Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous.html

Issue 149643003: Improve handling of CORS redirects for some resource loads. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Use canRequest() when checking redirect origin; remove redundant null checks. Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/resources/script-allow-star.php ('k') | LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 <!DOCTYPE HTML>
2 <script src="/js-test-resources/js-test.js"></script>
3 <script>
4 description("Testing the handling of CORS-enabled script fetch in the presence o f 'anonymous' redirects.");
5
6 // Explain the short form descriptions ('=>' representing the redirect.)
7 debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CO RS type' => 'resource'");
8 debug("");
9
10 var redirect_cors = "anonymous";
11
12 window.jsTestIsAsync = true;
13 if (window.testRunner)
14 testRunner.dumpAsText();
15
16 function finish() {
17 if (window.testRunner)
18 finishJSTest();
19 }
20
21 function fail() {
22 debug("FAIL: " + this.description);
23 runNextTest();
24 }
25
26 function pass() {
27 debug("PASS: " + this.description);
28 runNextTest();
29 }
30 var tests = [
31 { description: "Anonymous request: anonymous => no-CORS script resource.",
32 url: "http://localhost:8000/security/resources/localScript.js",
33 // Redirect is allowed, but fails access check on the non-CORS resource.
34 success: false,
35 access: "anonymous"},
36 { description: "Anonymous request: anonymous => anonymous-CORS script resour ce.",
37 url: "http://localhost:8000/security/resources/script-allow-star.php",
38 // Redirect is allowed, and passes access check on the CORS resource.
39 success: true,
40 access: "anonymous"},
41 { description: "Credentialled request: anonymous => credentialled script res ource (same origin.)",
42 url: "http://localhost:8000/security/resources/script-allow-credentials.ph p",
43 // Redirect is not allowed ('*' on the CORS redirect response), no access.
44 success: false,
45 access: "use-credentials"},
46 { description: "Credentialled request: anonymous => credentialled script res ource (cross origin.)",
47 url: "http://127.0.0.1:8000/security/resources/script-allow-credentials.ph p",
48 // Redirect is not allowed ('*' on the CORS redirect response), no access.
49 success: false,
50 access: "use-credentials"},
51 ];
52
53 function runNextTest() {
54 if (!tests.length) {
55 finish();
56 return;
57 }
58 var test = tests.shift();
59 var script = document.createElement("script");
60 script.onload = test.success ? pass : fail;
61 script.onerror = test.success ? fail : pass;
62 script.crossOrigin = test.access;
63 script.description = test.description;
64 var args = [ "mode=" + redirect_cors,
65 "url=" + test.url];
66 script.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
67 document.body.appendChild(script);
68 }
69 window.onload = runNextTest;
70 </script>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/resources/script-allow-star.php ('k') | LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698