OLD | NEW |
1 <html> | 1 <html> |
2 <head> | 2 <head> |
3 </head> | 3 </head> |
4 <body> | 4 <body> |
5 | 5 |
6 <p>This test does cross-site XHR fetches of documents with the Same Origin | 6 <p>This test does cross-site XHR fetches of documents with the Same Origin |
7 Policy turned off in the renderer. The Same Origin Policy can be circumvented | 7 Policy turned off in the renderer. The Same Origin Policy can be circumvented |
8 when the renderer is compromised, but site isolation ought to block cross-site | 8 when the renderer is compromised, but site isolation ought to block cross-site |
9 documents at the IPC layer.</p> | 9 documents at the IPC layer.</p> |
10 | 10 |
(...skipping 14 matching lines...) Expand all Loading... |
25 // block requests in the render process -- in that case the blocked | 25 // block requests in the render process -- in that case the blocked |
26 // response was replaced with the literal string " ". That flag has been | 26 // response was replaced with the literal string " ". That flag has been |
27 // removed (circa June 2015), but when browser process document blocking | 27 // removed (circa June 2015), but when browser process document blocking |
28 // is implemented, we may wish to update this test accordingly. | 28 // is implemented, we may wish to update this test accordingly. |
29 var wasBlocked = xhr.responseText == " "; | 29 var wasBlocked = xhr.responseText == " "; |
30 document.getElementById("response_body").value += | 30 document.getElementById("response_body").value += |
31 ("\n" + "response to " + resourceUrl + "(" + | 31 ("\n" + "response to " + resourceUrl + "(" + |
32 xhr.getResponseHeader("content-type") + ") " + | 32 xhr.getResponseHeader("content-type") + ") " + |
33 (wasBlocked ? "blocked" : "not-blocked")); | 33 (wasBlocked ? "blocked" : "not-blocked")); |
34 | 34 |
35 domAutomationController.setAutomationId(0); | |
36 domAutomationController.send(wasBlocked); | 35 domAutomationController.send(wasBlocked); |
37 } | 36 } |
38 } | 37 } |
39 xhr.open('GET', pathPrefix + resourceUrl); | 38 xhr.open('GET', pathPrefix + resourceUrl); |
40 xhr.send(); | 39 xhr.send(); |
41 } | 40 } |
42 | 41 |
43 window.onload = function() { | 42 window.onload = function() { |
44 // The call to pushState with another domain will succeed, since the | 43 // The call to pushState with another domain will succeed, since the |
45 // test uses --disable-web-security. | 44 // test uses --disable-web-security. |
46 history.pushState('', '', 'http://bar.com/files/main.html'); | 45 history.pushState('', '', 'http://bar.com/files/main.html'); |
47 } | 46 } |
48 </script> | 47 </script> |
49 <textarea rows=20 cols=50 id='response_body'></textarea> | 48 <textarea rows=20 cols=50 id='response_body'></textarea> |
50 </body> | 49 </body> |
51 </html> | 50 </html> |
OLD | NEW |