Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(305)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-access-control-login.html

Issue 2651943002: Block subresource requests whose URLs include credentials. (Closed)
Patch Set: Test. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <script> 1 <script>
2 // Set authentication info 2 // Set authentication info
3 var port;
4 var w;
3 window.addEventListener("message", function(evt) { 5 window.addEventListener("message", function(evt) {
4 var port = evt.ports[0]; 6 if (evt.ports[0]) {
7 port = evt.ports[0];
5 document.cookie = 'cookie=' + evt.data.cookie; 8 document.cookie = 'cookie=' + evt.data.cookie;
6 var xhr = new XMLHttpRequest(); 9 w = window.open(window.location.protocol + "//" + evt.data.username + ":" + evt.data.password + "@" + window.location.hostname + ":" + window.location.port + "/serviceworker/resources/fetch-access-control.php?Auth&WINDOW", evt.data.user name);
7 xhr.addEventListener('load', function() { 10 } else {
8 port.postMessage({msg: 'LOGIN FINISHED'}); 11 w.close();
9 }, false); 12 w = null;
10 xhr.open('GET', 13 port.postMessage({msg: 'LOGIN FINISHED'});
11 './fetch-access-control.php?Auth', 14 }
12 true, 15 }, false);
13 evt.data.username, evt.data.password); 16 </script>
14 xhr.send();
15 }, false);
16 </script>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698