third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html - Issue 2290193003: Include the Origin header for XHR and Fetch API even if the request is same-origin

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html

Issue 2290193003: Include the Origin header for XHR and Fetch API even if the request is same-origin

Patch Set: a Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-header-same-origin-get-sync-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-allowed-with-disabled-web-security-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <body>	1 <body>

2 This tests an isolated script's ability to XHR a blob that is in its security or igin, which is not the same as the document's security origin.<br>	2 This tests an isolated script's ability to XHR a blob that is in its security or igin, which is not the same as the document's security origin.<br>

3 We pass if there are no console errors.	3 We pass if there are no console errors.

4 <script>	4 <script>

5 if (!window.testRunner) {	5 if (!window.testRunner) {

6 document.body.appendChild(document.createTextNode("This test requires window .testRunner"));	6 document.body.appendChild(document.createTextNode("This test requires window .testRunner"));

7 } else {	7 } else {

8 testRunner.dumpAsText();	8 testRunner.dumpAsText();

9 testRunner.setIsolatedWorldSecurityOrigin(1, "chrome-extension://123");	9 // We're using a fake HTTP URL instead of chrome-extension: URL which is

10 testRunner.evaluateScriptInIsolatedWorld(1, "var xhr = new XMLHttpRequest(); xhr.open('GET', 'blob:chrome-extension://123/456789', false); xhr.send();");	10 // the most common use case of isolated world. This is because the

	11 // ResourceDispatcherHostImpl validates Origin headers received from a

	12 // renderer by consulting the ChildProcessSecurityPolicyImpl, and it

	13 // doesn't allow the chrome-extension scheme in the content_shell. Instead

	14 // of adding more test infrastructure for allowing the scheme, we chose to

	15 // use the safe HTTP scheme as it's sufficient for the purpose of this test

	16 // case.

	17 testRunner.setIsolatedWorldSecurityOrigin(1, "http://123");

	18 testRunner.evaluateScriptInIsolatedWorld(1, "var xhr = new XMLHttpRequest(); xhr.open('GET', 'blob:http://123/456789', false); xhr.send();");

11 }	19 }

12 </script>	20 </script>

13 </body>	21 </body>

OLD	NEW