OLD | NEW |
1 if (self.importScripts) { | 1 if (self.importScripts) { |
2 importScripts('/fetch/resources/fetch-test-helpers.js'); | 2 importScripts('/fetch/resources/fetch-test-helpers.js'); |
3 importScripts('/fetch/resources/thorough-util.js'); | 3 importScripts('/fetch/resources/thorough-util.js'); |
4 } | 4 } |
5 | 5 |
6 var TEST_TARGETS = [ | 6 var TEST_TARGETS = [ |
7 // Redirects to URLs with username/password. | 7 // Redirects to URLs with username/password; these requests are blocked. |
8 // Spec: https://fetch.spec.whatwg.org/#concept-http-fetch | 8 // |
| 9 // Spec: https://github.com/whatwg/fetch/pull/465 |
9 // Step 5, redirect status, Step 10.1 and 10.2: | 10 // Step 5, redirect status, Step 10.1 and 10.2: |
10 // "If |request|'s mode is "cors", |request|'s origin is not same origin with | 11 // "If |request|'s mode is "cors", |request|'s origin is not same origin with |
11 // |locationURL|'s origin, and |locationURL| includes credentials, return a | 12 // |locationURL|'s origin, and |locationURL| includes credentials, return a |
12 // network error." | 13 // network error." |
13 // "If the CORS flag is set and |locationURL| includes credentials, return | 14 // "If the CORS flag is set and |locationURL| includes credentials, return |
14 // a network error." | 15 // a network error." |
15 | 16 |
16 // Origin A -[fetch]-> Origin A -[redirect]-> Origin A | 17 // Origin A -[fetch]-> Origin A -[redirect]-> Origin A |
17 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) + | 18 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) + |
18 '&mode=same-origin&method=GET', | 19 '&mode=same-origin&method=GET', |
19 [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeBasic, | 20 [fetchRejected]], |
20 responseRedirected, checkURLList.bind(self, [BASE_URL_WITH_USERNAME])], | |
21 [methodIsGET]], | |
22 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) + | 21 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) + |
23 '&mode=same-origin&method=GET', | 22 '&mode=same-origin&method=GET', |
24 [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeBasic, | 23 [fetchRejected]], |
25 responseRedirected, checkURLList.bind(self, [BASE_URL_WITH_PASSWORD])], | |
26 [methodIsGET]], | |
27 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) + | 24 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) + |
28 '&mode=cors&method=GET', | 25 '&mode=cors&method=GET', |
29 [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeBasic, | 26 [fetchRejected]], |
30 responseRedirected, checkURLList.bind(self, [BASE_URL_WITH_USERNAME])], | |
31 [methodIsGET]], | |
32 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) + | 27 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) + |
33 '&mode=cors&method=GET', | 28 '&mode=cors&method=GET', |
34 [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeBasic, | 29 [fetchRejected]], |
35 responseRedirected, checkURLList.bind(self, [BASE_URL_WITH_PASSWORD])], | |
36 [methodIsGET]], | |
37 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) + | 30 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) + |
38 '&mode=no-cors&method=GET', | 31 '&mode=no-cors&method=GET', |
39 [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeBasic, | 32 [fetchRejected]], |
40 responseRedirected, checkURLList.bind(self, [BASE_URL_WITH_USERNAME])], | |
41 [methodIsGET]], | |
42 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) + | 33 [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) + |
43 '&mode=no-cors&method=GET', | 34 '&mode=no-cors&method=GET', |
44 [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeBasic, | 35 [fetchRejected]], |
45 responseRedirected, checkURLList.bind(self, [BASE_URL_WITH_PASSWORD])], | |
46 [methodIsGET]], | |
47 | 36 |
48 // Origin A -[fetch]-> Origin A -[redirect]-> Origin B | 37 // Origin A -[fetch]-> Origin A -[redirect]-> Origin B |
49 [REDIRECT_URL + | 38 [REDIRECT_URL + |
50 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') + | 39 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') + |
51 '&mode=cors&method=GET', | 40 '&mode=cors&method=GET', |
52 [fetchRejected]], | 41 [fetchRejected]], |
53 [REDIRECT_URL + | 42 [REDIRECT_URL + |
54 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') + | 43 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') + |
55 '&mode=cors&method=GET', | 44 '&mode=cors&method=GET', |
56 [fetchRejected]], | 45 [fetchRejected]], |
57 [REDIRECT_URL + | 46 [REDIRECT_URL + |
58 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') + | 47 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') + |
59 '&mode=no-cors&method=GET', | 48 '&mode=no-cors&method=GET', |
60 [fetchResolved, noContentLength, noServerHeader, noBody, typeOpaque, | 49 [fetchRejected]], |
61 responseNotRedirected, | |
62 checkURLList.bind(self, [OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*'])], | |
63 onlyOnServiceWorkerProxiedTest([methodIsGET])], | |
64 [REDIRECT_URL + | 50 [REDIRECT_URL + |
65 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') + | 51 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') + |
66 '&mode=no-cors&method=GET', | 52 '&mode=no-cors&method=GET', |
67 [fetchResolved, noContentLength, noServerHeader, noBody, typeOpaque, | 53 [fetchRejected]], |
68 responseNotRedirected, | |
69 checkURLList.bind(self, [OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*'])], | |
70 onlyOnServiceWorkerProxiedTest([methodIsGET])], | |
71 | 54 |
72 // Origin A -[fetch]-> Origin B -[redirect]-> Origin A | 55 // Origin A -[fetch]-> Origin B -[redirect]-> Origin A |
73 [OTHER_REDIRECT_URL + | 56 [OTHER_REDIRECT_URL + |
74 encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + | 57 encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + |
75 '&mode=cors&method=GET&ACAOrigin=*', | 58 '&mode=cors&method=GET&ACAOrigin=*', |
76 [fetchRejected]], | 59 [fetchRejected]], |
77 [OTHER_REDIRECT_URL + | 60 [OTHER_REDIRECT_URL + |
78 encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + | 61 encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + |
79 '&mode=cors&method=GET&ACAOrigin=*', | 62 '&mode=cors&method=GET&ACAOrigin=*', |
80 [fetchRejected]], | 63 [fetchRejected]], |
81 [OTHER_REDIRECT_URL + | 64 [OTHER_REDIRECT_URL + |
82 encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + | 65 encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + |
83 '&mode=no-cors&method=GET&ACAOrigin=*', | 66 '&mode=no-cors&method=GET&ACAOrigin=*', |
84 [fetchResolved, noContentLength, noServerHeader, noBody, typeOpaque, | 67 [fetchRejected]], |
85 responseNotRedirected, | |
86 checkURLList.bind(self, [BASE_URL_WITH_USERNAME + 'ACAOrigin=*'])], | |
87 onlyOnServiceWorkerProxiedTest([methodIsGET])], | |
88 [OTHER_REDIRECT_URL + | 68 [OTHER_REDIRECT_URL + |
89 encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + | 69 encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + |
90 '&mode=no-cors&method=GET&ACAOrigin=*', | 70 '&mode=no-cors&method=GET&ACAOrigin=*', |
91 [fetchResolved, noContentLength, noServerHeader, noBody, typeOpaque, | 71 [fetchRejected]], |
92 responseNotRedirected, | |
93 checkURLList.bind(self, [BASE_URL_WITH_PASSWORD + 'ACAOrigin=*'])], | |
94 onlyOnServiceWorkerProxiedTest([methodIsGET])], | |
95 | 72 |
96 // Origin A -[fetch]-> Origin B -[redirect]-> Origin B | 73 // Origin A -[fetch]-> Origin B -[redirect]-> Origin B |
97 [OTHER_REDIRECT_URL + | 74 [OTHER_REDIRECT_URL + |
98 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + | 75 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + |
99 '&mode=cors&method=GET&ACAOrigin=*', | 76 '&mode=cors&method=GET&ACAOrigin=*', |
100 [fetchRejected]], | 77 [fetchRejected]], |
101 [OTHER_REDIRECT_URL + | 78 [OTHER_REDIRECT_URL + |
102 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + | 79 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + |
103 '&mode=cors&method=GET&ACAOrigin=*', | 80 '&mode=cors&method=GET&ACAOrigin=*', |
104 [fetchRejected]], | 81 [fetchRejected]], |
105 [OTHER_REDIRECT_URL + | 82 [OTHER_REDIRECT_URL + |
106 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + | 83 encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') + |
107 '&mode=no-cors&method=GET&ACAOrigin=*', | 84 '&mode=no-cors&method=GET&ACAOrigin=*', |
108 [fetchResolved, noContentLength, noServerHeader, noBody, typeOpaque, | 85 [fetchRejected]], |
109 responseNotRedirected, | |
110 checkURLList.bind(self, [OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*'])], | |
111 onlyOnServiceWorkerProxiedTest([methodIsGET])], | |
112 [OTHER_REDIRECT_URL + | 86 [OTHER_REDIRECT_URL + |
113 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + | 87 encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') + |
114 '&mode=no-cors&method=GET&ACAOrigin=*', | 88 '&mode=no-cors&method=GET&ACAOrigin=*', |
115 [fetchResolved, noContentLength, noServerHeader, noBody, typeOpaque, | 89 [fetchRejected]], |
116 responseNotRedirected, | |
117 checkURLList.bind(self, [OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*'])], | |
118 onlyOnServiceWorkerProxiedTest([methodIsGET])], | |
119 ]; | 90 ]; |
120 | 91 |
121 if (self.importScripts) { | 92 if (self.importScripts) { |
122 executeTests(TEST_TARGETS); | 93 executeTests(TEST_TARGETS); |
123 done(); | 94 done(); |
124 } | 95 } |
OLD | NEW |