WebKit Bugzilla
Attachment 340927 Details for
Bug 185840
: Migrate From-Origin to Cross-Origin-Resource-Policy
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP
bug-185840-20180521165250.patch (text/plain), 133.68 KB, created by
youenn fablet
on 2018-05-21 16:52:51 PDT
(
hide
)
Description:
WIP
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-05-21 16:52:51 PDT
Size:
133.68 KB
patch
obsolete
>Subversion Revision: 232031 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index f514aaa94823cc055a4dee12b4f26c2863832291..fe96cbcfdf2784e9cc57e4781a46da5a03ba827a 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,21 @@ >+2018-05-21 Youenn Fablet <youenn@apple.com> >+ >+ Migrate From-Origin to Cross-Origin-Resource-Policy >+ https://bugs.webkit.org/show_bug.cgi?id=185840 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Tests: http/wpt/cross-origin-read-policy/fetch-in-iframe.html >+ http/wpt/cross-origin-read-policy/fetch.html >+ http/wpt/cross-origin-read-policy/iframe-loads.html >+ http/wpt/cross-origin-read-policy/image-loads.html >+ http/wpt/cross-origin-read-policy/script-loads.html >+ >+ * platform/network/HTTPHeaderNames.in: >+ * platform/network/HTTPParsers.cpp: >+ (WebCore::parseCrossOriginResourcePolicyHeader): >+ * platform/network/HTTPParsers.h: >+ > 2018-05-21 Chris Dumez <cdumez@apple.com> > > File's structured serialization should serialize lastModified attribute >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index d1815fc0aa2170df9c63407c9dcd9662314962d8..c8330b17e606964dbbd8f965f093233ecaaea8ba 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,31 @@ >+2018-05-21 Youenn Fablet <youenn@apple.com> >+ >+ Migrate From-Origin to Cross-Origin-Resource-Policy >+ https://bugs.webkit.org/show_bug.cgi?id=185840 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Do Cross-Origin-Resource-Policy (CORP) checks in NetworkLoadChecker instead of NetworkResourceLoader directly. >+ Make sure CORP only applies to no-cors loads. >+ Remove ancestor checks and only consider the document origin making the load. >+ This means that in case of cross-origin redirection to same-origin, the redirection will be CORP-checked, >+ the final response will not be CORP-checked but will be opaque. >+ >+ * NetworkProcess/NetworkLoadChecker.cpp: >+ (WebKit::NetworkLoadChecker::validateCrossOriginResourcePolicyPolicy): >+ (WebKit::NetworkLoadChecker::validateResponse): >+ * NetworkProcess/NetworkLoadChecker.h: >+ * NetworkProcess/NetworkResourceLoader.cpp: >+ (WebKit::NetworkResourceLoader::retrieveCacheEntry): >+ (WebKit::NetworkResourceLoader::didReceiveResponse): >+ (WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest): >+ (WebKit::NetworkResourceLoader::didRetrieveCacheEntry): >+ (WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry): >+ * NetworkProcess/NetworkResourceLoader.h: >+ * WebProcess/Network/WebLoaderStrategy.cpp: >+ (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess): >+ Send ancestor information for navigation loads only. >+ > 2018-05-21 Brian Burg <bburg@apple.com> > > Web Automation: always return an empty cookie list if document.cookieURL() is empty >diff --git a/Source/WebCore/platform/network/HTTPHeaderNames.in b/Source/WebCore/platform/network/HTTPHeaderNames.in >index 96ccb793e34473b5c7cdd8c988b907de04659fd9..69a20e2f92d7baae9f570df2bccdfc580638dfb7 100644 >--- a/Source/WebCore/platform/network/HTTPHeaderNames.in >+++ b/Source/WebCore/platform/network/HTTPHeaderNames.in >@@ -51,13 +51,13 @@ Content-Range > Cookie > Cookie2 > Cross-Origin-Options >+Cross-Origin-Resource-Policy > Date > DNT > Default-Style > ETag > Expect > Expires >-From-Origin > Host > If-Match > If-Modified-Since >diff --git a/Source/WebCore/platform/network/HTTPParsers.cpp b/Source/WebCore/platform/network/HTTPParsers.cpp >index 893905f1f6f80e275d1a9a1705e1c935f469d419..fea14eae8967ee8effb83ace365ca4122dd60940 100644 >--- a/Source/WebCore/platform/network/HTTPParsers.cpp >+++ b/Source/WebCore/platform/network/HTTPParsers.cpp >@@ -897,20 +897,20 @@ String normalizeHTTPMethod(const String& method) > return method; > } > >-FromOriginDisposition parseFromOriginHeader(const String& header) >+CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(const String& header) > { > auto strippedHeader = stripLeadingAndTrailingHTTPSpaces(header); > > if (strippedHeader.isEmpty()) >- return FromOriginDisposition::None; >+ return CrossOriginResourcePolicy::None; > > if (equalLettersIgnoringASCIICase(strippedHeader, "same")) >- return FromOriginDisposition::Same; >+ return CrossOriginResourcePolicy::Same; > > if (equalLettersIgnoringASCIICase(strippedHeader, "same-site")) >- return FromOriginDisposition::SameSite; >+ return CrossOriginResourcePolicy::SameSite; > >- return FromOriginDisposition::Invalid; >+ return CrossOriginResourcePolicy::Invalid; > } > > CrossOriginOptions parseCrossOriginOptionsHeader(StringView header) >diff --git a/Source/WebCore/platform/network/HTTPParsers.h b/Source/WebCore/platform/network/HTTPParsers.h >index 4bb4a73843510fbaff99aae9e1f0d354a23523c1..a6dcb3e50d980c57c87b3a471ac794eeefe27686 100644 >--- a/Source/WebCore/platform/network/HTTPParsers.h >+++ b/Source/WebCore/platform/network/HTTPParsers.h >@@ -64,7 +64,7 @@ enum XFrameOptionsDisposition { > XFrameOptionsConflict > }; > >-enum class FromOriginDisposition { >+enum class CrossOriginResourcePolicy { > None, > Same, > SameSite, >@@ -117,7 +117,7 @@ bool isCrossOriginSafeRequestHeader(HTTPHeaderName, const String&); > > String normalizeHTTPMethod(const String&); > >-WEBCORE_EXPORT FromOriginDisposition parseFromOriginHeader(const String&); >+WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(const String&); > CrossOriginOptions parseCrossOriginOptionsHeader(StringView); > > inline bool isHTTPSpace(UChar character) >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >index 0a4d5c11308dfb2863f2ee56fb2bb8c491c7214a..86717ae06eff4b0d8eaf9a0b6509a4b3c5f9cd26 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >@@ -123,6 +123,27 @@ void NetworkLoadChecker::checkRedirection(ResourceResponse& redirectResponse, Re > checkRequest(WTFMove(request), WTFMove(handler)); > } > >+bool NetworkLoadChecker::validateCrossOriginResourcePolicyPolicy(const ResourceResponse& response) >+{ >+ if (m_origin->canRequest(response.url())) >+ return true; >+ >+ auto policy = WebCore::parseCrossOriginResourcePolicyHeader(response.httpHeaderField(WebCore::HTTPHeaderName::CrossOriginResourcePolicy)); >+ switch (policy) { >+ case WebCore::CrossOriginResourcePolicy::None: >+ case WebCore::CrossOriginResourcePolicy::Invalid: >+ return true; >+ case WebCore::CrossOriginResourcePolicy::Same: >+ return false; >+ case WebCore::CrossOriginResourcePolicy::SameSite: { >+#if ENABLE(PUBLIC_SUFFIX_LIST) >+ return !m_origin->isUnique() && ResourceRequest::partitionName(m_origin->host()) == ResourceRequest::partitionName(response.url().host()); >+#else >+ return false; >+#endif >+ }} >+} >+ > ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response) > { > if (m_redirectCount) >@@ -139,6 +160,8 @@ ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response) > } > > if (m_options.mode == FetchOptions::Mode::NoCors) { >+ if (!validateCrossOriginResourcePolicyPolicy(response)) >+ return ResourceError { errorDomainWebKitInternal, 0, m_url, makeString("Cancelled load to ", response.url().string(), " because it violates the resource's Cross-Origin-Resource-Policy response header."), ResourceError::Type::AccessControl }; > response.setTainting(ResourceResponse::Tainting::Opaque); > return { }; > } >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h >index c6597a04d8d24697d8d7dab86e56c07995b774a5..c4a3ef17869c3c8fe8fd94652811cacdf0e388a5 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h >@@ -94,6 +94,9 @@ private: > void processContentExtensionRulesForLoad(WebCore::ResourceRequest&&, ContentExtensionCallback&&); > #endif > >+ bool validateCrossOriginResourcePolicyPolicy(const WebCore::ResourceResponse&); >+ >+ > WebCore::FetchOptions m_options; > WebCore::StoredCredentialsPolicy m_storedCredentialsPolicy; > PAL::SessionID m_sessionID; >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >index 44a32543adad13b7e0e42fc9846db53a9eae155e..ed6a5d608fec5de507dcb185cdf626dc6521f2e5 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >@@ -230,7 +230,7 @@ void NetworkResourceLoader::retrieveCacheEntry(const ResourceRequest& request) > } > if (entry->redirectRequest()) { > RELEASE_LOG_IF_ALLOWED("retrieveCacheEntry: Handling redirect (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous()); >- loader->dispatchWillSendRequestForCacheEntry(WTFMove(entry)); >+ loader->dispatchWillSendRequestForCacheEntry(WTFMove(request), WTFMove(entry)); > return; > } > if (loader->m_parameters.needsCertificateInfo && !entry->response().certificateInfo()) { >@@ -361,48 +361,6 @@ void NetworkResourceLoader::abort() > cleanup(LoadResult::Cancel); > } > >-static bool areFrameAncestorsSameSite(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins) >-{ >-#if ENABLE(PUBLIC_SUFFIX_LIST) >- auto responsePartition = ResourceRequest::partitionName(response.url().host()); >- return frameAncestorOrigins.findMatching([&](const auto& item) { >- return item->isUnique() || ResourceRequest::partitionName(item->host()) != responsePartition; >- }) == notFound; >-#else >- UNUSED_PARAM(response); >- UNUSED_PARAM(frameAncestorOrigins); >- return false; >-#endif >-} >- >-static bool areFrameAncestorsSameOrigin(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins) >-{ >- return frameAncestorOrigins.findMatching([responseOrigin = SecurityOrigin::create(response.url())](const auto& item) { >- return !item->isSameOriginAs(responseOrigin); >- }) == notFound; >-} >- >-static bool shouldCancelCrossOriginLoad(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins) >-{ >- auto fromOriginDirective = WebCore::parseFromOriginHeader(response.httpHeaderField(WebCore::HTTPHeaderName::FromOrigin)); >- switch (fromOriginDirective) { >- case WebCore::FromOriginDisposition::None: >- case WebCore::FromOriginDisposition::Invalid: >- return false; >- case WebCore::FromOriginDisposition::Same: >- return !areFrameAncestorsSameOrigin(response, frameAncestorOrigins); >- case WebCore::FromOriginDisposition::SameSite: >- return !areFrameAncestorsSameSite(response, frameAncestorOrigins); >- } >- >- RELEASE_ASSERT_NOT_REACHED(); >-} >- >-static ResourceError fromOriginResourceError(const URL& url) >-{ >- return { errorDomainWebKitInternal, 0, url, ASCIILiteral { "Cancelled load because it violates the resource's From-Origin response header." }, ResourceError::Type::AccessControl }; >-} >- > bool NetworkResourceLoader::shouldInterruptLoadForXFrameOptions(const String& xFrameOptions, const URL& url) > { > if (isMainFrameLoad()) >@@ -491,21 +449,20 @@ auto NetworkResourceLoader::didReceiveResponse(ResourceResponse&& receivedRespon > if (m_cacheEntryForValidation) > return ShouldContinueDidReceiveResponse::Yes; > >- ResourceError error; >- if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(m_response, m_parameters.frameAncestorOrigins)) >- error = fromOriginResourceError(m_response.url()); >- if (error.isNull() && isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(m_response)) { >+ if (isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(m_response)) { > send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied { }); > return ShouldContinueDidReceiveResponse::No; > } >- if (error.isNull() && m_networkLoadChecker) >- error = m_networkLoadChecker->validateResponse(m_response); >- if (!error.isNull()) { >- RunLoop::main().dispatch([protectedThis = makeRef(*this), error = WTFMove(error)] { >- if (protectedThis->m_networkLoad) >- protectedThis->didFailLoading(error); >- }); >- return ShouldContinueDidReceiveResponse::No; >+ >+ if (m_networkLoadChecker) { >+ auto error = m_networkLoadChecker->validateResponse(m_response); >+ if (!error.isNull()) { >+ RunLoop::main().dispatch([protectedThis = makeRef(*this), error = WTFMove(error)] { >+ if (protectedThis->m_networkLoad) >+ protectedThis->didFailLoading(error); >+ }); >+ return ShouldContinueDidReceiveResponse::No; >+ } > } > > auto response = sanitizeResponseIfPossible(ResourceResponse { m_response }, ResourceResponse::SanitizationType::CrossOriginSafe); >@@ -663,11 +620,6 @@ void NetworkResourceLoader::continueWillSendRedirectedRequest(WebCore::ResourceR > if (canUseCachedRedirect(request)) > m_cache->storeRedirect(request, redirectResponse, redirectRequest); > >- if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(redirectResponse, m_parameters.frameAncestorOrigins) && m_networkLoad) { >- didFailLoading(fromOriginResourceError(redirectResponse.url())); >- return; >- } >- > send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection))); > } > >@@ -791,19 +743,16 @@ void NetworkResourceLoader::didRetrieveCacheEntry(std::unique_ptr<NetworkCache:: > { > auto response = entry->response(); > >- ResourceError error; >- if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(response, m_parameters.frameAncestorOrigins)) >- error = fromOriginResourceError(response.url()); >- if (error.isNull() && isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(response)) { >+ if (isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(response)) { > send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied { }); > return; > } >- if (error.isNull() && m_networkLoadChecker) >- error = m_networkLoadChecker->validateResponse(response); >- >- if (!error.isNull()) { >- didFailLoading(error); >- return; >+ if (m_networkLoadChecker) { >+ auto error = m_networkLoadChecker->validateResponse(response); >+ if (!error.isNull()) { >+ didFailLoading(error); >+ return; >+ } > } > > response = sanitizeResponseIfPossible(WTFMove(response), ResourceResponse::SanitizationType::CrossOriginSafe); >@@ -903,22 +852,15 @@ void NetworkResourceLoader::validateCacheEntry(std::unique_ptr<NetworkCache::Ent > startNetworkLoad(WTFMove(revalidationRequest), FirstLoad::Yes); > } > >-void NetworkResourceLoader::dispatchWillSendRequestForCacheEntry(std::unique_ptr<NetworkCache::Entry> entry) >+void NetworkResourceLoader::dispatchWillSendRequestForCacheEntry(ResourceRequest&& request, std::unique_ptr<NetworkCache::Entry>&& entry) > { > ASSERT(entry->redirectRequest()); > ASSERT(!m_isWaitingContinueWillSendRequestForCachedRedirect); > > LOG(NetworkCache, "(NetworkProcess) Executing cached redirect"); >- >- auto& response = entry->response(); >- if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(response, m_parameters.frameAncestorOrigins) && m_networkLoad) { >- didFailLoading(fromOriginResourceError(response.url())); >- return; >- } >- >- ++m_redirectCount; >- send(Messages::WebResourceLoader::WillSendRequest { *entry->redirectRequest(), sanitizeResponseIfPossible(ResourceResponse { response }, ResourceResponse::SanitizationType::Redirection) }); > m_isWaitingContinueWillSendRequestForCachedRedirect = true; >+ >+ willSendRedirectedRequest(WTFMove(request), ResourceRequest { *entry->redirectRequest() }, ResourceResponse { entry->response() }); > } > > IPC::Connection* NetworkResourceLoader::messageSenderConnection() >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >index 773ca82fc5c84350457ab6968760843806361e4f..0a155d57197f3d16399631c4213077cc1c8a632c 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >@@ -137,7 +137,7 @@ private: > void didRetrieveCacheEntry(std::unique_ptr<NetworkCache::Entry>); > void sendResultForCacheEntry(std::unique_ptr<NetworkCache::Entry>); > void validateCacheEntry(std::unique_ptr<NetworkCache::Entry>); >- void dispatchWillSendRequestForCacheEntry(std::unique_ptr<NetworkCache::Entry>); >+ void dispatchWillSendRequestForCacheEntry(WebCore::ResourceRequest&&, std::unique_ptr<NetworkCache::Entry>&&); > void continueProcessingCachedEntryAfterDidReceiveResponse(std::unique_ptr<NetworkCache::Entry>); > > bool shouldInterruptLoadForXFrameOptions(const String&, const WebCore::URL&); >diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >index 63aebcca4a5ee17ecbc8b2f0b1f9e68b994b7573..34a869cf54ae90326f3b4db0f23dc8300e18af1f 100644 >--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >@@ -329,10 +329,12 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL > > loadParameters.shouldEnableFromOriginResponseHeader = RuntimeEnabledFeatures::sharedFeatures().fromOriginResponseHeaderEnabled() && !loadParameters.isMainFrameNavigation; > >- Vector<RefPtr<SecurityOrigin>> frameAncestorOrigins; >- for (auto* frame = resourceLoader.frame(); frame; frame = frame->tree().parent()) >- frameAncestorOrigins.append(makeRefPtr(frame->document()->securityOrigin())); >- loadParameters.frameAncestorOrigins = WTFMove(frameAncestorOrigins); >+ if (resourceLoader.options().mode == FetchOptions::Mode::Navigate && !loadParameters.isMainFrameNavigation) { >+ Vector<RefPtr<SecurityOrigin>> frameAncestorOrigins; >+ for (auto* frame = resourceLoader.frame(); frame; frame = frame->tree().parent()) >+ frameAncestorOrigins.append(makeRefPtr(frame->document()->securityOrigin())); >+ loadParameters.frameAncestorOrigins = WTFMove(frameAncestorOrigins); >+ } > > ASSERT((loadParameters.webPageID && loadParameters.webFrameID) || loadParameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials); > >diff --git a/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp b/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp >index 9454e5819d0be930362c8f9c4214efe7c7a2bca6..c40b565666aeb52e277e8eab187bbf15ab26f31a 100644 >--- a/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp >+++ b/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp >@@ -32,27 +32,27 @@ using namespace WebCore; > > namespace TestWebKitAPI { > >-TEST(HTTPParsers, ParseFromOriginHeader) >+TEST(HTTPParsers, ParseCrossOriginResourcePolicyHeader) > { >- EXPECT_TRUE(parseFromOriginHeader("") == FromOriginDisposition::None); >- EXPECT_TRUE(parseFromOriginHeader(" ") == FromOriginDisposition::None); >- >- EXPECT_TRUE(parseFromOriginHeader("same") == FromOriginDisposition::Same); >- EXPECT_TRUE(parseFromOriginHeader("Same") == FromOriginDisposition::Same); >- EXPECT_TRUE(parseFromOriginHeader("SAME") == FromOriginDisposition::Same); >- EXPECT_TRUE(parseFromOriginHeader(" same ") == FromOriginDisposition::Same); >- >- EXPECT_TRUE(parseFromOriginHeader("same-site") == FromOriginDisposition::SameSite); >- EXPECT_TRUE(parseFromOriginHeader("Same-Site") == FromOriginDisposition::SameSite); >- EXPECT_TRUE(parseFromOriginHeader("SAME-SITE") == FromOriginDisposition::SameSite); >- EXPECT_TRUE(parseFromOriginHeader(" same-site ") == FromOriginDisposition::SameSite); >- >- EXPECT_TRUE(parseFromOriginHeader("zame") == FromOriginDisposition::Invalid); >- EXPECT_TRUE(parseFromOriginHeader("samesite") == FromOriginDisposition::Invalid); >- EXPECT_TRUE(parseFromOriginHeader("same site") == FromOriginDisposition::Invalid); >- EXPECT_TRUE(parseFromOriginHeader("sameâsite") == FromOriginDisposition::Invalid); >- EXPECT_TRUE(parseFromOriginHeader("SAMESITE") == FromOriginDisposition::Invalid); >- EXPECT_TRUE(parseFromOriginHeader("") == FromOriginDisposition::Invalid); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("") == CrossOriginResourcePolicy::None); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" ") == CrossOriginResourcePolicy::None); >+ >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same") == CrossOriginResourcePolicy::Same); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same") == CrossOriginResourcePolicy::Same); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME") == CrossOriginResourcePolicy::Same); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same ") == CrossOriginResourcePolicy::Same); >+ >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same-site") == CrossOriginResourcePolicy::SameSite); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Site") == CrossOriginResourcePolicy::SameSite); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-SITE") == CrossOriginResourcePolicy::SameSite); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-site ") == CrossOriginResourcePolicy::SameSite); >+ >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("zame") == CrossOriginResourcePolicy::Invalid); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("samesite") == CrossOriginResourcePolicy::Invalid); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same site") == CrossOriginResourcePolicy::Invalid); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("sameâsite") == CrossOriginResourcePolicy::Invalid); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAMESITE") == CrossOriginResourcePolicy::Invalid); >+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("") == CrossOriginResourcePolicy::Invalid); > } > > } // namespace TestWebKitAPI >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 441dcd8b882d044cdfd8e74b85b901c8ff3ee50c..b13e815c8aa2c6993c5988cdaa39c0dd4b7d850c 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,33 @@ >+2018-05-21 Youenn Fablet <youenn@apple.com> >+ >+ Migrate From-Origin to Cross-Origin-Resource-Policy >+ https://bugs.webkit.org/show_bug.cgi?id=185840 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Migrating From-Origin tests to Cross-Origin-Resource-Policy tests. >+ Given the scope of the header is reduced to no-cors and no ancestor checks, >+ We cover the new header with fetch/image/script loads. >+ >+ * http/tests/from-origin: Removed. >+ * http/wpt/cross-origin-read-policy/fetch-expected.txt: Added. >+ * http/wpt/cross-origin-read-policy/fetch-in-iframe-expected.txt: Added. >+ * http/wpt/cross-origin-read-policy/fetch-in-iframe.html: Added. >+ * http/wpt/cross-origin-read-policy/fetch.html: Added. >+ * http/wpt/cross-origin-read-policy/iframe-loads-expected.txt: Added. >+ * http/wpt/cross-origin-read-policy/iframe-loads.html: Added. >+ * http/wpt/cross-origin-read-policy/image-loads-expected.txt: Added. >+ * http/wpt/cross-origin-read-policy/image-loads.html: Added. >+ * http/wpt/cross-origin-read-policy/resources/green.png: Added. >+ * http/wpt/cross-origin-read-policy/resources/hello.py: Added. >+ * http/wpt/cross-origin-read-policy/resources/iframe.py: Added. >+ * http/wpt/cross-origin-read-policy/resources/iframeFetch.html: Added. >+ * http/wpt/cross-origin-read-policy/resources/image.py: Added. >+ * http/wpt/cross-origin-read-policy/resources/redirect.py: Added. >+ * http/wpt/cross-origin-read-policy/resources/script.py: Added. >+ * http/wpt/cross-origin-read-policy/script-loads-expected.txt: Added. >+ * http/wpt/cross-origin-read-policy/script-loads.html: Added. >+ > 2018-05-21 Chris Dumez <cdumez@apple.com> > > File's structured serialization should serialize lastModified attribute >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index 1387d5624e6233366963bf2b3d45e64936091b98..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,14 +0,0 @@ >-Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The iframe >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted.html >deleted file mode 100644 >index 4e6c9663d019b2eea6507e86b91e99fb7b18e4c0..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 221bfdb4c13a97c7cec29dbea36de4b8b65d23ee..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,15 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >- >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked.html >deleted file mode 100644 >index d173ef7c06bffbc2b41ddacfd81f4299c67830ac..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt >deleted file mode 100644 >index bec0fefb39cdb597428e1274a297955745ae881c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt >+++ /dev/null >@@ -1,14 +0,0 @@ >-Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The iframe >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted.html >deleted file mode 100644 >index 2b182b3fafeeeec7ae206b1c18a0a60404365fff..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/iframe.php?fromOrigin=same-site"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt >deleted file mode 100644 >index e1dbf6d05f0b8c72a22965e5652dd9577483d7a9..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt >+++ /dev/null >@@ -1,15 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >- >diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked.html >deleted file mode 100644 >index a0b84673dfe22fdf3891516b3eff90c2328017a9..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same-site' response header."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same-site"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index b049c4192216b46811a220db5c75462e6de29b0b..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,21 +0,0 @@ >-Tests that a nested same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The outer iframe, loading a nested 127.0.0.1 iframe. >- >- >- >--------- >-Frame: '<!--frame2-->' >--------- >-The iframe >diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted.html >deleted file mode 100644 >index fd10aedfa7e556dcfb5f4b0c0d8b91009ad343ec..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a nested same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedIPAddressIframe.html"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index f9663b4da3d7b0938502b7008cb9f5c811584851..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,22 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The outer iframe, loading a nested localhost iframe. >- >- >- >--------- >-Frame: '<!--frame2-->' >--------- >- >diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked.html >deleted file mode 100644 >index 53d77a181d489816d83719e6b6facb3bce7f2276..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedLocalhostIframe.html"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 6cb9d39d148695d7566928ca8dd31868b93d4a3b..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,17 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks. >-Tests that a cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS 127.0.0.1 fetch in data: iframe blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The iframe making a 127.0.0.1 fetch call. >diff --git a/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html >deleted file mode 100644 >index 25b42819fcf5e687b052b5f0c78204969ba69990..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- testRunner.dumpChildFramesAsText(); >- >- function receiveMessage(event) { >- if (event.origin === "null") { >- if (event.data.indexOf("fetchSuccess") !== -1) >- testFailed("127.0.0.1 fetch in data: iframe succeeded."); >- else if (event.data.indexOf("fetchError") !== -1) >- testPassed("127.0.0.1 fetch in data: iframe blocked."); >- else >- testFailed("Received an unrecognized message. " + event.data); >- } else { >- testFailed("Received a message from an unexpected origin: " + event.origin); >- } >- finishJSTest(); >- } >- >- window.addEventListener("message", receiveMessage, false); >- </script> >-</head> >-<body> >-<!-- data url equivalent to from-origin/resources/iframeIPAddressFetch.html --> >-<iframe src="data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ+CiAgICAgICAgZnVuY3Rpb24gZmV0Y2hFcnJvcigpIHsKICAgICAgICAgICAgdG9wLnBvc3RNZXNzYWdlKCJmZXRjaEVycm9yIiwgImh0dHA6Ly8xMjcuMC4wLjE6ODAwMCIpOwogICAgICAgIH0KCiAgICAgICAgZnVuY3Rpb24gZmV0Y2hTdWNjZXNzKCkgewogICAgICAgICAgICB0b3AucG9zdE1lc3NhZ2UoImZldGNoU3VjY2VzcyIsICJodHRwOi8vMTI3LjAuMC4xOjgwMDAiKTsKICAgICAgICB9CgogICAgICAgIGZldGNoKCJodHRwOi8vMTI3LjAuMC4xOjgwMDAvZnJvbS1vcmlnaW4vcmVzb3VyY2VzL2ZldGNoLnBocD9mcm9tT3JpZ2luPXNhbWUiKS50aGVuKGZ1bmN0aW9uKHJlc3BvbnNlKSB7CiAgICAgICAgICAgIHJldHVybiByZXNwb25zZS5qc29uKCk7CiAgICAgICAgfSkudGhlbihmdW5jdGlvbihkYXRhKSB7CiAgICAgICAgICAgIGNvbnN0IHBhcnNlZERhdGEgPSBKU09OLnBhcnNlKGRhdGEpOwogICAgICAgICAgICBpZiAocGFyc2VkRGF0YS5GZXRjaCkKICAgICAgICAgICAgICAgIGZldGNoU3VjY2VzcygpOwogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICBmZXRjaEVycm9yKCk7CiAgICAgICAgfSkuY2F0Y2goZnVuY3Rpb24oZXJyb3IpIHsKICAgICAgICAgICAgZmV0Y2hFcnJvcigpOwogICAgICAgIH0pOwogICAgPC9zY3JpcHQ+CjwvaGVhZD4KPGJvZHk+CiAgICA8aDM+VGhlIGlmcmFtZSBtYWtpbmcgYSAxMjcuMC4wLjEgZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk+CjwvaHRtbD4K"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index a7571302e9651febdce561251480fa36601a4f42..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Fetch succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted.html >deleted file mode 100644 >index e0d8059d74056f176660c59db4c4c26e07ebb33d..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted.html >+++ /dev/null >@@ -1,26 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- fetch("http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) { >- return response.json(); >- }).then(function(data) { >- const parsedData = JSON.parse(data); >- if (parsedData.Fetch) >- testPassed("Fetch succeeded."); >- else >- testFailed("Unknown fetch response."); >- finishJSTest(); >- }).catch(function(error) { >- testFailed("Fetch blocked. " + error); >- finishJSTest(); >- }); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 24e5ed831c04e68f8a591feb021b45b048623f6c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks. >-Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Fetch blocked. TypeError: Cancelled load because it violates the resource's From-Origin response header. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked.html >deleted file mode 100644 >index 18632f8e257d7c2aa20943a1da42e4a4f7ed2427..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked.html >+++ /dev/null >@@ -1,26 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header."); >- jsTestIsAsync = true; >- >- fetch("http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) { >- return response.json(); >- }).then(function(data) { >- const parsedData = JSON.parse(data); >- if (parsedData.Fetch) >- testFailed("Fetch succeeded."); >- else >- testFailed("Unknown fetch response."); >- finishJSTest(); >- }).catch(function(error) { >- testPassed("Fetch blocked. " + error); >- finishJSTest(); >- }); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt >deleted file mode 100644 >index e6a79c6f8cc97f8bd5b438836ab40c0fdd4b86a4..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Fetch succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted.html >deleted file mode 100644 >index 0107469c28f3d758ef2a32b7319585b8e2029dc9..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted.html >+++ /dev/null >@@ -1,26 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header."); >- jsTestIsAsync = true; >- >- fetch("http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same-site").then(function(response) { >- return response.json(); >- }).then(function(data) { >- const parsedData = JSON.parse(data); >- if (parsedData.Fetch) >- testPassed("Fetch succeeded."); >- else >- testFailed("Unknown fetch response."); >- finishJSTest(); >- }).catch(function(error) { >- testFailed("Fetch blocked. " + error); >- finishJSTest(); >- }); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt >deleted file mode 100644 >index 7b3be6e534e961616f414fbd675d08cff63bea85..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same-site due to access control checks. >-Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Fetch blocked. TypeError: Cancelled load because it violates the resource's From-Origin response header. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked.html >deleted file mode 100644 >index f27df8f725b20fcae40bdf5b837602c7e5bef01a..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked.html >+++ /dev/null >@@ -1,26 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header."); >- jsTestIsAsync = true; >- >- fetch("http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same-site").then(function(response) { >- return response.json(); >- }).then(function(data) { >- const parsedData = JSON.parse(data); >- if (parsedData.Fetch) >- testFailed("Fetch succeeded."); >- else >- testFailed("Unknown fetch response."); >- finishJSTest(); >- }).catch(function(error) { >- testPassed("Fetch blocked. " + error); >- finishJSTest(); >- }); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index 786196182ee8333fc56c05ae35d41679718dac56..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,15 +0,0 @@ >-Tests that a same-origin fetch in an iframe succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS 127.0.0.1 fetch in 127.0.0.1 iframe succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The iframe making a 127.0.0.1 fetch call. >diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html >deleted file mode 100644 >index d9da6f39c96352acf8af1acd000574ece6b0facc..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin fetch in an iframe succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- testRunner.dumpChildFramesAsText(); >- >- function receiveMessage(event) { >- if (event.origin === "http://127.0.0.1:8000") { >- if (event.data.indexOf("fetchSuccess") !== -1) >- testPassed("127.0.0.1 fetch in 127.0.0.1 iframe succeeded."); >- else if (event.data.indexOf("fetchError") !== -1) >- testFailed("127.0.0.1 fetch in 127.0.0.1 iframe blocked."); >- else >- testFailed("Received an unrecognized message. " + event.data); >- } else { >- testFailed("Received a message from an unexpected origin: " + event.origin); >- } >- >- finishJSTest(); >- } >- >- window.addEventListener("message", receiveMessage, false); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/iframeIPAddressFetch.html"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 952a90d6b7b1f4c81aaf00e0c422af34290152e7..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,24 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks. >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks. >-Tests that a cross-origin fetch in an iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Localhost fetch in 127.0.0.1 iframe blocked and 127.0.0.1 fetch in localhost iframe blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The iframe making a localhost fetch call. >- >--------- >-Frame: '<!--frame2-->' >--------- >-The iframe making a 127.0.0.1 fetch call. >diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html >deleted file mode 100644 >index 7d2beef2c71b4c345a321e57a230b107b8f751ac..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html >+++ /dev/null >@@ -1,52 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin fetch in an iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- testRunner.dumpChildFramesAsText(); >- >- function addIframe (url) { >- iframeElement = document.createElement("iframe"); >- iframeElement.src = url; >- document.body.appendChild(iframeElement); >- } >- >- var ipAddressIframeDone = false; >- var localhostIframeDone = false; >- function receiveMessage(event) { >- if (event.origin === "http://127.0.0.1:8000") { >- ipAddressIframeDone = true; >- if (event.data.indexOf("fetchSuccess") !== -1) >- testFailed("Localhost fetch in 127.0.0.1 iframe succeeded."); >- else if (event.data.indexOf("fetchError") === -1) >- testFailed("Received an unrecognized message. " + event.data); >- addIframe("http://localhost:8000/from-origin/resources/iframeIPAddressFetch.html"); >- } else if (event.origin === "http://localhost:8000") { >- localhostIframeDone = true; >- if (event.data.indexOf("fetchSuccess") !== -1) >- testFailed("127.0.0.1 fetch in localhost iframe succeeded."); >- else if (event.data.indexOf("fetchError") === -1) >- testFailed("Received an unrecognized message. " + event.data); >- } else { >- testFailed("Received a message from an unexpected origin: " + event.origin); >- finishJSTest(); >- } >- >- if (ipAddressIframeDone && localhostIframeDone) { >- testPassed("Localhost fetch in 127.0.0.1 iframe blocked and 127.0.0.1 fetch in localhost iframe blocked."); >- finishJSTest(); >- } >- } >- >- window.addEventListener("message", receiveMessage, false); >- >- function run() { >- addIframe("http://127.0.0.1:8000/from-origin/resources/iframeLocalhostFetch.html"); >- } >- </script> >-</head> >-<body onload="run()"> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index b9bd4b7e65eff866cec188d37acd25f965ec1438..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Cannot load image http://localhost:8000/from-origin/resources/image.php?fromOrigin=same due to access control checks. >-Tests that a cross-origin image load inside an about:blank iframe fails if the server blocks it with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Image load blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked.html >deleted file mode 100644 >index f8be3ccffc83a84eee4d69a5dccc8cc42e5efe5b..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin image load inside an about:blank iframe fails if the server blocks it with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function imageLoadError() { >- testPassed("Image load blocked."); >- finishJSTest(); >- } >- >- function imageLoadSuccess() { >- testFailed("Image load succeeded."); >- finishJSTest(); >- } >- >- function injectImageIntoIframe() { >- var imgElement = new Image(); >- imgElement.src = "http://localhost:8000/from-origin/resources/image.php?fromOrigin=same"; >- imgElement.onload = imageLoadSuccess; >- imgElement.onerror = imageLoadError; >- document.getElementById("theIframe").contentDocument.body.appendChild(imgElement); >- } >- </script> >-</head> >-<body onload="injectImageIntoIframe()"> >-<iframe src="about:blank" id="theIframe"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index 73a4a366513389ab5ccdd4cfd089bea9204d91d1..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Image load succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted.html >deleted file mode 100644 >index 4cb62141878a17fa66762a7c0412526338bc4fc2..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function imageLoadError() { >- testFailed("Image load blocked."); >- finishJSTest(); >- } >- >- function imageLoadSuccess() { >- testPassed("Image load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<img src="http://127.0.0.1:8000/from-origin/resources/image.php?fromOrigin=same" onerror="imageLoadError()" onload="imageLoadSuccess()"> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index ff0c2b865d39df10e1ab10f62df67c3d009bff3c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Cannot load image http://localhost:8000/from-origin/resources/image.php?fromOrigin=same due to access control checks. >-Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Image load blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked.html >deleted file mode 100644 >index cb0e07b3942872cbe6bcf3af78d033cc1155d58e..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function imageLoadError() { >- testPassed("Image load blocked."); >- finishJSTest(); >- } >- >- function imageLoadSuccess() { >- testFailed("Image load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<img src="http://localhost:8000/from-origin/resources/image.php?fromOrigin=same" onerror="imageLoadError()" onload="imageLoadSuccess()"> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt >deleted file mode 100644 >index 3d077b285dd149029c1e63a210a145b3f5c58dd0..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Image load succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted.html >deleted file mode 100644 >index ef8235110ff33d8455e12138ec5829bd36d12732..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header."); >- jsTestIsAsync = true; >- >- function imageLoadError() { >- testFailed("Image load blocked."); >- finishJSTest(); >- } >- >- function imageLoadSuccess() { >- testPassed("Image load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<img src="http://127.0.0.1:8000/from-origin/resources/image.php?fromOrigin=same-site" onerror="imageLoadError()" onload="imageLoadSuccess()"> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt >deleted file mode 100644 >index 23e19e97ff5c12908e094c7e3c16f24aad96b54a..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Cannot load image http://localhost:8000/from-origin/resources/image.php?fromOrigin=same-site due to access control checks. >-Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Image load blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked.html >deleted file mode 100644 >index ceaf19e5092c70b44a8a4f96ff84b76e8209d5cd..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same-site' response header."); >- jsTestIsAsync = true; >- >- function imageLoadError() { >- testPassed("Image load blocked."); >- finishJSTest(); >- } >- >- function imageLoadSuccess() { >- testFailed("Image load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<img src="http://localhost:8000/from-origin/resources/image.php?fromOrigin=same-site" onerror="imageLoadError()" onload="imageLoadSuccess()"> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index a47453b3cd2c918fca8cd61affeea53774ad70cf..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,15 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a redirected cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >- >diff --git a/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked.html >deleted file mode 100644 >index 32b4c2a46df14c08defc09946d0eb2439860b40c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a redirected cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 16802a5825ba505f1df1e9f0b2dbaf438cbcb460..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks. >-Tests that a redirected cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Fetch blocked. TypeError: Cancelled load because it violates the resource's From-Origin response header. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html >deleted file mode 100644 >index d3371d93fe98774b5245a14158cd340c3896a084..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html >+++ /dev/null >@@ -1,26 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a redirected cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header."); >- jsTestIsAsync = true; >- >- fetch("http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) { >- return response.json(); >- }).then(function(data) { >- const parsedData = JSON.parse(data); >- if (parsedData.Fetch) >- testFailed("Fetch succeeded."); >- else >- testFailed("Unknown fetch response."); >- finishJSTest(); >- }).catch(function(error) { >- testPassed("Fetch blocked. " + error); >- finishJSTest(); >- }); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 8cb091742b1847e4724db21559851628d3d81e7c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/image.php?fromOrigin=same due to access control checks. >-Tests that a redirected cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Image load blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked.html >deleted file mode 100644 >index 1e0c4e38f9de1b60065c76fd715113bd73b2523c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a redirected cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function imageLoadError() { >- testPassed("Image load blocked."); >- finishJSTest(); >- } >- >- function imageLoadSuccess() { >- testFailed("Image load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<img src="http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/image.php?fromOrigin=same" onerror="imageLoadError()" onload="imageLoadSuccess()"> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 47ab9b1fc4073d00c59be16aa803d60a475cb36b..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >-Tests that a redirected cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Script load blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked.html >deleted file mode 100644 >index 134464f3097bbc0e8d31d9fe2543c4b14fc873f6..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a redirected cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function scriptLoadError() { >- testPassed("Script load blocked."); >- finishJSTest(); >- } >- >- function scriptLoadSuccess() { >- testFailed("Script load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<script src="http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/script.php?fromOrigin=same" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 2c51451a7e7982cf31a0d5e6ca46cdd12c2ba786..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same due to access control checks. >-Tests that a redirected cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Xhr blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html >deleted file mode 100644 >index dcc47424fee944bae590d39abe62a2d5a8bf7974..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a redirected cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header."); >- jsTestIsAsync = true; >- >- function transferComplete() { >- if (xhr.responseText === "xhr") >- testFailed("Xhr succeeded."); >- else >- testFailed("Unknown xhr response: " + xhr.responseText); >- finishJSTest(); >- } >- >- function transferFailed() { >- testPassed("Xhr blocked. " + xhr.statusText); >- finishJSTest(); >- } >- >- var xhr = new XMLHttpRequest(); >- xhr.addEventListener("load", transferComplete); >- xhr.addEventListener("error", transferFailed); >- xhr.open("GET", "http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same"); >- xhr.send(); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/resources/fetch.php b/LayoutTests/http/tests/from-origin/resources/fetch.php >deleted file mode 100644 >index 12829cb806729832c7b937173a06fac8cd0ac28c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/fetch.php >+++ /dev/null >@@ -1,15 +0,0 @@ >-<?php >-if($_GET["fromOrigin"] == "same") { >- header("From-Origin: Same"); >-} elseif($_GET["fromOrigin"] == "same-site") { >- header("From-Origin: Same-Site"); >-} >- >-if (isset($_SERVER['HTTP_ORIGIN'])) { >- header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); >-} >-$data = '{ >- "Fetch": true >-}'; >-echo json_encode($data); >-?> >diff --git a/LayoutTests/http/tests/from-origin/resources/iframe.php b/LayoutTests/http/tests/from-origin/resources/iframe.php >deleted file mode 100644 >index dde4f0f9e7fac737ef3f68949bafe38ad72a0b2b..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/iframe.php >+++ /dev/null >@@ -1,8 +0,0 @@ >-<?php >-if($_GET["fromOrigin"] == "same") { >- header("From-Origin: Same"); >-} elseif($_GET["fromOrigin"] == "same-site") { >- header("From-Origin: Same-Site"); >-} >-?> >-<h3>The iframe</h3> >diff --git a/LayoutTests/http/tests/from-origin/resources/iframeIPAddressFetch.html b/LayoutTests/http/tests/from-origin/resources/iframeIPAddressFetch.html >deleted file mode 100644 >index 5478c7fe8d0a89052361a89899e7a21eb675c722..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/iframeIPAddressFetch.html >+++ /dev/null >@@ -1,29 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script> >- function fetchError() { >- top.postMessage("fetchError", "http://127.0.0.1:8000"); >- } >- >- function fetchSuccess() { >- top.postMessage("fetchSuccess", "http://127.0.0.1:8000"); >- } >- >- fetch("http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) { >- return response.json(); >- }).then(function(data) { >- const parsedData = JSON.parse(data); >- if (parsedData.Fetch) >- fetchSuccess(); >- else >- fetchError(); >- }).catch(function(error) { >- fetchError(); >- }); >- </script> >-</head> >-<body> >- <h3>The iframe making a 127.0.0.1 fetch call.</h3> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/resources/iframeLocalhostFetch.html b/LayoutTests/http/tests/from-origin/resources/iframeLocalhostFetch.html >deleted file mode 100644 >index 912443908af88ad7ea2f366117b75206f064519b..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/iframeLocalhostFetch.html >+++ /dev/null >@@ -1,29 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >-<script> >- function fetchError() { >- top.postMessage("fetchError", "http://127.0.0.1:8000"); >- } >- >- function fetchSuccess() { >- top.postMessage("fetchSuccess", "http://127.0.0.1:8000"); >- } >- >- fetch("http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) { >- return response.json(); >- }).then(function(data) { >- const parsedData = JSON.parse(data); >- if (parsedData.Fetch) >- fetchSuccess(); >- else >- fetchError(); >- }).catch(function(error) { >- fetchError(); >- }); >-</script> >-</head> >-<body> >- <h3>The iframe making a localhost fetch call.</h3> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/resources/image.php b/LayoutTests/http/tests/from-origin/resources/image.php >deleted file mode 100644 >index ccfe24919e5f3b33a7b1b58a02912b0f93b85381..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/image.php >+++ /dev/null >@@ -1,12 +0,0 @@ >-<?php >-if($_GET["fromOrigin"] == "same") { >- header("From-Origin: Same"); >-} elseif($_GET["fromOrigin"] == "same-site") { >- header("From-Origin: Same-Site"); >-} >-$fp = fopen("../../resources/square20.jpg", "rb"); >-header("Content-Type: image/jpeg"); >-header("Content-Length: " . filesize($name)); >-fpassthru($fp); >-exit; >-?> >\ No newline at end of file >diff --git a/LayoutTests/http/tests/from-origin/resources/nestedIPAddressIframe.html b/LayoutTests/http/tests/from-origin/resources/nestedIPAddressIframe.html >deleted file mode 100644 >index 203c14ad59a707a8c2fff40a5d87a33513d5bd74..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/nestedIPAddressIframe.html >+++ /dev/null >@@ -1,9 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >-</head> >-<body> >- <h3>The outer iframe, loading a nested 127.0.0.1 iframe.</h3> >- <iframe src="http://127.0.0.1:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/resources/nestedLocalhostIframe.html b/LayoutTests/http/tests/from-origin/resources/nestedLocalhostIframe.html >deleted file mode 100644 >index b8e05308d4f07769cf6b41525a3d16e6c3abc2c3..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/nestedLocalhostIframe.html >+++ /dev/null >@@ -1,9 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >-</head> >-<body> >- <h3>The outer iframe, loading a nested localhost iframe.</h3> >- <iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/resources/redirect.php b/LayoutTests/http/tests/from-origin/resources/redirect.php >deleted file mode 100644 >index 17abfd9a7d2157222ebfdbe0a5a810c5f9dffb3d..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/redirect.php >+++ /dev/null >@@ -1,5 +0,0 @@ >-<?php >-$redirectURL = $_GET["redirectTo"]; >-header('Location: ' . $redirectURL); >-die(); >-?> >diff --git a/LayoutTests/http/tests/from-origin/resources/script.php b/LayoutTests/http/tests/from-origin/resources/script.php >deleted file mode 100644 >index 9c81bb8185718bb40014d8342b54a1d32262d855..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/script.php >+++ /dev/null >@@ -1,10 +0,0 @@ >-<?php >-if($_GET["fromOrigin"] == "same") { >- header("From-Origin: Same"); >-} elseif($_GET["fromOrigin"] == "same-site") { >- header("From-Origin: Same-Site"); >-} >-?> >-var divElement = document.createElement("div"); >-divElement.textContent = "Created by JavaScript."; >-document.body.appendChild(divElement); >diff --git a/LayoutTests/http/tests/from-origin/resources/xhr.php b/LayoutTests/http/tests/from-origin/resources/xhr.php >deleted file mode 100644 >index 997f07ab88ac71c941b6fdcae9f2fa22a412b531..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/resources/xhr.php >+++ /dev/null >@@ -1,12 +0,0 @@ >-<?php >-if($_GET["fromOrigin"] == "same") { >- header("From-Origin: Same"); >-} elseif($_GET["fromOrigin"] == "same-site") { >- header("From-Origin: Same-Site"); >-} >- >-if (isset($_SERVER['HTTP_ORIGIN'])) { >- header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); >-} >-?> >-xhr >\ No newline at end of file >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 6e7d9da2b2f9f8d718b69825a91ff4500b084351..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,16 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Timeout fired without iframe onload event fired. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >- >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html >deleted file mode 100644 >index f9e125ed1ea65f7a3f50de310c3f9fb859b6f7f7..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html >+++ /dev/null >@@ -1,26 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed."); >- jsTestIsAsync = true; >- testRunner.dumpChildFramesAsText(); >- >- function iframeLoadError() { >- testPassed("Timeout fired without iframe onload event fired."); >- finishJSTest(); >- } >- >- function iframeLoadSuccess() { >- testFailed("Document load succeeded."); >- finishJSTest(); >- } >- >- setTimeout("iframeLoadError()", 500); >- </script> >-</head> >-<body> >-<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same" sandbox="" onload="iframeLoadSuccess()"></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 1d432aeaadf6a401aa20e3de9eb31c7242bf39af..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,22 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The outer iframe, loading a nested localhost iframe. >- >- >- >--------- >-Frame: '<!--frame2-->' >--------- >- >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html >deleted file mode 100644 >index c1cfc24cf3bb4303fc893b18d75a9cb2e862a64d..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedLocalhostIframe.html" sandbox=""></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 5b0746e36d725a67533a427788fad4cddfc97687..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,22 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a nested same-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >- >--------- >-Frame: '<!--frame1-->' >--------- >-The outer iframe, loading a nested 127.0.0.1 iframe. >- >- >- >--------- >-Frame: '<!--frame2-->' >--------- >- >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html >deleted file mode 100644 >index acc9eae9d412b512983ae7a054e616d4db37e2a6..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html >+++ /dev/null >@@ -1,13 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a nested same-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed."); >- testRunner.dumpChildFramesAsText(); >- </script> >-</head> >-<body> >-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedIPAddressIframe.html" sandbox=""></iframe> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index 8edf611a0493b3c29011205ec14af332cf3fbe58..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Script load succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >-Created by JavaScript. >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted.html >deleted file mode 100644 >index 932fe40c3638dd902e8e63ba47cea77227df0152..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function scriptLoadError() { >- testFailed("Timeout fired without script onload event fired."); >- finishJSTest(); >- } >- >- function scriptLoadSuccess() { >- testPassed("Script load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<script src="http://127.0.0.1:8000/from-origin/resources/script.php?fromOrigin=same" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index f4a46e32d7650d75add4648fd6d12cc48ff293d2..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >-Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Script load blocked >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked.html >deleted file mode 100644 >index 65f43851d87204d8cdaa1cea6be55f13215ab715..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function scriptLoadError() { >- testPassed("Script load blocked"); >- finishJSTest(); >- } >- >- function scriptLoadSuccess() { >- testFailed("Script load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<script src="http://localhost:8000/from-origin/resources/script.php?fromOrigin=same" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt >deleted file mode 100644 >index 4d5ed527b04f12ba722732de402b54a2bb613c42..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Script load succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >-Created by JavaScript. >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted.html >deleted file mode 100644 >index 7b02f4fd01df862112e033a8f1b6639cf269152c..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header."); >- jsTestIsAsync = true; >- >- function scriptLoadError() { >- testFailed("Timeout fired without script onload event fired."); >- finishJSTest(); >- } >- >- function scriptLoadSuccess() { >- testPassed("Script load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<script src="http://127.0.0.1:8000/from-origin/resources/script.php?fromOrigin=same-site" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt >deleted file mode 100644 >index 11e22a76b0d72c92d7f8403d4e7c62092d92e1b3..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >-Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Script load blocked >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked.html >deleted file mode 100644 >index d8d7e31fc930f5e7bd622b6453ce2a48209c0347..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked.html >+++ /dev/null >@@ -1,23 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same-site' response header."); >- jsTestIsAsync = true; >- >- function scriptLoadError() { >- testPassed("Script load blocked"); >- finishJSTest(); >- } >- >- function scriptLoadSuccess() { >- testFailed("Script load succeeded."); >- finishJSTest(); >- } >- </script> >-</head> >-<body> >-<script src="http://localhost:8000/from-origin/resources/script.php?fromOrigin=same-site" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index 6c235c39d5270f7921475c475f428d572053d71e..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin top frame document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Onload event fired. >-PASS successfullyParsed is true >- >-TEST COMPLETE >-The Document >diff --git a/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted.php b/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted.php >deleted file mode 100644 >index bfbcac478b70a96db2b9c054037848364bfdb19d..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted.php >+++ /dev/null >@@ -1,21 +0,0 @@ >-<?php >-header("From-Origin: Same"); >-?> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin top frame document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- testRunner.dumpChildFramesAsText(); >- >- function onloadFired() { >- testPassed("Onload event fired."); >- finishJSTest(); >- } >- </script> >-</head> >-<body onload="onloadFired()"> >-<h3>The Document</h3> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt >deleted file mode 100644 >index 703d74cd159520db8518bffc73f9bbcca3bf3ec4..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Xhr succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted.html >deleted file mode 100644 >index 74ad7ba4391e35823b630438bb3e54276d8860b0..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header."); >- jsTestIsAsync = true; >- >- function transferComplete() { >- if (xhr.responseText === "xhr") >- testPassed("Xhr succeeded."); >- else >- testFailed("Unknown xhr response: " + xhr.responseText); >- finishJSTest(); >- } >- >- function transferFailed() { >- testFailed("Xhr blocked. " + xhr.statusText); >- finishJSTest(); >- } >- >- var xhr = new XMLHttpRequest(); >- xhr.addEventListener("load", transferComplete); >- xhr.addEventListener("error", transferFailed); >- xhr.open("GET", "http://127.0.0.1:8000/from-origin/resources/xhr.php?fromOrigin=same"); >- xhr.send(); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt >deleted file mode 100644 >index 624cc4ce67b6bbe649f8307bdf0fe0319b751387..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same due to access control checks. >-Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Xhr blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked.html >deleted file mode 100644 >index e02e2edd3bd1183b3b8923e471414c8837bd802f..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header."); >- jsTestIsAsync = true; >- >- function transferComplete() { >- if (xhr.responseText === "xhr") >- testFailed("Xhr succeeded."); >- else >- testFailed("Unknown xhr response: " + xhr.responseText); >- finishJSTest(); >- } >- >- function transferFailed() { >- testPassed("Xhr blocked. " + xhr.statusText); >- finishJSTest(); >- } >- >- var xhr = new XMLHttpRequest(); >- xhr.addEventListener("load", transferComplete); >- xhr.addEventListener("error", transferFailed); >- xhr.open("GET", "http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same"); >- xhr.send(); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt >deleted file mode 100644 >index 0961b1723520b6253802b467445d7f0b93dc8361..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt >+++ /dev/null >@@ -1,10 +0,0 @@ >-Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Xhr succeeded. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted.html >deleted file mode 100644 >index 2adc562d4f07ce02023ecb56419c70f5ac00f3a9..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header."); >- jsTestIsAsync = true; >- >- function transferComplete() { >- if (xhr.responseText === "xhr") >- testPassed("Xhr succeeded."); >- else >- testFailed("Unknown xhr response: " + xhr.responseText); >- finishJSTest(); >- } >- >- function transferFailed() { >- testFailed("Xhr blocked. " + xhr.statusText); >- finishJSTest(); >- } >- >- var xhr = new XMLHttpRequest(); >- xhr.addEventListener("load", transferComplete); >- xhr.addEventListener("error", transferFailed); >- xhr.open("GET", "http://127.0.0.1:8000/from-origin/resources/xhr.php?fromOrigin=same-site"); >- xhr.send(); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt >deleted file mode 100644 >index c7beabbfc732e0c3612640ed0cf72542e651d84d..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt >+++ /dev/null >@@ -1,12 +0,0 @@ >-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same-site due to access control checks. >-Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header. >- >-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >- >- >-PASS Xhr blocked. >-PASS successfullyParsed is true >- >-TEST COMPLETE >- >diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked.html >deleted file mode 100644 >index 72871879ff85f6ece1bcd0ed8dd8b2fc0d4f383a..0000000000000000000000000000000000000000 >--- a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked.html >+++ /dev/null >@@ -1,31 +0,0 @@ >-<!DOCTYPE html> >-<html> >-<head> >- <script src="/js-test-resources/js-test.js"></script> >- <script> >- description("Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header."); >- jsTestIsAsync = true; >- >- function transferComplete() { >- if (xhr.responseText === "xhr") >- testFailed("Xhr succeeded."); >- else >- testFailed("Unknown xhr response: " + xhr.responseText); >- finishJSTest(); >- } >- >- function transferFailed() { >- testPassed("Xhr blocked. " + xhr.statusText); >- finishJSTest(); >- } >- >- var xhr = new XMLHttpRequest(); >- xhr.addEventListener("load", transferComplete); >- xhr.addEventListener("error", transferFailed); >- xhr.open("GET", "http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same-site"); >- xhr.send(); >- </script> >-</head> >-<body> >-</body> >-</html> >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/fetch-expected.txt b/LayoutTests/http/wpt/cross-origin-read-policy/fetch-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..900cddeaea679b1d2aeda4cf7075073a9b8467a1 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/fetch-expected.txt >@@ -0,0 +1,26 @@ >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same due to access control checks. >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same-site due to access control checks. >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/WebKit/cross-origin-read-policy/resources/hello.py?corp=same due to access control checks. >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8801/WebKit/cross-origin-read-policy/resources/hello.py?corp=same due to access control checks. >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same due to access control checks. >+CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same denied by Cross-Origin Resource Sharing policy: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same due to access control checks. >+ >+PASS same-origin fetch with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a redirection. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a cross-origin redirection. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' redirect response header. >+ >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/fetch-in-iframe-expected.txt b/LayoutTests/http/wpt/cross-origin-read-policy/fetch-in-iframe-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..4e9cdfa63bd2a80a4f9144b2cf1d2a7eb8f1d022 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/fetch-in-iframe-expected.txt >@@ -0,0 +1,11 @@ >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same due to access control checks. >+CONSOLE MESSAGE: line 7: http://localhost:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same due to access control checks. >+CONSOLE MESSAGE: line 7: http://127.0.0.1:8800/WebKit/cross-origin-read-policy/resources/hello.py?corp=same >+ >+PASS Tests that a cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Tests that a cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Tests that a same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header. >+ >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/fetch-in-iframe.html b/LayoutTests/http/wpt/cross-origin-read-policy/fetch-in-iframe.html >new file mode 100644 >index 0000000000000000000000000000000000000000..93c6505d02a9deb068738edbce2d10c8b8d0e5da >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/fetch-in-iframe.html >@@ -0,0 +1,59 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <script> >+const host = get_host_info(); >+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+ >+function with_iframe(url) >+{ >+ return new Promise(function(resolve) { >+ var frame = document.createElement('iframe'); >+ frame.src = url; >+ frame.onload = function() { resolve(frame); }; >+ document.body.appendChild(frame); >+ }); >+} >+ >+function loadIFrameAndFetch(iframeURL, fetchURL, expectedFetchResult) >+{ >+ promise_test(async () => { >+ const frame = await with_iframe(iframeURL); >+ let receiveMessage; >+ const promise = new Promise((resolve, reject) => { >+ receiveMessage = (event) => { >+ if (event.data !== expectedFetchResult) { >+ reject("Received unexpected message " + event.data); >+ return; >+ } >+ resolve(); >+ } >+ window.addEventListener("message", receiveMessage, false); >+ }); >+ frame.contentWindow.postMessage(fetchURL, "*"); >+ return promise.finally(() => { >+ frame.remove(); >+ window.removeEventListener("message", receiveMessage, false); >+ }); >+ }, title); >+} >+ >+title = "Tests that a cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadIFrameAndFetch("data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ+CiAgICAgICAgZnVuY3Rpb24gcHJvY2Vzc01lc3NhZ2UoZXZlbnQpCiAgICAgICAgewogICAgICAgICAgICBmZXRjaChldmVudC5kYXRhLCB7IG1vZGU6ICJuby1jb3JzIiB9KS50aGVuKCgpID0+IHsKICAgICAgICAgICAgICAgIHBhcmVudC5wb3N0TWVzc2FnZSgib2siLCAiKiIpOwogICAgICAgICAgICB9LCAoKSA9PiB7CiAgICAgICAgICAgICAgICBwYXJlbnQucG9zdE1lc3NhZ2UoImtvIiwgIioiKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgcHJvY2Vzc01lc3NhZ2UsIGZhbHNlKTsKICAgIDwvc2NyaXB0Pgo8L2hlYWQ+Cjxib2R5PgogICAgPGgzPlRoZSBpZnJhbWUgbWFraW5nIGEgc2FtZSBvcmlnaW4gZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk+CjwvaHRtbD4K", >+ localBaseURL + "resources/hello.py?corp=same", "ko"); >+// This above data URL should be equivalent to resources/iframeFetch.html >+ >+title = "Tests that a cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", localBaseURL + "resources/hello.py?corp=same", "ko"); >+ >+title = "Tests that a same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", remoteBaseURL + "resources/hello.py?corp=same", "ok"); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/fetch.html b/LayoutTests/http/wpt/cross-origin-read-policy/fetch.html >new file mode 100644 >index 0000000000000000000000000000000000000000..19ae7ee53063686dbbf9aeb5302a77be0bf2fa96 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/fetch.html >@@ -0,0 +1,83 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <script> >+const host = get_host_info(); >+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const remoteSameSiteBaseURL = "http://" + host.ORIGINAL_HOST + ":" + host.HTTP_PORT2 + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const httpsBaseURL = host.HTTPS_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+ >+promise_test(async () => { >+ const response = await fetch("./resources/hello.py?corp=same"); >+ assert_equals(await response.text(), "hello"); >+}, "same-origin fetch with a 'Cross-Origin-Resource-Policy: same' response header."); >+ >+promise_test(async () => { >+ const response = await fetch("./resources/hello.py?corp=same-site"); >+ assert_equals(await response.text(), "hello"); >+}, "same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test(async (test) => { >+ const response = await fetch(remoteBaseURL + "resources/hello.py?corp=same"); >+ assert_equals(await response.text(), "hello"); >+}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same' response header."); >+ >+promise_test(async (test) => { >+ const response = await fetch(remoteBaseURL + "resources/hello.py?corp=same-site"); >+ assert_equals(await response.text(), "hello"); >+}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const remoteURL = remoteBaseURL + "resources/hello.py?corp=same"; >+ return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header."); >+ >+promise_test((test) => { >+ const remoteURL = remoteBaseURL + "resources/hello.py?corp=same-site"; >+ return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site"; >+ return fetch(remoteURL, { mode: "no-cors" }); >+}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const remoteURL = httpsBaseURL + "resources/hello.py?corp=same"; >+ return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" })); >+}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same' response header."); >+ >+promise_test(async (test) => { >+ const remoteSameSiteURL = remoteSameSiteBaseURL + "resources/hello.py?corp=same-site"; >+ >+ await fetch(remoteSameSiteURL, { mode: "no-cors" }); >+ >+ return promise_rejects(test, new TypeError, fetch(remoteSameSiteBaseURL + "resources/hello.py?corp=same", { mode: "no-cors" })); >+}, "Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const finalURL = remoteBaseURL + "resources/hello.py?corp=same"; >+ return promise_rejects(test, new TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a redirection."); >+ >+promise_test((test) => { >+ const finalURL = localBaseURL + "resources/hello.py?corp=same"; >+ return fetch(remoteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a cross-origin redirection."); >+ >+promise_test(async (test) => { >+ const finalURL = localBaseURL + "resources/hello.py?corp=same"; >+ >+ await fetch(finalURL, { mode: "no-cors" }); >+ >+ return promise_rejects(test, new TypeError, fetch(remoteBaseURL + "resources/redirect.py?corp=same&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' redirect response header."); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/iframe-loads-expected.txt b/LayoutTests/http/wpt/cross-origin-read-policy/iframe-loads-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..1a10d9a346e0d5df1681a13784f802a0e8bb43d8 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/iframe-loads-expected.txt >@@ -0,0 +1,5 @@ >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-read-policy/resources/iframe.py?corp=same due to access control checks. >+ >+PASS Load an iframe that has Cross-Origin-Resource-Policy header >+ >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/iframe-loads.html b/LayoutTests/http/wpt/cross-origin-read-policy/iframe-loads.html >new file mode 100644 >index 0000000000000000000000000000000000000000..6e2da39ebc7d7a1efc30971d2848075d9054e387 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/iframe-loads.html >@@ -0,0 +1,46 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <script> >+const host = get_host_info(); >+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+ >+function with_iframe(url) { >+ return new Promise(function(resolve) { >+ var frame = document.createElement('iframe'); >+ frame.src = url; >+ frame.onload = function() { resolve(frame); }; >+ document.body.appendChild(frame); >+ }); >+} >+ >+promise_test(async() => { >+ const url = remoteBaseURL + "resources/iframe.py?corp=same"; >+ >+ await new Promise((resolve, reject) => { >+ return fetch(url, { mode: "no-cors" }).then(reject, resolve); >+ }); >+ >+ const iframe = await with_iframe(url); >+ return new Promise((resolve, reject) => { >+ window.addEventListener("message", (event) => { >+ if (event.data !== "pong") { >+ reject(event.data); >+ return; >+ } >+ resolve(); >+ }, false); >+ iframe.contentWindow.postMessage("ping", "*"); >+ }).finally(() => { >+ iframe.remove(); >+ }); >+}, "Load an iframe that has Cross-Origin-Resource-Policy header"); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/image-loads-expected.txt b/LayoutTests/http/wpt/cross-origin-read-policy/image-loads-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..42fc89daff63a8977269b84e806a6b57411cbfba >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/image-loads-expected.txt >@@ -0,0 +1,12 @@ >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/WebKit/cross-origin-read-policy/resources/image.py?corp=same&acao=* due to access control checks. >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/WebKit/cross-origin-read-policy/resources/image.py?corp=same-site&acao=* due to access control checks. >+ >+PASS same-origin image load with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+ >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/image-loads.html b/LayoutTests/http/wpt/cross-origin-read-policy/image-loads.html >new file mode 100644 >index 0000000000000000000000000000000000000000..e32fca6017c60db3251193d19130d648992f1e01 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/image-loads.html >@@ -0,0 +1,52 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <div id="testDiv"></div> >+ <script> >+const host = get_host_info(); >+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const ok = true; >+const ko = false; >+ >+function loadImage(url, shoudLoad, corsMode) >+{ >+ promise_test(() => { >+ const img = new Image(); >+ if (corsMode) >+ img.crossOrigin = corsMode; >+ img.src = url; >+ return new Promise((resolve, reject) => { >+ img.onload = shoudLoad ? resolve : reject; >+ img.onerror = shoudLoad ? reject : resolve; >+ testDiv.appendChild(img); >+ }).finally(() => { >+ testDiv.innerHTML = ""; >+ }); >+ }, title) >+} >+ >+title = "same-origin image load with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadImage("./resources/image.py?corp=same", ok); >+ >+title = "same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header."; >+loadImage("./resources/image.py?corp=same-site", ok); >+ >+title = "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadImage(remoteBaseURL + "resources/image.py?corp=same&acao=*", ok, "anonymous"); >+ >+title = "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header."; >+loadImage(remoteBaseURL + "resources/image.py?corp=same-site&acao=*", ok, "anonymous"); >+ >+title = "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadImage(remoteBaseURL + "resources/image.py?corp=same&acao=*", ko); >+ >+title = "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header."; >+loadImage(remoteBaseURL + "resources/image.py?corp=same-site&acao=*", ko); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/resources/green.png b/LayoutTests/http/wpt/cross-origin-read-policy/resources/green.png >new file mode 100644 >index 0000000000000000000000000000000000000000..28a1faab37797ef39454aa1deac1b470712f7be4 >GIT binary patch >literal 87 >zcmeAS@N?(olHy`uVBq!ia0vp^DL`z*$P6SW{C@KnNHGWagt#*NXE2F7umZ^C_jGX# >j(GX2ekYHV$kio>jw1<IF`tIWiKq&@KS3j3^P6<r_F*+3V > >literal 0 >HcmV?d00001 > >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/resources/hello.py b/LayoutTests/http/wpt/cross-origin-read-policy/resources/hello.py >new file mode 100644 >index 0000000000000000000000000000000000000000..2b7cb6c6fc9fa99cfbba33a4dc456770ca2709ba >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/resources/hello.py >@@ -0,0 +1,6 @@ >+def main(request, response): >+ headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])] >+ if 'origin' in request.headers: >+ headers.append(('Access-Control-Allow-Origin', request.headers['origin'])) >+ >+ return 200, headers, "hello" >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/resources/iframe.py b/LayoutTests/http/wpt/cross-origin-read-policy/resources/iframe.py >new file mode 100644 >index 0000000000000000000000000000000000000000..5872842c673ba5fc10ce0aefbab1c114ccaaa56a >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/resources/iframe.py >@@ -0,0 +1,5 @@ >+def main(request, response): >+ headers = [("Content-Type", "text/html"), >+ ("Cross-Origin-Resource-Policy", request.GET['corp'])] >+ return 200, headers, "<body><h3>The iframe</h3><script>window.onmessage = () => { parent.postMessage('pong', '*'); }</script></body>" >+ >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/resources/iframeFetch.html b/LayoutTests/http/wpt/cross-origin-read-policy/resources/iframeFetch.html >new file mode 100644 >index 0000000000000000000000000000000000000000..7121f1f4a71b70abb1e9c66f689e3720007c7748 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/resources/iframeFetch.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script> >+ function processMessage(event) >+ { >+ console.log(event.data); >+ fetch(event.data, { mode: "no-cors" }).then(() => { >+ parent.postMessage("ok", "*"); >+ }, () => { >+ parent.postMessage("ko", "*"); >+ }); >+ } >+ window.addEventListener("message", processMessage, false); >+ </script> >+</head> >+<body> >+ <h3>The iframe making a same origin fetch call.</h3> >+</body> >+</html> >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/resources/image.py b/LayoutTests/http/wpt/cross-origin-read-policy/resources/image.py >new file mode 100644 >index 0000000000000000000000000000000000000000..ba6198135a2aad55767397af46dc9dce3c3ac703 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/resources/image.py >@@ -0,0 +1,21 @@ >+import os.path >+ >+def main(request, response): >+ type = request.GET.first("type", None) >+ >+ body = open(os.path.join(os.path.dirname(__file__), "green.png"), "rb").read() >+ >+ response.add_required_headers = False >+ response.writer.write_status(200) >+ >+ if 'corp' in request.GET: >+ response.writer.write_header("cross-origin-resource-policy", request.GET['corp']) >+ if 'acao' in request.GET: >+ response.writer.write_header("access-control-allow-origin", request.GET['acao']) >+ response.writer.write_header("content-length", len(body)) >+ if(type != None): >+ response.writer.write_header("content-type", type) >+ response.writer.end_headers() >+ >+ response.writer.write(body) >+ >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/resources/redirect.py b/LayoutTests/http/wpt/cross-origin-read-policy/resources/redirect.py >new file mode 100644 >index 0000000000000000000000000000000000000000..73793b074272e90226da3919bd3dab95b8173d38 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/resources/redirect.py >@@ -0,0 +1,6 @@ >+def main(request, response): >+ headers = [("Location", request.GET['redirectTo'])] >+ if 'corp' in request.GET: >+ headers.append(('Cross-Origin-Resource-Policy', request.GET['corp'])) >+ >+ return 302, headers, "" >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/resources/script.py b/LayoutTests/http/wpt/cross-origin-read-policy/resources/script.py >new file mode 100644 >index 0000000000000000000000000000000000000000..c9bd6b9c9ee8610de543b756591500de852d6755 >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/resources/script.py >@@ -0,0 +1,6 @@ >+def main(request, response): >+ headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])] >+ if 'origin' in request.headers: >+ headers.append(('Access-Control-Allow-Origin', request.headers['origin'])) >+ >+ return 200, headers, "" >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/script-loads-expected.txt b/LayoutTests/http/wpt/cross-origin-read-policy/script-loads-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..904267ac1cb1d2e453624176f6f43454ab6b2dea >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/script-loads-expected.txt >@@ -0,0 +1,12 @@ >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >+CONSOLE MESSAGE: Cancelled load because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >+ >+PASS same-origin script load with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same' response header. >+PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+ >diff --git a/LayoutTests/http/wpt/cross-origin-read-policy/script-loads.html b/LayoutTests/http/wpt/cross-origin-read-policy/script-loads.html >new file mode 100644 >index 0000000000000000000000000000000000000000..36776dcce1d8520b62037ee5d8ebbf7619cd9fce >--- /dev/null >+++ b/LayoutTests/http/wpt/cross-origin-read-policy/script-loads.html >@@ -0,0 +1,50 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <div id="testDiv"></div> >+ <script> >+const host = get_host_info(); >+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const ok = true; >+const ko = false; >+ >+function loadScript(url, shoudLoad, corsMode) >+{ >+ promise_test(() => { >+ const script = document.createElement("script"); >+ if (corsMode) >+ script.crossOrigin = corsMode; >+ script.src = url; >+ return new Promise((resolve, reject) => { >+ script.onload = shoudLoad ? resolve : reject; >+ script.onerror = shoudLoad ? reject : resolve; >+ testDiv.appendChild(script); >+ }); >+ }, title); >+} >+ >+title = "same-origin script load with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadScript("./resources/script.py?corp=same", ok); >+ >+title = "same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header."; >+loadScript("./resources/script.py?corp=same-site", ok); >+ >+title = "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadScript(remoteBaseURL + "resources/script.py?corp=same&acao=*", ok, "anonymous"); >+ >+title = "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header."; >+loadScript(remoteBaseURL + "resources/script.py?corp=same-site&acao=*", ok, "anonymous"); >+ >+title = "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same' response header."; >+loadScript(remoteBaseURL + "resources/script.py?corp=same&acao=*", ko); >+ >+title = "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header."; >+loadScript(remoteBaseURL + "resources/script.py?corp=same-site&acao=*", ko); >+ </script> >+</body> >+</html>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340927">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185840
:
340906
|
340927
|
340932
|
340933
|
340935
|
340943
|
340946
|
340966
|
341151
|
341156
|
341158
|
341165
|
341171
|
341174
|
341196
|
341212
|
341316
|
341319
|
341336