Bug 1513156 [wpt PR 14452] - WPT: CSS: Add cross-origin redirect tests., a=testonly
authorMatt Falkenhagen <falken@chromium.org>
Thu, 13 Dec 2018 14:01:20 +0000
changeset 507858 004e8fbaeead9b556d1972586b1a17e7647b09e8
parent 507857 41ca1e10f9c06cdadcdf40d3b58a2a82c4bd7120
child 507859 77fbd9d5fcaaee2a56c5d9b48d574f7d67b2c8ee
push id10547
push userffxbld-merge
push dateMon, 21 Jan 2019 13:03:58 +0000
treeherdermozilla-beta@24ec1916bffe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1513156, 14452, 911974, 1370162, 615475
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1513156 [wpt PR 14452] - WPT: CSS: Add cross-origin redirect tests., a=testonly Automatic update from web-platform-tests WPT: CSS: Add cross-origin redirect tests. This adds tests that stylesheets that result from requests that were redirected cross-origin are considered cross-origin. Note that A->B->A redirects, which redirect from cross-origin to same-origin, are considered cross-origin. See https://github.com/whatwg/fetch/issues/737 and https://github.com/whatwg/fetch/pull/834. In Blink, we have redirect tests at http/tests/security/cannot-read-cssrules-redirect.html. This WPT addition will supersede that test, but I won't yet remove it since it asserts the opposite for the A->B->A case. I can remove the test when Blink changes to pass this WPT test. Bug: 911974 Change-Id: Ie015c0390829299de7c29cff6685ddfcd774c66f Reviewed-on: https://chromium-review.googlesource.com/c/1370162 Reviewed-by: Rune Lillesveen <futhark@chromium.org> Commit-Queue: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#615475} -- wpt-commits: 600dd6cb4295d0bcfc867b8877287d485d3b0e4e wpt-pr: 14452
testing/web-platform/tests/css/cssom/stylesheet-same-origin.sub.html
--- a/testing/web-platform/tests/css/cssom/stylesheet-same-origin.sub.html
+++ b/testing/web-platform/tests/css/cssom/stylesheet-same-origin.sub.html
@@ -2,52 +2,72 @@
 <html>
 <head>
     <meta charset="utf-8">
     <title>CSSOM - CSSStylesheet should support origins</title>
     <link rel="help" href="https://drafts.csswg.org/cssom/#the-cssstylesheet-interface">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
 
-    <link id="crossorigin" href="http://www1.{{host}}:{{ports[http][1]}}/stylesheet-same-origin.css" rel="stylesheet">
+    <link id="crossorigin" href="http://www1.{{host}}:{{ports[http][1]}}/css/cssom/stylesheet-same-origin.css" rel="stylesheet">
     <link id="sameorigin" href="stylesheet-same-origin.css" rel="stylesheet">
     <link id="sameorigindata" href="data:text/css,.green-text{color:rgb(0, 255, 0)}" rel="stylesheet">
+    <link id="redirect-sameorigin-to-crossorigin"
+          href="/common/redirect.py?location=http://www1.{{host}}:{{ports[http][1]}}/css/cssom/stylesheet-same-origin.css"
+          rel="stylesheet">
+    <link id="redirect-crossorigin-to-sameorigin"
+          href="http://www1.{{host}}:{{ports[http][1]}}/common/redirect.py?location=http://{{host}}:{{ports[http][0]}}/css/cssom/stylesheet-same-origin.css"
+          rel="stylesheet">
 
     <script>
         var crossorigin = document.getElementById("crossorigin").sheet;
+        var redirectSameOriginToCrossOrigin = document.getElementById("redirect-sameorigin-to-crossorigin").sheet;
+        var redirectCrossOriginToSameOrigin = document.getElementById("redirect-crossorigin-to-sameorigin").sheet;
         var sameorigin = document.getElementById("sameorigin").sheet;
         var sameorigindata = document.getElementById("sameorigindata").sheet;
 
-        test(function() {
-            assert_throws("SecurityError",
-                function () {
-                    crossorigin.cssRules;
-                },
-                "Cross origin stylesheet.cssRules should throw SecurityError.");
-            assert_throws("SecurityError",
-                function () {
-                    crossorigin.insertRule("#test { margin: 10px; }", 1);
-                },
-                "Cross origin stylesheet.insertRule should throw SecurityError.");
-
-            assert_throws("SecurityError",
-                function () {
-                    crossorigin.deleteRule(0);
-                },
-                "Cross origin stylesheet.deleteRule should throw SecurityError.");
-        }, "Origin-clean check in cross-origin CSSOM Stylesheets");
-
         function doOriginCleanCheck(sheet, name) {
             assert_equals(sheet.cssRules.length, 1, name + " stylesheet.cssRules should be accessible.");
             sheet.insertRule("#test { margin: 10px; }", 1);
             assert_equals(sheet.cssRules.length, 2, name + " stylesheet.insertRule should be accessible.");
             sheet.deleteRule(0);
             assert_equals(sheet.cssRules.length, 1, name + " stylesheet.deleteRule should be accessible.");
         }
 
+        function doOriginDirtyCheck(sheet) {
+            assert_throws("SecurityError",
+                function () {
+                    sheet.cssRules;
+                },
+                'stylesheet.cssRules should throw SecurityError.');
+            assert_throws("SecurityError",
+                function () {
+                    sheet.insertRule("#test { margin: 10px; }", 1);
+                },
+                'stylesheet.insertRule should throw SecurityError.');
+
+            assert_throws("SecurityError",
+                function () {
+                    sheet.deleteRule(0);
+                },
+                'stylesheet.deleteRule should throw SecurityError.');
+        }
+
+        test(function() {
+            doOriginDirtyCheck(crossorigin);
+        }, "Origin-clean check in cross-origin CSSOM Stylesheets");
+
+        test(function() {
+            doOriginDirtyCheck(redirectSameOriginToCrossOrigin);
+        }, "Origin-clean check in cross-origin CSSOM Stylesheets (redirect from same-origin to cross-origin)");
+
+        test(function() {
+            doOriginDirtyCheck(redirectCrossOriginToSameOrigin);
+        }, "Origin-clean check in cross-origin CSSOM Stylesheets (redirect from cross-origin to same-origin)");
+
         test(function() {
             doOriginCleanCheck(sameorigin, "Same-origin");
         }, "Origin-clean check in same-origin CSSOM Stylesheets");
 
         test(function() {
             doOriginCleanCheck(sameorigindata, "data:css");
         }, "Origin-clean check in data:css CSSOM Stylesheets");