Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1562)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php

Issue 2345463002: Fix PingLoader to omit credentials for cross-origin violation reports (Closed)
Patch Set: Rebase Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php
index d0a0868e18d386d9d1f91c0750c686173fcb3199..e06fca71f0e654c9660f3048c3158b9fed91364c 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php
@@ -4,19 +4,29 @@ header("Content-Security-Policy: img-src 'none'; report-uri http://localhost:808
<!DOCTYPE html>
<html>
<head>
- <script src="resources/report-test.js"></script>
+ <script src="resources/report-test.js"></script>
</head>
<body>
<script>
- var xhr = new XMLHttpRequest();
- xhr.open("GET", "http://localhost:8080/cookies/resources/setCookies.cgi", false);
- xhr.setRequestHeader("SET-COOKIE", "cspViolationReportCookie=crossOrigin;path=/");
- xhr.send(null);
-</script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ testRunner.setBlockThirdPartyCookies(false);
+}
-<!-- This image will generate a CSP violation report. -->
-<img src="/security/resources/abe.png">
+fetch(
+ "http://localhost:8080/security/resources/set-cookie.php?name=cspViolationReportCookie&value=crossOrigin",
+ {mode: 'no-cors', credentials: 'include'})
+ .then(() => {
+ // This image will generate a CSP violation report.
+ const img = new Image();
-<script src='resources/go-to-echo-report.js'></script>
+ img.onerror = () => {
+ window.location = "/security/contentSecurityPolicy/resources/echo-report.php?test=report-cross-origin-no-cookies.php";
+ };
+ img.src = "/security/resources/abe.png";
+ document.body.appendChild(img);
+ });
+</script>
</body>
</html>
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698