Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Unified Diff: third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php

Issue 2651943002: Block subresource requests whose URLs include credentials. (Closed)
Patch Set: Test. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php
diff --git a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php b/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php
index 2965c957d63ea16558a2c9fc910b1ead78d898e4..7ee1e711546bc3724f82892ad115bf97469ddd00 100644
--- a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php
+++ b/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php
@@ -5,8 +5,12 @@
if (window.testRunner)
testRunner.dumpAsText();
-req = new XMLHttpRequest;
-req.open('POST', '<?php echo 'http://foo:bar@' . $_SERVER['HTTP_HOST'] . '/xmlhttprequest/resources/echo-auth.php' ?>', false, null, null);
-req.send();
-document.getElementById('syncResult').firstChild.nodeValue = req.responseText;
+try {
+ req = new XMLHttpRequest;
+ req.open('POST', '<?php echo 'http://foo:bar@' . $_SERVER['HTTP_HOST'] . '/xmlhttprequest/resources/echo-auth.php' ?>', false, null, null);
+ req.send();
+ console.log("Fail: credentialed URLs should throw.");
+} catch (e) {
+ console.log("Pass: credentialed URL threw.");
+}
</script>

Powered by Google App Engine
This is Rietveld 408576698