Bug 1467848 [wpt PR 11428] - Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction, a=testonly
authorAnne van Kesteren <annevk@annevk.nl>
Fri, 06 Jul 2018 17:27:55 +0000
changeset 425895 2088a3b878a40a0f734fa8e04ade1417b951e1d4
parent 425894 0d5c1298c115f6ccc0b1e19e7494b1dd72ae7f18
child 425896 4b469f7e2be35438eb18b3723f3a1933365140d9
push id34267
push userrgurzau@mozilla.com
push dateWed, 11 Jul 2018 22:05:21 +0000
treeherdermozilla-central@3aca103e4915 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1467848, 11428, 11171
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1467848 [wpt PR 11428] - Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction, a=testonly Automatic update from web-platform-testsFetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction Supplements #11171. For https://github.com/whatwg/fetch/pull/733. -- wpt-commits: 7f0a106f3d5e9d3e7f70ba52aae896a3fffc2cc6 wpt-pr: 11428
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py
testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js
testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -338938,16 +338938,32 @@
     ]
    ],
    "fetch/cross-origin-resource-policy/image-loads.html": [
     [
      "/fetch/cross-origin-resource-policy/image-loads.html",
      {}
     ]
    ],
+   "fetch/cross-origin-resource-policy/scheme-restriction.any.js": [
+    [
+     "/fetch/cross-origin-resource-policy/scheme-restriction.any.html",
+     {}
+    ],
+    [
+     "/fetch/cross-origin-resource-policy/scheme-restriction.any.worker.html",
+     {}
+    ]
+   ],
+   "fetch/cross-origin-resource-policy/scheme-restriction.https.window.js": [
+    [
+     "/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html",
+     {}
+    ]
+   ],
    "fetch/cross-origin-resource-policy/script-loads.html": [
     [
      "/fetch/cross-origin-resource-policy/script-loads.html",
      {}
     ]
    ],
    "fetch/cross-origin-resource-policy/syntax.any.js": [
     [
@@ -569228,27 +569244,35 @@
    "d8f4af86d37d2f257b4166a1f7d3001d55eeda69",
    "support"
   ],
   "fetch/cross-origin-resource-policy/resources/iframeFetch.html": [
    "d66a9c958288a97469e8cfa75eba973e9f35e190",
    "support"
   ],
   "fetch/cross-origin-resource-policy/resources/image.py": [
-   "72f4bbf045fbb61623246d44b763bd06024c0f63",
+   "1eba6cc92e4bc3f0d83814c0ead1ba6b23aa5182",
    "support"
   ],
   "fetch/cross-origin-resource-policy/resources/redirect.py": [
    "eb237d6f61e042db8454efad97a7ca58ea90eba9",
    "support"
   ],
   "fetch/cross-origin-resource-policy/resources/script.py": [
    "330a0ae1420b41e63bd639fa24f75e64e4528bcc",
    "support"
   ],
+  "fetch/cross-origin-resource-policy/scheme-restriction.any.js": [
+   "e1221ddd258f4d699dad395284f7a2cb0a719888",
+   "testharness"
+  ],
+  "fetch/cross-origin-resource-policy/scheme-restriction.https.window.js": [
+   "e0272587c66b6c220dce1a5a055d49628c84d0fd",
+   "testharness"
+  ],
   "fetch/cross-origin-resource-policy/script-loads.html": [
    "cd28267293f2d20ee78d6b946fe6b8793edf1bae",
    "testharness"
   ],
   "fetch/cross-origin-resource-policy/syntax.any.js": [
    "77377a2a82a22bf9ff637a1e3b918eda6cb28858",
    "testharness"
   ],
--- a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py
@@ -13,9 +13,8 @@ def main(request, response):
     if 'acao' in request.GET:
         response.writer.write_header("access-control-allow-origin", request.GET['acao'])
     response.writer.write_header("content-length", len(body))
     if(type != None):
       response.writer.write_header("content-type", type)
     response.writer.end_headers()
 
     response.writer.write(body)
-
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.any.js
@@ -0,0 +1,7 @@
+// META: script=/common/get-host-info.sub.js
+
+promise_test(t => {
+  return promise_rejects(t,
+                         new TypeError(),
+                         fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" }));
+}, "Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP");
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js
@@ -0,0 +1,13 @@
+// META: script=/common/get-host-info.sub.js
+
+promise_test(t => {
+  const img = new Image();
+  img.src = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site";
+  return new Promise((resolve, reject) => {
+    img.onload = resolve;
+    img.onerror = reject;
+    document.body.appendChild(img);
+  }).finally(() => {
+    img.remove();
+  });
+}, "Cross-Origin-Resource-Policy does not block Mixed Content <img>");