OLD | NEW |
1 <script src="../../resources/get-host-info.js?pipe=sub"></script> | 1 <script src="../resources/get-host-info.sub.js"></script> |
2 <script src="test-helpers.js"></script> | 2 <script src="test-helpers.sub.js?pipe=sub"></script> |
3 <script> | 3 <script> |
4 var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE'; | 4 var image_path = base_path() + 'fetch-access-control.py?PNGIMAGE'; |
5 var host_info = get_host_info(); | 5 var host_info = get_host_info(); |
| 6 var params = get_query_params(location.href); |
6 | 7 |
7 var NOT_TAINTED = 'NOT_TAINTED'; | 8 var NOT_TAINTED = 'NOT_TAINTED'; |
8 var TAINTED = 'TAINTED'; | 9 var TAINTED = 'TAINTED'; |
9 var LOAD_ERROR = 'LOAD_ERROR'; | 10 var LOAD_ERROR = 'LOAD_ERROR'; |
10 | 11 |
| 12 function get_query_params(url) { |
| 13 var search = (new URL(url)).search; |
| 14 if (!search) { |
| 15 return {}; |
| 16 } |
| 17 var ret = {}; |
| 18 var params = search.substring(1).split('&'); |
| 19 params.forEach(function(param) { |
| 20 var element = param.split('='); |
| 21 ret[decodeURIComponent(element[0])] = decodeURIComponent(element[1]); |
| 22 }); |
| 23 return ret; |
| 24 } |
| 25 |
11 function create_test_case_promise(url, cross_origin) { | 26 function create_test_case_promise(url, cross_origin) { |
12 return new Promise(function(resolve) { | 27 return new Promise(function(resolve) { |
13 var img = new Image(); | 28 var img = new Image(); |
14 if (cross_origin != '') { | 29 if (cross_origin != '') { |
15 img.crossOrigin = cross_origin; | 30 img.crossOrigin = cross_origin; |
16 } | 31 } |
17 img.onload = function() { | 32 img.onload = function() { |
18 try { | 33 try { |
19 var canvas = document.createElement('canvas'); | 34 var canvas = document.createElement('canvas'); |
20 canvas.width = 100; | 35 canvas.width = 100; |
21 canvas.height = 100; | 36 canvas.height = 100; |
22 var context = canvas.getContext('2d'); | 37 var context = canvas.getContext('2d'); |
23 context.drawImage(img, 0, 0); | 38 context.drawImage(img, 0, 0); |
24 context.getImageData(0, 0, 100, 100); | 39 context.getImageData(0, 0, 100, 100); |
25 resolve(NOT_TAINTED); | 40 resolve(NOT_TAINTED); |
26 } catch (e) { | 41 } catch (e) { |
27 resolve(TAINTED); | 42 resolve(TAINTED); |
28 } | 43 } |
29 }; | 44 }; |
30 img.onerror = function() { | 45 img.onerror = function() { |
31 resolve(LOAD_ERROR); | 46 resolve(LOAD_ERROR); |
32 } | 47 } |
33 img.src = url; | 48 img.src = url; |
34 }); | 49 }); |
35 } | 50 } |
36 | 51 |
37 function create_test_promise(url, cross_origin, expected_result) { | 52 function create_test_promise(url, cross_origin, expected_result) { |
| 53 if (params['cache']) { |
| 54 url += "&cache"; |
| 55 } |
| 56 |
38 return new Promise(function(resolve, reject) { | 57 return new Promise(function(resolve, reject) { |
39 create_test_case_promise(url, cross_origin) | 58 create_test_case_promise(url, cross_origin) |
40 .then(function(result) { | 59 .then(function(result) { |
41 if (result == expected_result) { | 60 if (result == expected_result) { |
42 resolve(); | 61 resolve(); |
43 } else { | 62 } else { |
44 reject('Result of url:' + url + ' ' + | 63 reject('Result of url:' + url + ' ' + |
45 ' cross_origin: ' + cross_origin + ' must be ' + | 64 ' cross_origin: ' + cross_origin + ' must be ' + |
46 expected_result + ' but ' + result); | 65 expected_result + ' but ' + result); |
47 } | 66 } |
48 }) | 67 }) |
49 }); | 68 }); |
50 } | 69 } |
51 | 70 |
52 window.addEventListener('message', function(evt) { | 71 window.addEventListener('message', function(evt) { |
53 var port = evt.ports[0]; | 72 var port = evt.ports[0]; |
54 var image_url = host_info['HTTP_ORIGIN'] + image_path; | 73 var image_url = host_info['HTTPS_ORIGIN'] + image_path; |
55 var remote_image_url = host_info['HTTP_REMOTE_ORIGIN'] + image_path; | 74 var remote_image_url = host_info['HTTPS_REMOTE_ORIGIN'] + image_path; |
56 Promise.all([ | 75 Promise.all([ |
57 // Reject tests | 76 // Reject tests |
58 create_test_promise(image_url + '&reject', '', LOAD_ERROR), | 77 create_test_promise(image_url + '&reject', '', LOAD_ERROR), |
59 create_test_promise(image_url + '&reject', 'anonymous', LOAD_ERROR), | 78 create_test_promise(image_url + '&reject', 'anonymous', LOAD_ERROR), |
60 create_test_promise( | 79 create_test_promise( |
61 image_url + '&reject', 'use-credentials', LOAD_ERROR), | 80 image_url + '&reject', 'use-credentials', LOAD_ERROR), |
62 // Fallback tests | 81 // Fallback tests |
63 create_test_promise( | 82 create_test_promise( |
64 image_url + '&ignore', | 83 image_url + '&ignore', |
65 '', | 84 '', |
66 NOT_TAINTED), | 85 NOT_TAINTED), |
67 create_test_promise( | 86 create_test_promise( |
68 remote_image_url + '&ignore', | 87 remote_image_url + '&ignore', |
69 '', | 88 '', |
70 TAINTED), | 89 TAINTED), |
71 create_test_promise( | 90 create_test_promise( |
72 remote_image_url + '&ignore', | 91 remote_image_url + '&ignore', |
73 'anonymous', | 92 'anonymous', |
74 LOAD_ERROR), | 93 LOAD_ERROR), |
75 create_test_promise( | 94 create_test_promise( |
76 remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + | 95 remote_image_url + '&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
77 '&ignore', | 96 '&ignore', |
78 'anonymous', | 97 'anonymous', |
79 NOT_TAINTED), | 98 NOT_TAINTED), |
80 create_test_promise( | 99 create_test_promise( |
81 remote_image_url + '&ignore', | 100 remote_image_url + '&ignore', |
82 'use-credentials', | 101 'use-credentials', |
83 LOAD_ERROR), | 102 LOAD_ERROR), |
84 create_test_promise( | 103 create_test_promise( |
85 remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + | 104 remote_image_url + '&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
86 '&ignore', | 105 '&ignore', |
87 'use-credentials', | 106 'use-credentials', |
88 LOAD_ERROR), | 107 LOAD_ERROR), |
89 create_test_promise( | 108 create_test_promise( |
90 remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + | 109 remote_image_url + '&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
91 '&ACACredentials=true&ignore', | 110 '&ACACredentials=true&ignore', |
92 'use-credentials', | 111 'use-credentials', |
93 NOT_TAINTED), | 112 NOT_TAINTED), |
94 | 113 |
95 // Credential test (fallback) | 114 // Credential test (fallback) |
96 create_test_promise( | 115 create_test_promise( |
97 image_url + '&Auth&ignore', | 116 image_url + '&Auth&ignore', |
98 '', | 117 '', |
99 NOT_TAINTED), | 118 NOT_TAINTED), |
100 create_test_promise( | 119 create_test_promise( |
101 remote_image_url + '&Auth&ignore', | 120 remote_image_url + '&Auth&ignore', |
102 '', | 121 '', |
103 TAINTED), | 122 TAINTED), |
104 create_test_promise( | 123 create_test_promise( |
105 remote_image_url + '&Auth&ignore', | 124 remote_image_url + '&Auth&ignore', |
106 'anonymous', | 125 'anonymous', |
107 LOAD_ERROR), | 126 LOAD_ERROR), |
108 create_test_promise( | 127 create_test_promise( |
109 remote_image_url + '&Auth&ignore', | 128 remote_image_url + '&Auth&ignore', |
110 'use-credentials', | 129 'use-credentials', |
111 LOAD_ERROR), | 130 LOAD_ERROR), |
112 create_test_promise( | 131 create_test_promise( |
113 remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] + | 132 remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
114 '&ignore', | 133 '&ignore', |
115 'use-credentials', | 134 'use-credentials', |
116 LOAD_ERROR), | 135 LOAD_ERROR), |
117 create_test_promise( | 136 create_test_promise( |
118 remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] + | 137 remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
119 '&ACACredentials=true&ignore', | 138 '&ACACredentials=true&ignore', |
120 'use-credentials', | 139 'use-credentials', |
121 NOT_TAINTED), | 140 NOT_TAINTED), |
122 | 141 |
123 // Basic response | 142 // Basic response |
124 create_test_promise( | 143 create_test_promise( |
125 image_url + | 144 image_url + |
126 '&mode=same-origin&url=' + encodeURIComponent(image_url), | 145 '&mode=same-origin&url=' + encodeURIComponent(image_url), |
127 '', | 146 '', |
128 NOT_TAINTED), | 147 NOT_TAINTED), |
129 create_test_promise( | 148 create_test_promise( |
130 image_url + | 149 image_url + |
131 '&mode=same-origin&url=' + encodeURIComponent(image_url), | 150 '&mode=same-origin&url=' + encodeURIComponent(image_url), |
132 'anonymous', | 151 'anonymous', |
133 NOT_TAINTED), | 152 NOT_TAINTED), |
134 create_test_promise( | 153 create_test_promise( |
135 image_url + | 154 image_url + |
136 '&mode=same-origin&url=' + encodeURIComponent(image_url), | 155 '&mode=same-origin&url=' + encodeURIComponent(image_url), |
137 'use-credentials', | 156 'use-credentials', |
138 NOT_TAINTED), | 157 NOT_TAINTED), |
139 create_test_promise( | 158 create_test_promise( |
140 remote_image_url + | 159 remote_image_url + |
141 '&mode=same-origin&url=' + encodeURIComponent(image_url), | 160 '&mode=same-origin&url=' + encodeURIComponent(image_url), |
142 '', | 161 '', |
143 NOT_TAINTED), | 162 TAINTED), |
144 create_test_promise( | 163 create_test_promise( |
145 remote_image_url + | 164 remote_image_url + |
146 '&mode=same-origin&url=' + encodeURIComponent(image_url), | 165 '&mode=same-origin&url=' + encodeURIComponent(image_url), |
147 'anonymous', | 166 'anonymous', |
148 NOT_TAINTED), | 167 NOT_TAINTED), |
149 create_test_promise( | 168 create_test_promise( |
150 remote_image_url + | 169 remote_image_url + |
151 '&mode=same-origin&url=' + encodeURIComponent(image_url), | 170 '&mode=same-origin&url=' + encodeURIComponent(image_url), |
152 'use-credentials', | 171 'use-credentials', |
153 NOT_TAINTED), | 172 NOT_TAINTED), |
(...skipping 22 matching lines...) Expand all Loading... |
176 create_test_promise( | 195 create_test_promise( |
177 remote_image_url + | 196 remote_image_url + |
178 '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), | 197 '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
179 'anonymous', | 198 'anonymous', |
180 LOAD_ERROR), | 199 LOAD_ERROR), |
181 create_test_promise( | 200 create_test_promise( |
182 remote_image_url + | 201 remote_image_url + |
183 '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), | 202 '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
184 'use-credentials', | 203 'use-credentials', |
185 LOAD_ERROR), | 204 LOAD_ERROR), |
186 | 205 |
187 // CORS response | 206 // CORS response |
188 create_test_promise( | 207 create_test_promise( |
189 image_url + | 208 image_url + |
190 '&mode=cors&url=' + | 209 '&mode=cors&url=' + |
191 encodeURIComponent(remote_image_url + | 210 encodeURIComponent(remote_image_url + |
192 '&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 211 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
| 212 '', |
| 213 LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respon
d |
| 214 // with an Access-Control-Allow-Credentials header. |
| 215 create_test_promise( |
| 216 image_url + |
| 217 '&mode=cors&credentials=same-origin&url=' + |
| 218 encodeURIComponent(remote_image_url + |
| 219 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
193 '', | 220 '', |
194 NOT_TAINTED), | 221 NOT_TAINTED), |
195 create_test_promise( | 222 create_test_promise( |
196 image_url + | 223 image_url + |
197 '&mode=cors&url=' + | 224 '&mode=cors&url=' + |
198 encodeURIComponent(remote_image_url + | 225 encodeURIComponent(remote_image_url + |
199 '&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 226 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
200 'anonymous', | 227 'anonymous', |
201 NOT_TAINTED), | 228 NOT_TAINTED), |
202 create_test_promise( | 229 create_test_promise( |
203 image_url + | 230 image_url + |
204 '&mode=cors&url=' + | 231 '&mode=cors&url=' + |
205 encodeURIComponent(remote_image_url + | 232 encodeURIComponent(remote_image_url + |
206 '&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 233 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
207 'use-credentials', | 234 'use-credentials', |
208 NOT_TAINTED), | 235 LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respon
d |
| 236 // with an Access-Control-Allow-Credentials header. |
209 create_test_promise( | 237 create_test_promise( |
210 image_url + | 238 image_url + |
211 '&mode=cors&url=' + | 239 '&mode=cors&url=' + |
212 encodeURIComponent( | 240 encodeURIComponent( |
213 remote_image_url + | 241 remote_image_url + |
214 '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 242 '&ACACredentials=true&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
215 'use-credentials', | 243 'use-credentials', |
216 NOT_TAINTED), | 244 NOT_TAINTED), |
217 create_test_promise( | 245 create_test_promise( |
218 remote_image_url + | 246 remote_image_url + |
219 '&mode=cors&url=' + | 247 '&mode=cors&url=' + |
220 encodeURIComponent(remote_image_url + | 248 encodeURIComponent(remote_image_url + |
221 '&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 249 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
222 '', | 250 '', |
223 NOT_TAINTED), | 251 LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respon
d |
| 252 // with an Access-Control-Allow-Credentials header. |
| 253 create_test_promise( |
| 254 remote_image_url + |
| 255 '&mode=cors&credentials=same-origin&url=' + |
| 256 encodeURIComponent(remote_image_url + |
| 257 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
| 258 '', |
| 259 TAINTED), // The cross-origin no-cors request is immediately tainted
. |
| 260 // Since this happens before the service worker intercepti
on, |
| 261 // it does not matter what kind of response it returns. |
| 262 // The result will always be tainted. |
224 create_test_promise( | 263 create_test_promise( |
225 remote_image_url + | 264 remote_image_url + |
226 '&mode=cors&url=' + | 265 '&mode=cors&url=' + |
227 encodeURIComponent(remote_image_url + | 266 encodeURIComponent(remote_image_url + |
228 '&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 267 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
229 'anonymous', | 268 'anonymous', |
230 NOT_TAINTED), | 269 NOT_TAINTED), |
231 create_test_promise( | 270 create_test_promise( |
232 remote_image_url + | 271 remote_image_url + |
233 '&mode=cors&url=' + | 272 '&mode=cors&url=' + |
234 encodeURIComponent(remote_image_url + | 273 encodeURIComponent(remote_image_url + |
235 '&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 274 '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
236 'use-credentials', | 275 'use-credentials', |
237 NOT_TAINTED), | 276 LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respon
d |
| 277 // with an Access-Control-Allow-Credentials header. |
238 create_test_promise( | 278 create_test_promise( |
239 remote_image_url + | 279 remote_image_url + |
240 '&mode=cors&url=' + | 280 '&mode=cors&url=' + |
241 encodeURIComponent( | 281 encodeURIComponent( |
242 remote_image_url + | 282 remote_image_url + |
243 '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']), | 283 '&ACACredentials=true&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
244 'use-credentials', | 284 'use-credentials', |
245 NOT_TAINTED) | 285 NOT_TAINTED) |
246 ]) | 286 ]) |
247 .then(function() { | 287 .then(function() { |
248 port.postMessage({results: 'finish'}); | 288 port.postMessage({results: 'finish'}); |
249 }) | 289 }) |
250 .catch(function(e) { | 290 .catch(function(e) { |
251 port.postMessage({results: 'failure:' + e}); | 291 port.postMessage({results: 'failure:' + e}); |
252 }); | 292 }); |
253 }, false); | 293 }, false); |
254 </script> | 294 </script> |
OLD | NEW |