WebKit Bugzilla
Attachment 343563 Details for
Bug 187027
: Import wpt CORP tests
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-187027-20180625171642.patch (text/plain), 54.99 KB, created by
youenn fablet
on 2018-06-25 17:16:43 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-06-25 17:16:43 PDT
Size:
54.99 KB
patch
obsolete
>Subversion Revision: 233130 >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 588d58a293742d0149e8c4abf39609445a095873..3778b77a192dfcbfc3656c83e9609758cd971b84 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,16 @@ >+2018-06-25 Youenn Fablet <youenn@apple.com> >+ >+ Import wpt CORP tests >+ https://bugs.webkit.org/show_bug.cgi?id=187027 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Skipping tests for WK1. >+ >+ * platform/ios-wk1/TestExpectations: >+ * platform/mac-wk1/TestExpectations: >+ * platform/win/TestExpectations: >+ > 2018-06-23 Youenn Fablet <youenn@apple.com> > > Add API to control mock media devices >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index b89b82b4fe2ca509fe5435769ef463d3594af696..12f8e3c99d26fef10c638e4958e524c48bc662f5 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,50 @@ >+2018-06-25 Youenn Fablet <youenn@apple.com> >+ >+ Import wpt CORP tests >+ https://bugs.webkit.org/show_bug.cgi?id=187027 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * web-platform-tests/common/get-host-info.sub.js: >+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/image-loads-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/image-loads.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/green.png: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/hello.py: Added. >+ (main): >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/iframe.py: Added. >+ (main): >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/image.py: Added. >+ (main): >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/redirect.py: Added. >+ (main): >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/script.py: Added. >+ (main): >+ * web-platform-tests/fetch/cross-origin-resource-policy/resources/w3c-import.log: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js: Added. >+ (promise_test.t.return.new.Promise): >+ (promise_test.t.finally): >+ * web-platform-tests/fetch/cross-origin-resource-policy/script-loads-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/script-loads.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.js: Added. >+ (string_appeared_here.forEach.incorrectHeaderValue.promise_test.t.return.fetch.crossOriginURL.encodeURIComponent): >+ * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker.html: Added. >+ * web-platform-tests/fetch/cross-origin-resource-policy/w3c-import.log: Added. >+ > 2018-06-19 Youenn Fablet <youenn@apple.com> > > RTCRtpSender.replaceTrack(null) ends current track >diff --git a/LayoutTests/imported/w3c/web-platform-tests/common/get-host-info.sub.js b/LayoutTests/imported/w3c/web-platform-tests/common/get-host-info.sub.js >index c0ad19bc7a3ad24652ab03630963b8b6244ee1a9..35acad33a8fa424bcfe59f6536cd6f72de87502e 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/common/get-host-info.sub.js >+++ b/LayoutTests/imported/w3c/web-platform-tests/common/get-host-info.sub.js >@@ -6,6 +6,7 @@ function get_host_info() { > var ORIGINAL_HOST = '{{host}}'; > var REMOTE_HOST = (ORIGINAL_HOST === 'localhost') ? '127.0.0.1' : ('www1.' + ORIGINAL_HOST); > var OTHER_HOST = '{{domains[www2]}}'; >+ var NOTSAMESITE_HOST = (ORIGINAL_HOST === 'localhost') ? '127.0.0.1' : ('not-' + ORIGINAL_HOST); > > return { > HTTP_PORT: HTTP_PORT, >@@ -19,6 +20,7 @@ function get_host_info() { > HTTPS_ORIGIN_WITH_CREDS: 'https://foo:bar@' + ORIGINAL_HOST + ':' + HTTPS_PORT, > HTTP_ORIGIN_WITH_DIFFERENT_PORT: 'http://' + ORIGINAL_HOST + ':' + HTTP_PORT2, > HTTP_REMOTE_ORIGIN: 'http://' + REMOTE_HOST + ':' + HTTP_PORT, >+ HTTP_NOTSAMESITE_ORIGIN: 'http://' + NOTSAMESITE_HOST + ':' + HTTP_PORT, > HTTP_REMOTE_ORIGIN_WITH_DIFFERENT_PORT: 'http://' + REMOTE_HOST + ':' + HTTP_PORT2, > HTTPS_REMOTE_ORIGIN: 'https://' + REMOTE_HOST + ':' + HTTPS_PORT, > HTTPS_REMOTE_ORIGIN_WITH_CREDS: 'https://foo:bar@' + REMOTE_HOST + ':' + HTTPS_PORT, >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..edd9452ecf9367e6458d13334a947db02a91ed17 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-expected.txt >@@ -0,0 +1,26 @@ >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks. >+CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://localhost:8801/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8801/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks. >+CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin denied by Cross-Origin Resource Sharing policy: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/redirect.py?corp=same-origin&redirectTo=http%3A%2F%2Flocalhost%3A8800%2Ffetch%2Fcross-origin-resource-policy%2Fresources%2Fhello.py%3Fcorp%3Dsame-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/redirect.py?corp=same-origin&redirectTo=http%3A%2F%2Flocalhost%3A8800%2Ffetch%2Fcross-origin-resource-policy%2Fresources%2Fhello.py%3Fcorp%3Dsame-origin due to access control checks. >+ >+PASS Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection. >+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header. >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..373ab035a8147bae1ad919b826d2bb4a207b9efe >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe-expected.txt >@@ -0,0 +1,15 @@ >+CONSOLE MESSAGE: Cancelled load to http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks. >+ >+PASS Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html >new file mode 100644 >index 0000000000000000000000000000000000000000..cc6a3a81bcf4cbabfec265a1874442f53e7d8a30 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html >@@ -0,0 +1,67 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <script> >+const host = get_host_info(); >+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+ >+function with_iframe(url) >+{ >+ return new Promise(function(resolve) { >+ var frame = document.createElement('iframe'); >+ frame.src = url; >+ frame.onload = function() { resolve(frame); }; >+ document.body.appendChild(frame); >+ }); >+} >+ >+function loadIFrameAndFetch(iframeURL, fetchURL, expectedFetchResult, title) >+{ >+ promise_test(async () => { >+ const frame = await with_iframe(iframeURL); >+ let receiveMessage; >+ const promise = new Promise((resolve, reject) => { >+ receiveMessage = (event) => { >+ if (event.data !== expectedFetchResult) { >+ reject("Received unexpected message " + event.data); >+ return; >+ } >+ resolve(); >+ } >+ window.addEventListener("message", receiveMessage, false); >+ }); >+ frame.contentWindow.postMessage(fetchURL, "*"); >+ return promise.finally(() => { >+ frame.remove(); >+ window.removeEventListener("message", receiveMessage, false); >+ }); >+ }, title); >+} >+ >+// This above data URL should be equivalent to resources/iframeFetch.html >+var dataIFrameURL = "data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ+CiAgICAgICAgZnVuY3Rpb24gcHJvY2Vzc01lc3NhZ2UoZXZlbnQpCiAgICAgICAgewogICAgICAgICAgICBmZXRjaChldmVudC5kYXRhLCB7IG1vZGU6ICJuby1jb3JzIiB9KS50aGVuKCgpID0+IHsKICAgICAgICAgICAgICAgIHBhcmVudC5wb3N0TWVzc2FnZSgib2siLCAiKiIpOwogICAgICAgICAgICB9LCAoKSA9PiB7CiAgICAgICAgICAgICAgICBwYXJlbnQucG9zdE1lc3NhZ2UoImtvIiwgIioiKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgcHJvY2Vzc01lc3NhZ2UsIGZhbHNlKTsKICAgIDwvc2NyaXB0Pgo8L2hlYWQ+Cjxib2R5PgogICAgPGgzPlRoZSBpZnJhbWUgbWFraW5nIGEgc2FtZSBvcmlnaW4gZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk+CjwvaHRtbD4K"; >+ >+loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same-origin", "ko", >+ "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same-site", "ko", >+ "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", localBaseURL + "resources/hello.py?corp=same-origin", "ko", >+ "Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadIFrameAndFetch(notSameSiteBaseURL + "resources/iframeFetch.html", localBaseURL + "resources/hello.py?corp=same-site", "ko", >+ "Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", remoteBaseURL + "resources/hello.py?corp=same-origin", "ok", >+ "Same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.html >new file mode 100644 >index 0000000000000000000000000000000000000000..7cf8d60050aa7b634a92ec3831c30820a634ff44 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.html >@@ -0,0 +1,83 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <script> >+const host = get_host_info(); >+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const sameSiteBaseURL = "http://" + host.ORIGINAL_HOST + ":" + host.HTTP_PORT2 + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const httpsBaseURL = host.HTTPS_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+ >+promise_test(async () => { >+ const response = await fetch("./resources/hello.py?corp=same-origin"); >+ assert_equals(await response.text(), "hello"); >+}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+promise_test(async () => { >+ const response = await fetch("./resources/hello.py?corp=same-site"); >+ assert_equals(await response.text(), "hello"); >+}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test(async (test) => { >+ const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-origin"); >+ assert_equals(await response.text(), "hello"); >+}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+promise_test(async (test) => { >+ const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-site"); >+ assert_equals(await response.text(), "hello"); >+}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin"; >+ return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+promise_test((test) => { >+ const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-site"; >+ return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site"; >+ return fetch(remoteURL, { mode: "no-cors" }); >+}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-origin"; >+ return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" })); >+}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+promise_test(async (test) => { >+ const remoteSameSiteURL = sameSiteBaseURL + "resources/hello.py?corp=same-site"; >+ >+ await fetch(remoteSameSiteURL, { mode: "no-cors" }); >+ >+ return promise_rejects(test, new TypeError, fetch(sameSiteBaseURL + "resources/hello.py?corp=same-origin", { mode: "no-cors" })); >+}, "Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+promise_test((test) => { >+ const finalURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin"; >+ return promise_rejects(test, new TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection."); >+ >+promise_test((test) => { >+ const finalURL = localBaseURL + "resources/hello.py?corp=same-origin"; >+ return fetch(notSameSiteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection."); >+ >+promise_test(async (test) => { >+ const finalURL = localBaseURL + "resources/hello.py?corp=same-origin"; >+ >+ await fetch(finalURL, { mode: "no-cors" }); >+ >+ return promise_rejects(test, new TypeError, fetch(notSameSiteBaseURL + "resources/redirect.py?corp=same-origin&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" })); >+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header."); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..ccb2e1ff75d66687eab1e5e115a88a80402272a3 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads-expected.txt >@@ -0,0 +1,5 @@ >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/iframe.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/iframe.py?corp=same-origin due to access control checks. >+ >+PASS Load an iframe that has Cross-Origin-Resource-Policy header >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads.html >new file mode 100644 >index 0000000000000000000000000000000000000000..63902c302b7ce6cb5a3f0fb126be2a56a830f42b >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads.html >@@ -0,0 +1,46 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <script> >+const host = get_host_info(); >+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+ >+function with_iframe(url) { >+ return new Promise(function(resolve) { >+ var frame = document.createElement('iframe'); >+ frame.src = url; >+ frame.onload = function() { resolve(frame); }; >+ document.body.appendChild(frame); >+ }); >+} >+ >+promise_test(async() => { >+ const url = remoteBaseURL + "resources/iframe.py?corp=same-origin"; >+ >+ await new Promise((resolve, reject) => { >+ return fetch(url, { mode: "no-cors" }).then(reject, resolve); >+ }); >+ >+ const iframe = await with_iframe(url); >+ return new Promise((resolve, reject) => { >+ window.addEventListener("message", (event) => { >+ if (event.data !== "pong") { >+ reject(event.data); >+ return; >+ } >+ resolve(); >+ }, false); >+ iframe.contentWindow.postMessage("ping", "*"); >+ }).finally(() => { >+ iframe.remove(); >+ }); >+}, "Load an iframe that has Cross-Origin-Resource-Policy header"); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/image-loads-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/image-loads-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..caab6773907162270ed14c849c8cf5c59f714e76 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/image-loads-expected.txt >@@ -0,0 +1,12 @@ >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/image.py?corp=same-origin&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/image.py?corp=same-origin&acao=* due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site&acao=* due to access control checks. >+ >+PASS Same-origin image load with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/image-loads.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/image-loads.html >new file mode 100644 >index 0000000000000000000000000000000000000000..8a0458f107abdf2b7d6664fb8194e6b4b0222989 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/image-loads.html >@@ -0,0 +1,53 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <div id="testDiv"></div> >+ <script> >+const host = get_host_info(); >+const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const ok = true; >+const ko = false; >+const noCors = false; >+ >+function loadImage(url, shoudLoad, corsMode, title) >+{ >+ promise_test(() => { >+ const img = new Image(); >+ if (corsMode) >+ img.crossOrigin = corsMode; >+ img.src = url; >+ return new Promise((resolve, reject) => { >+ img.onload = shoudLoad ? resolve : reject; >+ img.onerror = shoudLoad ? reject : resolve; >+ testDiv.appendChild(img); >+ }).finally(() => { >+ testDiv.innerHTML = ""; >+ }); >+ }, title); >+} >+ >+loadImage("./resources/image.py?corp=same-origin", ok, noCors, >+ "Same-origin image load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadImage("./resources/image.py?corp=same-site", ok, noCors, >+ "Same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-origin&acao=*", ok, "anonymous", >+ "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-site&acao=*", ok, "anonymous", >+ "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-origin&acao=*", ko, noCors, >+ "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-site&acao=*", ko, noCors, >+ "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/green.png b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/green.png >new file mode 100644 >index 0000000000000000000000000000000000000000..28a1faab37797ef39454aa1deac1b470712f7be4 >GIT binary patch >literal 87 >zcmeAS@N?(olHy`uVBq!ia0vp^DL`z*$P6SW{C@KnNHGWagt#*NXE2F7umZ^C_jGX# >j(GX2ekYHV$kio>jw1<IF`tIWiKq&@KS3j3^P6<r_F*+3V > >literal 0 >HcmV?d00001 > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/hello.py b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/hello.py >new file mode 100644 >index 0000000000000000000000000000000000000000..2b7cb6c6fc9fa99cfbba33a4dc456770ca2709ba >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/hello.py >@@ -0,0 +1,6 @@ >+def main(request, response): >+ headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])] >+ if 'origin' in request.headers: >+ headers.append(('Access-Control-Allow-Origin', request.headers['origin'])) >+ >+ return 200, headers, "hello" >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframe.py b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframe.py >new file mode 100644 >index 0000000000000000000000000000000000000000..5872842c673ba5fc10ce0aefbab1c114ccaaa56a >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframe.py >@@ -0,0 +1,5 @@ >+def main(request, response): >+ headers = [("Content-Type", "text/html"), >+ ("Cross-Origin-Resource-Policy", request.GET['corp'])] >+ return 200, headers, "<body><h3>The iframe</h3><script>window.onmessage = () => { parent.postMessage('pong', '*'); }</script></body>" >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html >new file mode 100644 >index 0000000000000000000000000000000000000000..257185805d96d2eac2faae34563e64bbc7dde408 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html >@@ -0,0 +1,19 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script> >+ function processMessage(event) >+ { >+ fetch(event.data, { mode: "no-cors" }).then(() => { >+ parent.postMessage("ok", "*"); >+ }, () => { >+ parent.postMessage("ko", "*"); >+ }); >+ } >+ window.addEventListener("message", processMessage, false); >+ </script> >+</head> >+<body> >+ <h3>The iframe making a same origin fetch call.</h3> >+</body> >+</html> >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/image.py b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/image.py >new file mode 100644 >index 0000000000000000000000000000000000000000..ad9295cf6828740159ffcc8259c25239220d7a7b >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/image.py >@@ -0,0 +1,20 @@ >+import os.path >+ >+def main(request, response): >+ type = request.GET.first("type", None) >+ >+ body = open(os.path.join(os.path.dirname(__file__), "green.png"), "rb").read() >+ >+ response.add_required_headers = False >+ response.writer.write_status(200) >+ >+ if 'corp' in request.GET: >+ response.writer.write_header("cross-origin-resource-policy", request.GET['corp']) >+ if 'acao' in request.GET: >+ response.writer.write_header("access-control-allow-origin", request.GET['acao']) >+ response.writer.write_header("content-length", len(body)) >+ if(type != None): >+ response.writer.write_header("content-type", type) >+ response.writer.end_headers() >+ >+ response.writer.write(body) >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/redirect.py b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/redirect.py >new file mode 100644 >index 0000000000000000000000000000000000000000..73793b074272e90226da3919bd3dab95b8173d38 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/redirect.py >@@ -0,0 +1,6 @@ >+def main(request, response): >+ headers = [("Location", request.GET['redirectTo'])] >+ if 'corp' in request.GET: >+ headers.append(('Cross-Origin-Resource-Policy', request.GET['corp'])) >+ >+ return 302, headers, "" >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/script.py b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/script.py >new file mode 100644 >index 0000000000000000000000000000000000000000..c9bd6b9c9ee8610de543b756591500de852d6755 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/script.py >@@ -0,0 +1,6 @@ >+def main(request, response): >+ headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])] >+ if 'origin' in request.headers: >+ headers.append(('Access-Control-Allow-Origin', request.headers['origin'])) >+ >+ return 200, headers, "" >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/w3c-import.log b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/w3c-import.log >new file mode 100644 >index 0000000000000000000000000000000000000000..f97570600854abd0ac43c3a9c215d6aa258dd38d >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/w3c-import.log >@@ -0,0 +1,23 @@ >+The tests in this directory were imported from the W3C repository. >+Do NOT modify these tests directly in WebKit. >+Instead, create a pull request on the WPT github: >+ https://github.com/web-platform-tests/wpt >+ >+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport >+ >+Do NOT modify or remove this file. >+ >+------------------------------------------------------------------------ >+Properties requiring vendor prefixes: >+None >+Property values requiring vendor prefixes: >+None >+------------------------------------------------------------------------ >+List of files: >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/green.png >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/hello.py >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframe.py >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/image.py >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/redirect.py >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/resources/script.py >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..16b952493ca0c35e91d14717e6af8bfaf34168ef >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any-expected.txt >@@ -0,0 +1,5 @@ >+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks. >+ >+PASS Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.html >new file mode 100644 >index 0000000000000000000000000000000000000000..2382913528e693b3a5d56c660a45060980b548c3 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.html >@@ -0,0 +1 @@ >+<!-- This file is required for WebKit test infrastructure to run the templated test --> >\ No newline at end of file >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js >new file mode 100644 >index 0000000000000000000000000000000000000000..192572e28421b364edb79e6590fcc3ea5d10a578 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js >@@ -0,0 +1,7 @@ >+// META: script=/common/get-host-info.sub.js >+ >+promise_test(t => { >+ return promise_rejects(t, >+ new TypeError(), >+ fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" })); >+}, "Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP"); >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..db803376d34447ac029a353ca009521286a5bb49 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker-expected.txt >@@ -0,0 +1,4 @@ >+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. >+ >+PASS Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker.html >new file mode 100644 >index 0000000000000000000000000000000000000000..2382913528e693b3a5d56c660a45060980b548c3 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.worker.html >@@ -0,0 +1 @@ >+<!-- This file is required for WebKit test infrastructure to run the templated test --> >\ No newline at end of file >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js >new file mode 100644 >index 0000000000000000000000000000000000000000..4c7457187419e059b016d5f2602b516d3382be7b >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js >@@ -0,0 +1,13 @@ >+// META: script=/common/get-host-info.sub.js >+ >+promise_test(t => { >+ const img = new Image(); >+ img.src = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site"; >+ return new Promise((resolve, reject) => { >+ img.onload = resolve; >+ img.onerror = reject; >+ document.body.appendChild(img); >+ }).finally(() => { >+ img.remove(); >+ }); >+}, "Cross-Origin-Resource-Policy does not block Mixed Content <img>"); >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/script-loads-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/script-loads-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..39bfe94a6aaa809132b599fe7bcdb8b8104143d4 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/script-loads-expected.txt >@@ -0,0 +1,12 @@ >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/script.py?corp=same-origin&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/script.py?corp=same-site&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >+ >+PASS Same-origin script load with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header. >+PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header. >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/script-loads.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/script-loads.html >new file mode 100644 >index 0000000000000000000000000000000000000000..5850e0109f18c23e40d73686bef5e4b6a6b40686 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/script-loads.html >@@ -0,0 +1,51 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/resources/testharness.js"></script> >+ <script src="/resources/testharnessreport.js"></script> >+ <script src="/common/get-host-info.sub.js"></script> >+</head> >+<body> >+ <div id="testDiv"></div> >+ <script> >+const host = get_host_info(); >+const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; >+const ok = true; >+const ko = false; >+const noCors = false; >+ >+function loadScript(url, shoudLoad, corsMode, title) >+{ >+ promise_test(() => { >+ const script = document.createElement("script"); >+ if (corsMode) >+ script.crossOrigin = corsMode; >+ script.src = url; >+ return new Promise((resolve, reject) => { >+ script.onload = shoudLoad ? resolve : reject; >+ script.onerror = shoudLoad ? reject : resolve; >+ testDiv.appendChild(script); >+ }); >+ }, title); >+} >+ >+loadScript("./resources/script.py?corp=same-origin", ok, noCors, >+ "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadScript("./resources/script.py?corp=same-site", ok, noCors, >+ "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-origin&acao=*", ok, "anonymous", >+ "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-site&acao=*", ok, "anonymous", >+ "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ >+loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-origin&acao=*", ko, noCors, >+ "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); >+ >+loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-site&acao=*", ko, noCors, >+ "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header."); >+ </script> >+</body> >+</html> >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..1f8ef479d853ebe5ea167042d8cfe181fb540532 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt >@@ -0,0 +1,12 @@ >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN due to access control checks. >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin due to access control checks. >+ >+PASS Parsing Cross-Origin-Resource-Policy: same >+PASS Parsing Cross-Origin-Resource-Policy: same, same-origin >+FAIL Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header." >+FAIL Parsing Cross-Origin-Resource-Policy: Same-Origin promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header." >+PASS Parsing Cross-Origin-Resource-Policy: same-origin, <> >+PASS Parsing Cross-Origin-Resource-Policy: same-origin, same-origin >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.html >new file mode 100644 >index 0000000000000000000000000000000000000000..2382913528e693b3a5d56c660a45060980b548c3 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.html >@@ -0,0 +1 @@ >+<!-- This file is required for WebKit test infrastructure to run the templated test --> >\ No newline at end of file >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.js b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.js >new file mode 100644 >index 0000000000000000000000000000000000000000..cf5b06d5c4f4b60749e38f6a469a85e5efff0ea6 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.js >@@ -0,0 +1,18 @@ >+// META: script=/common/get-host-info.sub.js >+ >+const crossOriginURL = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp="; >+ >+[ >+ "same", >+ "same, same-origin", >+ "SAME-ORIGIN", >+ "Same-Origin", >+ "same-origin, <>", >+ "same-origin, same-origin" >+].forEach(incorrectHeaderValue => { >+ // Note: an incorrect value results in a successful load, so this test is only meaningful in >+ // implementations with support for the header. >+ promise_test(t => { >+ return fetch(crossOriginURL + encodeURIComponent(incorrectHeaderValue), { mode: "no-cors" }); >+ }, "Parsing Cross-Origin-Resource-Policy: " + incorrectHeaderValue); >+}); >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..9e5a5a92b13c156605bea4589de05bbb80b81c47 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt >@@ -0,0 +1,10 @@ >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header. >+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header. >+ >+PASS Parsing Cross-Origin-Resource-Policy: same >+PASS Parsing Cross-Origin-Resource-Policy: same, same-origin >+FAIL Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header." >+FAIL Parsing Cross-Origin-Resource-Policy: Same-Origin promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header." >+PASS Parsing Cross-Origin-Resource-Policy: same-origin, <> >+PASS Parsing Cross-Origin-Resource-Policy: same-origin, same-origin >+ >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker.html b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker.html >new file mode 100644 >index 0000000000000000000000000000000000000000..2382913528e693b3a5d56c660a45060980b548c3 >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker.html >@@ -0,0 +1 @@ >+<!-- This file is required for WebKit test infrastructure to run the templated test --> >\ No newline at end of file >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/w3c-import.log b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/w3c-import.log >new file mode 100644 >index 0000000000000000000000000000000000000000..0b12aa6fd5bb9afc2a08b669d24688d793c5674b >--- /dev/null >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/w3c-import.log >@@ -0,0 +1,24 @@ >+The tests in this directory were imported from the W3C repository. >+Do NOT modify these tests directly in WebKit. >+Instead, create a pull request on the WPT github: >+ https://github.com/web-platform-tests/wpt >+ >+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport >+ >+Do NOT modify or remove this file. >+ >+------------------------------------------------------------------------ >+Properties requiring vendor prefixes: >+None >+Property values requiring vendor prefixes: >+None >+------------------------------------------------------------------------ >+List of files: >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.html >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/iframe-loads.html >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/image-loads.html >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/script-loads.html >+/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.js >diff --git a/LayoutTests/platform/ios-wk1/TestExpectations b/LayoutTests/platform/ios-wk1/TestExpectations >index f4aeed201d8a336ed29c36b8d793f1bc5bf8e5ab..8512a030a7148155b9c01a2dcfd1de0425f9cff3 100644 >--- a/LayoutTests/platform/ios-wk1/TestExpectations >+++ b/LayoutTests/platform/ios-wk1/TestExpectations >@@ -13,6 +13,7 @@ imported/w3c/web-platform-tests/server-timing/service_worker_idl.html [ Skip ] > http/wpt/service-workers [ Skip ] > http/wpt/cache-storage [ Skip ] > http/tests/cache-storage [ Skip ] >+imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy [ Skip ] > > # Skip WebRTC for now in WK1 > imported/w3c/web-platform-tests/webrtc [ Skip ] >diff --git a/LayoutTests/platform/mac-wk1/TestExpectations b/LayoutTests/platform/mac-wk1/TestExpectations >index 1999bbc61e62e150213841d5e5c1784d45326ed9..60fd5c6d83e1b1411cc460c47aeba827d03aa907 100644 >--- a/LayoutTests/platform/mac-wk1/TestExpectations >+++ b/LayoutTests/platform/mac-wk1/TestExpectations >@@ -150,6 +150,7 @@ http/tests/appcache/main-resource-redirect-with-sw.html [ Skip ] > http/tests/cookies/same-site/fetch-in-cross-origin-service-worker.html [ Skip ] > http/tests/cookies/same-site/fetch-in-same-origin-service-worker.html [ Skip ] > imported/w3c/web-platform-tests/server-timing/service_worker_idl.html [ Skip ] >+imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy [ Skip ] > > # Skip WebRTC for now in WK1 > imported/w3c/web-platform-tests/webrtc [ Skip ] >diff --git a/LayoutTests/platform/win/TestExpectations b/LayoutTests/platform/win/TestExpectations >index aabf8bef30875ac9d8acb76bd73da43445199f64..1d560592cc83490f7759f82b3146c87fc0291877 100644 >--- a/LayoutTests/platform/win/TestExpectations >+++ b/LayoutTests/platform/win/TestExpectations >@@ -3808,6 +3808,7 @@ imported/w3c/web-platform-tests/service-workers [ Skip ] > http/tests/cache-storage [ Skip ] > http/wpt/cache-storage [ Skip ] > http/tests/appcache/main-resource-redirect-with-sw.html [ Skip ] >+imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy [ Skip ] > > # No header filtering for WK1 > http/wpt/loading/redirect-headers.html [ Skip ]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343563">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 187027
:
343563
|
343590
|
343642
|
343650