="../../../resources/testharness.js"></script>

5 <script src="../../../resources/testharnessreport.js"></script>	5 <script src="../../../resources/testharnessreport.js"></script>

6 <link rel="help" "https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/imports /index.html#imported-document" />	6 <link rel="help" "https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/imports /index.html#imported-document" />

7	7

8 <link id="same" rel="import" href="http://127.0.0.1:8000/htmlimports/resour ces/hello.html">	8 <link id="same" rel="import" href="http://127.0.0.1:8000/htmlimports/resour ces/hello.html">

9 <link id="cors" rel="import" href="http://localhost:8000/htmlimports/resour ces/cors-basic.cgi">	9 <link id="cors" rel="import" href="http://localhost:8000/htmlimports/resour ces/cors-basic.cgi">

10 <link id="xs" rel="import" href="http://localhost:8000/htmlimports/resour ces/hello.html">	10 <link id="xs" rel="import" href="http://localhost:8000/htmlimports/resour ces/hello.html">

11	11

12 <link id="same-same" rel="import" href="/security/resources/redir.php?url=http:/ /127.0.0.1:8000/htmlimports/resources/hello.html">	12 <link id="same-same" rel="import" href="/security/resources/redir.php?url=http:/ /127.0.0.1:8000/htmlimports/resources/hello.html">

13 <link id="same-cors" rel="import" href="/security/resources/redir.php?url=http:/ /localhost:8000/htmlimports/resources/cors-basic.cgi">	13 <link id="same-cors" rel="import" href="/security/resources/redir.php?url=http:/ /localhost:8000/htmlimports/resources/cors-basic.cgi">

14 <link id="same-xs" rel="import" href="/security/resources/redir.php?url=http:/ /localhost:8000/htmlimports/resources/hello.html">	14 <link id="same-xs" rel="import" href="/security/resources/redir.php?url=http:/ /localhost:8000/htmlimports/resources/hello.html">

15	15

16 <!--

17 <link id="cors-same" rel="import" href="http://localhost:8000/security/resources /cors-redir.php?url=http://127.0.0.1:8000/htmlimports/resources/hello.html">

18 <link id="cors-xs" rel="import" href="http://localhost:8000/security/resources/c ors-redir.php?url=http://localhost:8000/htmlimports/resources/hello.html">

19

20 <link id="xs-same" rel="import" href="http://localhost:8000/security/resources /redir.php?url=http://127.0.0.1:8000/htmlimports/resources/hello.html">

21 <link id="xs-cors" rel="import" href="http://localhost:8000/security/resources /redir.php?url=http://127.0.0.1:8000/htmlimports/resources/cors-basic.cgi">

22

23 <link id="same-xs-same" rel="import" href="/security/resources/redir.php?url=h ttp%3A%2F%2Flocalhost%3A8000%2Fsecurity%2Fresources%2Fredir.php%3Furl%3Dhttp%3A% 2F%2F127.0.0.1%3A8000%2Fhtmlimports%2Fresources%2Fhello.html">

24 <link id="same-xs-cors" rel="import" href="/security/resources/redir.php?url=h ttp%3A%2F%2Flocalhost%3A8000%2Fsecurity%2Fresources%2Fredir.php%3Furl%3Dhttp%3A% 2F%2F127.0.0.1%3A8000%2Fhtmlimports%2Fresources%2Fcors-basic.cgi">

25 <link id="same-cors-same" rel="import" href="/security/resources/redir.php?url=h ttp%3A%2F%2Flocalhost%3A8000%2Fsecurity%2Fresources%2Fcors-redir.php%3Furl%3Dhtt p%3A%2F%2F127.0.0.1%3A8000%2Fhtmlimports%2Fresources%2Fhello.html">

26

27 <link id="cors-xs-same" rel="import" href="http://localhost:8000//security/res ources/cors-redir.php?url=http%3A%2F%2Flocalhost%3A8000%2Fsecurity%2Fresources%2 Fredir.php%3Furl%3Dhttp%3A%2F%2F127.0.0.1%3A8000%2Fhtmlimports%2Fresources%2Fhel lo.html">

28 -->

29

30 </head>	16 </head>

31 <body>	17 <body>

32 <script>	18 <script>

33 function assert_loaded(id)	19 function assert_loaded(id)

34 {	20 {

35 var target = document.getElementById(id);	21 var target = document.getElementById(id);

36 assert_true(target.import instanceof Document)	22 assert_true(target.import instanceof Document)

37 assert_true(0 <= target.import.querySelector("h1").innerHTML.indexOf("Hello" ));	23 assert_true(0 <= target.import.querySelector("h1").innerHTML.indexOf("Hello" ));

38 }	24 }

39	25

40 function assert_not_loaded(id)	26 function assert_not_loaded(id)

41 {	27 {

42 var target = document.getElementById(id);	28 var target = document.getElementById(id);

43 assert_equals(target.import, null);	29 assert_equals(target.import, null);

44 }	30 }

45	31

46 test(function() { assert_loaded("same"); }, "Accessing to a same origin import") ;	32 test(function() { assert_loaded("same"); }, "Accessing to a same origin import") ;

47 test(function() { assert_loaded("cors"); }, "Accessing to CORS-enabed origin imp ort");	33 test(function() { assert_loaded("cors"); }, "Accessing to CORS-enabled origin im port");

48 test(function() { assert_not_loaded("xs"); }, "Blocking access to a cross origin import");	34 test(function() { assert_not_loaded("xs"); }, "Blocking access to a cross origin import");

49	35

50 test(function() { assert_loaded("same-same"); }, "Accessing to a same origin imp ort including same domain redirect");	36 test(function() { assert_loaded("same-same"); }, "Accessing to a same origin imp ort including same domain redirect");

51 test(function() { assert_loaded("same-cors"); }, "Accessing to a CORS origin imp ort including same domain redirect");	37 test(function() { assert_loaded("same-cors"); }, "Accessing to a CORS origin imp ort including same domain redirect");

52 test(function() { assert_not_loaded("same-xs"); }, "Blocking access to a cross o rigin iamport including same domain redirect");	38 test(function() { assert_not_loaded("same-xs"); }, "Blocking access to a cross o rigin iamport including same domain redirect");

53	39

54 // These won't work becaue of https://crbug.com/256976

55 //test(function() { assert_loaded("cors-same"); }, "Accessing to a same origin i mport including CORS domain redirect");

56 //test(function() { assert_not_loaded("cors-xs"); }, "Blocking access to a cross origin import including CORS domain redirect");

57 //

58 //test(function() { assert_not_loaded("xs-same"); }, "Blocking access to a same origin import including cross domain redirect");

59 //test(function() { assert_not_loaded("xs-cors"); }, "Blocking access to a CORS origin import including cross domain redirect");

60 //

61 //test(function() { assert_not_loaded("same-xs-same"); }, "Blocking access to a same origin import including intermediate cross domain redirect");

62 //test(function() { assert_not_loaded("same-xs-cors"); }, "Blocking access to a CORS origin import including intermediate cross domain redirect");

63 //test(function() { assert_loaded("same-cors-same"); }, "Accessing to a same ori gin import including intermediate CORS domain redirect");

64 //

65 //test(function() { assert_not_loaded("cors-xs-same"); }, "Blocking access to a CORS requested but eventually same origin import including intermediate cross do main redirect");

66

67 </script>	40 </script>

68 </body>	41 </body>

69 </html>	42 </html>

OLD	NEW

« no previous file with comments | « no previous file | LayoutTests/http/tests/htmlimports/redirect-cross-origin.html » ('j') | no next file with comments »