Update web-platform-tests to revision d04a8fc02b85bd32799691759c8c05ead07cd939

2025-08-06 06:00:15 +01:00 · 2018-03-23 21:12:55 -04:00 · 2018-03-23 21:12:55 -04:00 · 2b35c55ac7
commit 2b35c55ac7
parent e8fdc677f4
63 changed files with 2068 additions and 340 deletions
--- a/tests/wpt/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js
+++ b/tests/wpt/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js
@ -0,0 +1,49 @@
+// META: script=/common/utils.js
+// META: script=../resources/utils.js
+// META: script=/common/get-host-info.sub.js
+
+var redirectUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "redirect.py";
+var urlSetCookies1 = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
+var urlSetCookies2 = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
+var urlCheckCookies = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?cors&headers=cookie";
+
+var urlSetCookiesParameters = "?pipe=header(Access-Control-Allow-Origin," + location.origin + ")";
+urlSetCookiesParameters += "|header(Access-Control-Allow-Credentials,true)";
+
+urlSetCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1)";
+urlSetCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2)";
+
+urlClearCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1%3B%20max-age=0)";
+urlClearCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2%3B%20max-age=0)";
+
+promise_test(async (test) => {
+    await fetch(urlSetCookies1 + urlSetCookiesParameters1, {"credentials": "include", "mode": "cors"});
+    await fetch(urlSetCookies2 + urlSetCookiesParameters2, {"credentials": "include", "mode": "cors"});
+}, "Set cookies");
+
+function doTest(usePreflight) {
+    promise_test(async (test) => {
+        var url = redirectUrl;
+        var uuid_token = token();
+        var urlParameters = "?token=" + uuid_token + "&max_age=0";
+        urlParameters += "&redirect_status=301";
+        urlParameters += "&location=" + encodeURIComponent(urlCheckCookies);
+        urlParameters += "&allow_headers=a&headers=Cookie";
+        headers = [];
+        if (usePreflight)
+            headers.push(["a", "b"]);
+
+        var requestInit = {"credentials": "include", "mode": "cors", "headers": headers};
+        var response = await fetch(url + urlParameters, requestInit);
+
+        assert_equals(response.headers.get("x-request-cookie") , "a=2", "Request includes cookie(s)");
+    }, "Testing credentials after cross-origin redirection with CORS and " + (usePreflight ? "" : "no ") + "preflight");
+}
+
+doTest(false);
+doTest(true);
+
+promise_test(async (test) => {
+    await fetch(urlSetCookies1 + urlClearCookiesParameters1, {"credentials": "include", "mode": "cors"});
+    await fetch(urlSetCookies2 + urlClearCookiesParameters2, {"credentials": "include", "mode": "cors"});
+}, "Clean cookies");
--- a/tests/wpt/web-platform-tests/fetch/api/resources/inspect-headers.py
+++ b/tests/wpt/web-platform-tests/fetch/api/resources/inspect-headers.py
@ -16,7 +16,10 @@ def main(request, response):
        headers.append(("Access-Control-Allow-Methods", "GET, POST, HEAD"))
        exposed_headers = ["x-request-" + header for header in checked_headers]
        headers.append(("Access-Control-Expose-Headers", ", ".join(exposed_headers)))
-        headers.append(("Access-Control-Allow-Headers", ", ".join(request.headers)))
+        if "allow_headers" in request.GET:
+            headers.append(("Access-Control-Allow-Headers", request.GET['allow_headers']))
+        else:
+            headers.append(("Access-Control-Allow-Headers", ", ".join(request.headers)))

    headers.append(("content-type", "text/plain"))
    return headers, ""
--- a/tests/wpt/web-platform-tests/fetch/api/resources/redirect.py
+++ b/tests/wpt/web-platform-tests/fetch/api/resources/redirect.py
@ -7,10 +7,14 @@ def main(request, response):
    status = 302
    headers = [("Content-Type", "text/plain"),
               ("Cache-Control", "no-cache"),
-               ("Pragma", "no-cache"),
-               ("Access-Control-Allow-Origin", "*")]
-    token = None
+               ("Pragma", "no-cache")]
+    if "Origin" in request.headers:
+        headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "")))
+        headers.append(("Access-Control-Allow-Credentials", "true"))
+    else:
+        headers.append(("Access-Control-Allow-Origin", "*"))

+    token = None
    if "token" in request.GET:
        token = request.GET.first("token")
        data = request.server.stash.take(token)