Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-16 19:05:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision b'7af9d6ec48ab04043a2bea85a3599904a1a19efa'

Browse source
This commit is contained in:
WPT Sync Bot 2021-02-21 08:20:50 +00:00 committed by Josh Matthews
parent 8050c95e31
commit 87be1008de
2742 changed files with 142451 additions and 40667 deletions
Download patch file Download diff file Expand all files Collapse all files

25
tests/wpt/web-platform-tests/web-bundle/subresource-loading/check-cookie-and-return-bundle.py Normal file
View file

@ -0,0 +1,25 @@
import os
def main(request, response):
origin = request.headers.get(b"origin")
if origin is not None:
response.headers.set(b"Access-Control-Allow-Origin", origin)
response.headers.set(b"Access-Control-Allow-Methods", b"GET")
response.headers.set(b"Access-Control-Allow-Credentials", b"true")
headers = [
(b"Content-Type", b"application/webbundle"),
(b"X-Content-Type-Options", b"nosniff"),
]
cookie = request.cookies.first(b"milk", None)
if (cookie is not None) and cookie.value == b"1":
with open(
os.path.join(os.path.dirname(__file__), "../resources/wbn/subresource.wbn"),
"rb",
) as f:
return (200, headers, f.read())
else:
return (400, [], "")

113
tests/wpt/web-platform-tests/web-bundle/subresource-loading/subframe-from-web-bundle.tentative.html
View file

@ -9,27 +9,98 @@
<body>
<script>
promise_test(async () => {
const frame_url = 'urn:uuid:429fcc4e-0696-4bad-b099-ee9175f023ae';
const link = document.createElement('link');
link.rel = 'webbundle';
link.href = '../resources/wbn/urn-uuid.wbn';
link.resources = frame_url;
document.body.appendChild(link);
const message_promisse = new Promise((resolve) => {
window.addEventListener('message', (e) => {
resolve(e.data);
});
});
const iframe = document.createElement('iframe');
iframe.src = frame_url;
document.body.appendChild(iframe);
assert_equals(
await message_promisse,
'subframe loaded from WBN: location = ' + frame_url);
document.body.removeChild(link);
document.body.removeChild(iframe);
}, "Subframe load from Web Bundle");
const frame_url = 'urn:uuid:429fcc4e-0696-4bad-b099-ee9175f023ae';
urn_uuid_iframe_test(
'location.href',
frame_url,
'location.href in urn uuid iframe.');
urn_uuid_iframe_test(
'(' + (() => {
try {
let result = window.localStorage;
return 'no error';
} catch (e) {
return e.name;
}
}).toString() + ')()',
'SecurityError',
'Accesing window.localStorage should throw a SecurityError.');
urn_uuid_iframe_test(
'(' + (() => {
try {
let result = window.sessionStorage;
return 'no error';
} catch (e) {
return e.name;
}
}).toString() + ')()',
'SecurityError',
'Accesing window.sessionStorage should throw a SecurityError.');
urn_uuid_iframe_test(
'(' + (() => {
try {
let result = document.cookie;
return 'no error';
} catch (e) {
return e.name;
}
}).toString() + ')()',
'SecurityError',
'Accesing document.cookie should throw a SecurityError.');
urn_uuid_iframe_test(
'(' + (() => {
try {
let request = window.indexedDB.open("db");
return 'no error';
} catch (e) {
return e.name;
}
}).toString() + ')()',
'SecurityError',
'Opening an indexedDB should throw a SecurityError.');
urn_uuid_iframe_test(
'window.caches === undefined',
true,
'window.caches should be undefined.');
function urn_uuid_iframe_test(code, expected, name) {
promise_test(async () => {
const link = document.createElement('link');
link.rel = 'webbundle';
link.href = '../resources/wbn/urn-uuid.wbn';
link.resources = frame_url;
document.body.appendChild(link);
const iframe = document.createElement('iframe');
iframe.src = frame_url;
const load_promise = new Promise((resolve) => {
iframe.addEventListener('load', resolve);
});
document.body.appendChild(iframe);
await load_promise;
assert_equals(
await evalInIframe(iframe, code),
expected);
document.body.removeChild(link);
document.body.removeChild(iframe);
}, name);
}
async function evalInIframe(iframe, code) {
const message_promise = new Promise((resolve) => {
const listener = (e) => {
window.removeEventListener('message', listener);
resolve(e.data);
}
window.addEventListener('message', listener);
});
iframe.contentWindow.postMessage(code,'*');
return message_promise;
}
</script>
</body>

55
tests/wpt/web-platform-tests/web-bundle/subresource-loading/subresource-loading-cors-error.tentative.html Normal file
View file

@ -0,0 +1,55 @@
<!DOCTYPE html>
<title>Cross origin WebBundle subresource loading (error case)</title>
<link
rel="help"
href="https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md"
/>
<link
rel="help"
href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../resources/test-helpers.js"></script>
<body>
<!--
This wpt should run on an origin different from https://web-platform.test:8444/,
from where cross-orign WebBundles are served.
This test uses a cross-origin WebBundle,
https://web-platform.test:8444/web-bundle/resources/wbn/no-cors/cross-origin.wbn,
which is served *without* an Access-Control-Allow-Origin response header.
`cross-origin.wbn` includes two subresources:
a. `resource.cors.js`, which includes an Access-Control-Allow-Origin response header.
b. `resource.no-cors.js`, which doesn't include an Access-Control-Allow-Origin response header.
-->
<script>
promise_test(async () => {
const prefix =
"https://web-platform.test:8444/web-bundle/resources/wbn/no-cors/";
const resources = [
prefix + "resource.cors.js",
prefix + "resource.no-cors.js",
];
for (const crossorigin_attribute_value of [
undefined, // crossorigin attribute is not set
"anonymous",
"use-credential",
]) {
const link = await addLinkAndWaitForError(
prefix + "cross-origin.wbn",
resources,
crossorigin_attribute_value
);
// A subresource in the bundle can not be used in any case.
for (const resource of resources) {
await fetchAndWaitForReject(resource);
await addScriptAndWaitForError(resource);
}
link.remove();
}
}, "Use CORS if crossorigin=anonymous or crossorigin=use-credential is specified. A cross origin bundle must not be loaded unless a server returns a valid Access-Control-Allow-Origin header.");
</script>
</body>

70
tests/wpt/web-platform-tests/web-bundle/subresource-loading/subresource-loading-cors.tentative.html Normal file
View file

@ -0,0 +1,70 @@
<!DOCTYPE html>
<title>Cross origin WebBundle subresource loading</title>
<link
rel="help"
href="https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md"
/>
<link
rel="help"
href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../resources/test-helpers.js"></script>
<body>
<!--
This wpt should run on an origin different from https://web-platform.test:8444/,
from where cross-orign WebBundles are served.
This test uses a cross-origin WebBundle,
https://web-platform.test:8444/web-bundle/resources/wbn/cors/cross-origin.wbn,
which is served with an Access-Control-Allow-Origin response header.
`cross-origin.wbn` includes two subresources:
a. `resource.cors.json`, which includes an Access-Control-Allow-Origin response header.
b. `resource.no-cors.json`, which doesn't include an Access-Control-Allow-Origin response header.
-->
<script>
promise_test(async () => {
const prefix =
"https://web-platform.test:8444/web-bundle/resources/wbn/cors/";
const resources = [
prefix + "resource.cors.js",
prefix + "resource.no-cors.js",
];
for (const crossorigin_attribute_value of [
undefined, // crossorigin attribute is not set
"anonymous",
"use-credential",
]) {
const link = await addLinkAndWaitForLoad(
prefix + "cross-origin.wbn",
resources,
crossorigin_attribute_value
);
// Can fetch a subresource which has a valid Access-Control-Allow-Origin response header.
const response = await fetch(prefix + "resource.cors.js");
assert_true(response.ok);
const text = await response.text();
assert_equals(text, "scriptLoaded('resource.cors.js');");
// Can not fetch a subresource which does NOT have a valid
// Access-Control-Allow-Origin response header.
await fetchAndWaitForReject(prefix + "resource.no-cors.js");
// Both subresource js can be loaded via a <script> element, which doesn't use cors.
for (const resource of resources) {
const scriptEvaluted = new Promise((resolve, reject) => {
window.scriptLoaded = resolve;
});
const script = document.createElement("script");
script.src = resource;
document.body.appendChild(script);
await scriptEvaluted;
}
link.remove();
}
}, "request's mode must be cors. A server should return a valid Access-Control-Allow-Origin header if a bundle is a cross origin bundle.");
</script>
</body>

98
tests/wpt/web-platform-tests/web-bundle/subresource-loading/subresource-loading-credential.tentative.sub.html Normal file
View file

@ -0,0 +1,98 @@
<!DOCTYPE html>
<title>
crossorigin= attribute and credentials in WebBundle subresource loading
</title>
<link
rel="help"
href="https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md"
/>
<link
rel="help"
href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../resources/test-helpers.js"></script>
<body>
<script>
// In this wpt, we only test request's credential mode, which controls
// whether UA sends a credential or not.
// We assume that a <link> element fires a load event correctly if
// check-cookie-and-return-bundle.py returns a valid format webbundle. That
// happens only when UA sends a credential. We don't care of the contents of
// a bundle. That's out of scope of this wpt.
// See subresoruce-loading-cors{-error}.tentative.html, where we test subresource
// loading with crossorigin= attribute, in terms of request's mode (cors or no-cors).
document.cookie = "milk=1";
// Make sure to set a cookie for a cross-origin domain from where a cross
// origin bundle is served.
const setCookiePromise = fetch(
"http://{{domains[www2]}}:{{ports[http][0]}}/cookies/resources/set-cookie.py?name=milk&path=/web-bundle/subresource-loading/",
{
mode: "no-cors",
credentials: "include",
}
);
const same_origin_bundle = "./check-cookie-and-return-bundle.py";
const cross_origin_bundle = "http://{{domains[www2]}}:{{ports[http][0]}}/web-bundle/subresource-loading/check-cookie-and-return-bundle.py";
promise_test(async () => {
const link = document.createElement("link");
link.rel = "webbundle";
link.href = same_origin_bundle;
await addElementAndWaitForLoad(link);
link.remove()
}, "'no crossorigin attribute' should send a credential to a same origin bundle");
promise_test(async () => {
await setCookiePromise;
const link = document.createElement("link");
link.rel = "webbundle";
link.href = cross_origin_bundle;
await addElementAndWaitForError(link);
link.remove()
}, "'no crossorigin attribute' should not send a credential to a cross origin bundle");
promise_test(async () => {
const link = document.createElement("link");
link.rel = "webbundle";
link.href = same_origin_bundle;
link.crossOrigin = "anonymous";
await addElementAndWaitForLoad(link);
link.remove()
}, "'anonymous' should send a credential to a same origin bundle");
promise_test(async () => {
await setCookiePromise;
const link = document.createElement("link");
link.rel = "webbundle";
link.href = cross_origin_bundle;
link.crossOrigin = "anonymous";
await addElementAndWaitForError(link);
link.remove()
}, "'anonymous' should not send a credential to a cross origin bundle");
promise_test(async () => {
const link = document.createElement("link");
link.rel = "webbundle";
link.href = same_origin_bundle;
link.crossOrigin = "use-credentials";
await addElementAndWaitForLoad(link);
link.remove()
}, "'use-credentials' should send a credential to a same origin bundle");
promise_test(async () => {
await setCookiePromise;
const link = document.createElement("link");
link.rel = "webbundle";
link.href = cross_origin_bundle;
link.crossOrigin = "use-credentials";
await addElementAndWaitForLoad(link);
link.remove()
}, "'use-credentials' should send a credential to a cross origin bundle");
</script>
</body>

93
tests/wpt/web-platform-tests/web-bundle/subresource-loading/subresource-loading-cross-origin.tentative.html
View file

@ -1,93 +0,0 @@
<!DOCTYPE html>
<title>Cross-origin WebBundle subresource loading</title>
<link
rel="help"
href="https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<!--
This wpt should run on an origin different from https://web-platform.test:8444/,
from where cross-orign WebBundles are served.
This test uses the two cross-origin WebBundles:
1. https://web-platform.test:8444/web-bundle/resources/wbn/cors/cross-origin.wbn,
which is served with an Access-Control-Allow-Origin response header.
2. http://web-platform.test:8444/web-bundle/resources/wbn/no-cors/cross-origin.wbn,
which is served *without* an Access-Control-Allow-Origin response header.
Each `cross-origin.wbn` includes two subresources:
a. `resource.cors.json`, which includes an Access-Control-Allow-Origin response header.
b. `resource.no-cors.json`, which doesn't include an Access-Control-Allow-Origin response header.
-->
<link
rel="webbundle"
href="https://web-platform.test:8444/web-bundle/resources/wbn/cors/cross-origin.wbn"
resources="https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.cors.json
https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.no-cors.json"
/>
<script>
promise_test(async () => {
const response = await fetch(
"https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.cors.json"
);
assert_true(response.ok);
const text = await response.text();
assert_equals(text, "{ cors: 1 }");
}, "A subresource which includes an Access-Control-Allow-Origin response header can be fetched");
promise_test(async (t) => {
return promise_rejects_js(
t,
TypeError,
fetch(
"https://web-platform.test:8444/web-bundle/resources/wbn/cors/resource.no-cors.json"
)
);
}, "A subresource which does not include an Access-Control-Allow-Origin response header can not be fetched");
promise_test(async (t) => {
const prefix =
"http://web-platform.test:8444/web-bundle/resources/wbn/no-cors/";
const resources = [
prefix + "resource.cors.json",
prefix + "resource.no-cors.json",
]
// Should fire an error event on loading webbundle.
await addLinkAndWaitForError(prefix + "cross-origin.wbn", resources);
// A fetch should fail for any subresource specified in resources attribute.
for (const url of resources) {
await fetchAndWaitForReject(url);
}
}, "A cross-origin WebBundle which does not include an Access-Control-Allow-Origin response header should fire an error event on load, and a fetch should fail for any subresource");
function addLinkAndWaitForError(url, resources) {
return new Promise((resolve, reject) => {
const link = document.createElement("link");
link.rel = "webbundle";
link.href = url;
for (const resource of resources) {
link.resources.add(resource);
}
link.onload = reject;
link.onerror = () => resolve(link);
document.body.appendChild(link);
});
}
function fetchAndWaitForReject(url) {
return new Promise((resolve, reject) => {
fetch(url)
.then(() => {
reject();
})
.catch(() => {
resolve();
});
});
}
</script>
</body>