Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(420)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors.html

Issue 149643003: Improve handling of CORS redirects for some resource loads. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Use canRequest() when checking redirect origin; remove redundant null checks. Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/security/img-crossorigin-redirect-credentials-expected.txt ('k') | LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors.html
diff --git a/LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors.html b/LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors.html
new file mode 100644
index 0000000000000000000000000000000000000000..e4413dd4fa5bf96714ddd2e98ced2740390c17e3
--- /dev/null
+++ b/LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors.html
@@ -0,0 +1,68 @@
+<!DOCTYPE HTML>
+<script src="/js-test-resources/js-test.js"></script>
+<script>
+description("Testing the handling of CORS-enabled fetch in the presence of 'No CORS' redirects.");
+
+// Explain the short form descriptions ('=>' representing the redirect.)
+debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
+debug("");
+
+var redirect_cors = "no";
+
+window.jsTestIsAsync = true;
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+function finish() {
+ if (window.testRunner)
+ finishJSTest();
+}
+
+function fail() {
+ debug("FAIL: " + this.description);
+ runNextTest();
+}
+
+function pass() {
+ debug("PASS: " + this.description);
+ runNextTest();
+}
+
+// All redirects are non-CORS, no fetches expected to complete.
+var tests = [
+ { description: "Anonymous request: no-CORS => no-CORS image resource.",
+ url: "http://localhost:8000/security/resources/abe.png",
+ success: false,
+ access: "anonymous"},
+ { description: "Anonymous request: no-CORS => anonymous-CORS image resource.",
+ url: "http://localhost:8000/security/resources/abe-allow-star.php",
+ success: false,
+ access: "anonymous"},
+ { description: "Credentialled request: no-CORS => credential-CORS image resource (same origin.)",
+ url: "http://localhost:8000/security/resources/abe-allow-credentials.php",
+ success: false,
+ access: "use-credentials"},
+ { description: "Credentialled request: no-CORS => credential-CORS image resource (cross origin.)",
+ url: "http://127.0.0.1:8000/security/resources/abe-allow-credentials.php",
+ success: false,
+ access: "use-credentials"},
+ ];
+
+function runNextTest() {
+ if (!tests.length) {
+ finish();
+ return;
+ }
+ var test = tests.shift();
+ var img = new Image();
+ img.onload = test.success ? pass : fail;
+ img.onerror = test.success ? fail : pass;
+ img.crossOrigin = test.access;
+ img.description = test.description;
+ var args = [ "mode=" + redirect_cors,
+ "url=" + test.url];
+ img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
+ document.body.appendChild(img);
+}
+window.onload = runNextTest;
+</script>
« no previous file with comments | « LayoutTests/http/tests/security/img-crossorigin-redirect-credentials-expected.txt ('k') | LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698