| Index: LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous.html
|
| diff --git a/LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous.html b/LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..cb3769efcffd06a2be63a7f7a0a54edfa30030df
|
| --- /dev/null
|
| +++ b/LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous.html
|
| @@ -0,0 +1,70 @@
|
| +<!DOCTYPE HTML>
|
| +<script src="/js-test-resources/js-test.js"></script>
|
| +<script>
|
| +description("Testing the handling of CORS-enabled script fetch in the presence of 'anonymous' redirects.");
|
| +
|
| +// Explain the short form descriptions ('=>' representing the redirect.)
|
| +debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
|
| +debug("");
|
| +
|
| +var redirect_cors = "anonymous";
|
| +
|
| +window.jsTestIsAsync = true;
|
| +if (window.testRunner)
|
| + testRunner.dumpAsText();
|
| +
|
| +function finish() {
|
| + if (window.testRunner)
|
| + finishJSTest();
|
| +}
|
| +
|
| +function fail() {
|
| + debug("FAIL: " + this.description);
|
| + runNextTest();
|
| +}
|
| +
|
| +function pass() {
|
| + debug("PASS: " + this.description);
|
| + runNextTest();
|
| +}
|
| +var tests = [
|
| + { description: "Anonymous request: anonymous => no-CORS script resource.",
|
| + url: "http://localhost:8000/security/resources/localScript.js",
|
| + // Redirect is allowed, but fails access check on the non-CORS resource.
|
| + success: false,
|
| + access: "anonymous"},
|
| + { description: "Anonymous request: anonymous => anonymous-CORS script resource.",
|
| + url: "http://localhost:8000/security/resources/script-allow-star.php",
|
| + // Redirect is allowed, and passes access check on the CORS resource.
|
| + success: true,
|
| + access: "anonymous"},
|
| + { description: "Credentialled request: anonymous => credentialled script resource (same origin.)",
|
| + url: "http://localhost:8000/security/resources/script-allow-credentials.php",
|
| + // Redirect is not allowed ('*' on the CORS redirect response), no access.
|
| + success: false,
|
| + access: "use-credentials"},
|
| + { description: "Credentialled request: anonymous => credentialled script resource (cross origin.)",
|
| + url: "http://127.0.0.1:8000/security/resources/script-allow-credentials.php",
|
| + // Redirect is not allowed ('*' on the CORS redirect response), no access.
|
| + success: false,
|
| + access: "use-credentials"},
|
| + ];
|
| +
|
| +function runNextTest() {
|
| + if (!tests.length) {
|
| + finish();
|
| + return;
|
| + }
|
| + var test = tests.shift();
|
| + var script = document.createElement("script");
|
| + script.onload = test.success ? pass : fail;
|
| + script.onerror = test.success ? fail : pass;
|
| + script.crossOrigin = test.access;
|
| + script.description = test.description;
|
| + var args = [ "mode=" + redirect_cors,
|
| + "url=" + test.url];
|
| + script.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
|
| + document.body.appendChild(script);
|
| +}
|
| +window.onload = runNextTest;
|
| +</script>
|
|
|
Chromium Code Reviews
Issue 149643003:
Improve handling of CORS redirects for some resource loads. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master