OLD | NEW |
(Empty) | |
| 1 importScripts("http://127.0.0.1:8000/resources/testharness.js"); |
| 2 importScripts("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/te
stharness-helper.js"); |
| 3 |
| 4 // Same-origin |
| 5 async_test(t => { |
| 6 var url = "http://127.0.0.1:8000/security/resources/cors-hello.php?same-origin
-fetch"; |
| 7 assert_no_csp_event_for_url(t, url); |
| 8 |
| 9 fetch(url) |
| 10 .then(t.step_func_done(r => assert_equals(r.status, 200))); |
| 11 }, "Same-origin 'fetch()' in " + self.location.protocol); |
| 12 |
| 13 async_test(t => { |
| 14 var url = "http://127.0.0.1:8000/security/resources/cors-hello.php?same-origin
-xhr"; |
| 15 assert_no_csp_event_for_url(t, url); |
| 16 |
| 17 var xhr = new XMLHttpRequest(); |
| 18 try { |
| 19 xhr.open("GET", url); |
| 20 t.done(); |
| 21 } catch (e) { |
| 22 assert_unreached(); |
| 23 } |
| 24 xhr.send(); |
| 25 }, "Same-origin XHR in " + self.location.protocol); |
| 26 |
| 27 // Cross-origin |
| 28 async_test(t => { |
| 29 var url = "http://example.test:8000/security/resources/cors-hello.php?cross-or
igin-fetch"; |
| 30 |
| 31 Promise.all([ |
| 32 waitUntilCSPEventForURL(t, url), |
| 33 fetch(url) |
| 34 .catch(t.step_func(e => assert_true(e instanceof TypeError))) |
| 35 ]).then(_ => t.done()); |
| 36 }, "Cross-origin 'fetch()' in " + self.location.protocol); |
| 37 |
| 38 async_test(t => { |
| 39 var url = "http://example.test:8000/security/resources/cors-hello.php?cross-or
igin-xhr"; |
| 40 |
| 41 Promise.all([ |
| 42 waitUntilCSPEventForURL(t, url), |
| 43 new Promise((resolve, reject) => { |
| 44 var xhr = new XMLHttpRequest(); |
| 45 try { |
| 46 xhr.open("GET", url); |
| 47 reject("xhr.open should have thrown"); |
| 48 } catch (e) { |
| 49 resolve(); |
| 50 } |
| 51 }) |
| 52 ]).then(_ => t.done()); |
| 53 }, "Cross-origin XHR in " + self.location.protocol); |
| 54 |
| 55 // Same-origin redirecting to cross-origin |
| 56 async_test(t => { |
| 57 var url = "http://127.0.0.1:8000/security/resources/redir.php?url=http://examp
le.test:8000/security/resources/cors-hello.php?cross-origin-fetch"; |
| 58 // TODO(mkwst): The event should be firing. :( |
| 59 |
| 60 fetch(url) |
| 61 .catch(t.step_func_done(e => assert_true(e instanceof TypeError))) |
| 62 }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol); |
| 63 |
| 64 done(); |
OLD | NEW |