Attachment 341776 Details for Bug 186202 – For EWS

[patch] For EWS

bug-186202-20180601120214.patch (text/plain), 5.30 KB, created by Daniel Bates on 2018-06-01 12:02:40 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Bates

Created: 2018-06-01 12:02:40 PDT

Size: 5.30 KB

patch

obsolete

>Subversion Revision: 232364
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index 116758731de314f9ee91c3894183e9e2dff7c63b..50822c08fd4cd22586b2d59a69327beb55e9ca9f 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,17 @@
>+2018-06-01  Daniel Bates  <dabates@apple.com>
>+
>+        [QuickLook] Add a test to ensure that a same-origin XHR for a non-existent QuickLook attachment is allowed
>+        https://bugs.webkit.org/show_bug.cgi?id=186202
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Following r231107 this test fails in WebKit2 with a "Blocked by Content Security Policy" error.
>+
>+        * http/tests/quicklook/resources/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.rtf: Added.
>+        * http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt: Added.
>+        * http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.html: Added.
>+        * platform/ios-simulator-wk2/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt: Added.
>+
> 2018-05-31  Chris Dumez  <cdumez@apple.com>
> 
>         Update http/wpt/service-workers/header-filtering.https.html to use a valid Referrer-Policy
>diff --git a/LayoutTests/http/tests/quicklook/resources/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.rtf b/LayoutTests/http/tests/quicklook/resources/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.rtf
>new file mode 100644
>index 0000000000000000000000000000000000000000..fe7f81ebc625b4f050a62bba6fadb52b4320dd8e
>--- /dev/null
>+++ b/LayoutTests/http/tests/quicklook/resources/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.rtf
>@@ -0,0 +1,11 @@
>+{\rtf1\ansi\ansicpg1252\cocoartf1639\cocoasubrtf120
>+{\fonttbl\f0\fmodern\fcharset0 Courier;\f1\froman\fcharset0 TimesNewRomanPSMT;}
>+{\colortbl;\red255\green255\blue255;}
>+{\*\expandedcolortbl;;}
>+\margl0\margr0\margb0\margt0\vieww14040\viewh17640\viewkind1
>+\deftab720
>+\pard\pardeftab720\ri0\partightenfactor0
>+{\field{\*\fldinst{HYPERLINK "javascript:(function%20()%20%7B%20function%20logMessageAndDone(message)%20%7B%20console.log(message);%20window.testRunner%20&&%20window.testRunner.notifyDone();%20%7D;%20var%20xhr%20=%20new%20XMLHttpRequest;%20xhr.onload%20=%20()%20=%3E%20logMessageAndDone(%22PASS:%20XMLHttpRequest%20allowed.%22);%20xhr.onerror%20=%20()%20=%3E%20logMessageAndDone(%22FAIL:%20XMLHttpRequest%20blocked.%22);%20xhr.open(%22GET%22,%20document.origin%20+%20%22/x-apple-ql-magic/non-existent-quicklook-attachment.rtf%22);%20xhr.send();%20%7D)();"}}{\fldrslt 
>+\f0\fs36 \cf0 \ul \ulc0 Run test}}
>+\f1\fs22 \
>+}
>\ No newline at end of file
>diff --git a/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt b/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt
>new file mode 100644
>index 0000000000000000000000000000000000000000..00ee55dc3d569626e1ae8cdfa28c8bb67080fd91
>--- /dev/null
>+++ b/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt
>@@ -0,0 +1,7 @@
>+CONSOLE MESSAGE: line 1: PASS: XMLHttpRequest allowed.
>+
>+
>+--------
>+Frame: ''
>+--------
>+Run test
>diff --git a/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.html b/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.html
>new file mode 100644
>index 0000000000000000000000000000000000000000..6dbc9d211fdded504f6df6b4c1d8781dec99c0fa
>--- /dev/null
>+++ b/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.html
>@@ -0,0 +1,17 @@
>+<!DOCTYPE html>
>+<html>
>+<head>
>+<script src="/js-test-resources/ui-helper.js"></script>
>+<script src="resources/tap-run-test-hyperlink.js"></script>
>+<script>
>+if (window.testRunner) {
>+    testRunner.dumpAsText();
>+    testRunner.dumpChildFramesAsText();
>+    testRunner.waitUntilDone();
>+}
>+</script>
>+</head>
>+<body>
>+<iframe src="resources/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment.rtf" onload="runTest(this, 8 /* offsetInFrame */, true /* runAsync */)"></iframe>
>+</body>
>+</html>
>diff --git a/LayoutTests/platform/ios-simulator-wk2/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt b/LayoutTests/platform/ios-simulator-wk2/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt
>new file mode 100644
>index 0000000000000000000000000000000000000000..da952746c6305876163d28e7f2fa12212d679094
>--- /dev/null
>+++ b/LayoutTests/platform/ios-simulator-wk2/http/tests/quicklook/same-origin-xmlhttprequest-allowed-to-non-existent-quicklook-attachment-expected.txt
>@@ -0,0 +1,10 @@
>+CONSOLE MESSAGE: Refused to connect to about: because it appears in neither the connect-src directive nor the default-src directive of the Content Security Policy.
>+CONSOLE MESSAGE: Blocked by Content Security Policy.
>+CONSOLE MESSAGE: XMLHttpRequest cannot load about: due to access control checks.
>+CONSOLE MESSAGE: line 1: FAIL: XMLHttpRequest blocked.
>+
>+
>+--------
>+Frame: ''
>+--------
>+Run test

Flags:

bfulgham: review+

Actions: View | Formatted Diff | Diff

Attachments on bug 186202: 341776