Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-10-04 02:29:12 +01:00
Code Issues Projects Releases Packages Wiki Activity
servo/tests/wpt/web-platform-tests/fetch/cross-origin-resource-policy/fetch.html

83 lines
4.4 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
</head>
<body>
<script>
const host = get_host_info();
const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
const sameSiteBaseURL = "http://" + host.ORIGINAL_HOST + ":" + host.HTTP_PORT2 + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
const httpsBaseURL = host.HTTPS_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
promise_test(async () => {
const response = await fetch("./resources/hello.py?corp=same-origin");
assert_equals(await response.text(), "hello");
}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
promise_test(async () => {
const response = await fetch("./resources/hello.py?corp=same-site");
assert_equals(await response.text(), "hello");
}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
promise_test(async (test) => {
const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-origin");
assert_equals(await response.text(), "hello");
}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
promise_test(async (test) => {
const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-site");
assert_equals(await response.text(), "hello");
}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
promise_test((test) => {
const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin";
return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" }));
}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
promise_test((test) => {
const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-site";
return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" }));
}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
promise_test((test) => {
const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site";
return fetch(remoteURL, { mode: "no-cors" });
}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.");
promise_test((test) => {
const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-origin";
return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" }));
}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
promise_test(async (test) => {
const remoteSameSiteURL = sameSiteBaseURL + "resources/hello.py?corp=same-site";
await fetch(remoteSameSiteURL, { mode: "no-cors" });
return promise_rejects(test, new TypeError, fetch(sameSiteBaseURL + "resources/hello.py?corp=same-origin", { mode: "no-cors" }));
}, "Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
promise_test((test) => {
const finalURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin";
return promise_rejects(test, new TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.");
promise_test((test) => {
const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
return fetch(notSameSiteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" });
}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection.");
promise_test(async (test) => {
const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
await fetch(finalURL, { mode: "no-cors" });
return promise_rejects(test, new TypeError, fetch(notSameSiteBaseURL + "resources/redirect.py?corp=same-origin&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header.");
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink