LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2.html - Issue 47923008: Block execution of failed 'crossorigin' <script>s.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2.html

Issue 47923008: Block execution of failed 'crossorigin' <script>s. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Rebased Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 <body>

	2 <p>This test passes if the inserted script fails to load due to CORS.</p>

	3 <pre></pre>

	4 <script>

	5 var result = 'PASS';

	6 </script>

	7 <!-- Non-CORS enabled script load, supplying credentials.

	8 Will execute as per-normal. -->

	9 <script src="http://localhost:8000/security/resources/cors-script.php?cors=false &credentials=true&value=FAIL"></script>

	10 <script>

	11 if (window.testRunner) {

	12 testRunner.dumpAsText();

	13 testRunner.waitUntilDone();

	14 }

	15

	16 // Reset the 'result' set by above external script.

	17 result = 'PASS';

	18

	19 function finish() {

	20 document.querySelector("pre").innerHTML = result;

	21 if (window.testRunner)

	22 testRunner.notifyDone();

	23 }

	24

	25 // Create new script of same cross-origin script as above,

	26 // but this time loaded following CORS.

	27 //

	28 // The response is missing a Access-Control-Access-Origin: header,

	29 // hence the CORS check must fail & error reported.

	30 var script = document.createElement("script");

	31 script.crossOrigin = "use-credentials";

	32 script.src = "http://localhost:8000/security/resources/cors-script.php?cors=fals e&credentials=true&value=FAIL";

	33

	34 script.onload = function() {

	35 result += " (loaded)";

	36 finish();

	37 }

	38

	39 script.onerror = function() {

	40 result = "PASS (expected error reported)";

	41 finish();

	42 }

	43 document.body.appendChild(script);

	44 </script>

OLD	NEW