Index: third_party/WebKit/LayoutTests/imported/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-iframe.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html b/third_party/WebKit/LayoutTests/imported/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-iframe.html |
similarity index 71% |
copy from third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html |
copy to third_party/WebKit/LayoutTests/imported/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-iframe.html |
index 3948d8916d2ed4a03dbabb423ba6a756ae981d9b..3822971e80a2cbd91f5161ef0171d72d4adf61a4 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html |
+++ b/third_party/WebKit/LayoutTests/imported/wpt/service-workers/service-worker/resources/fetch-canvas-tainting-iframe.html |
@@ -1,13 +1,28 @@ |
-<script src="../../resources/get-host-info.js?pipe=sub"></script> |
-<script src="test-helpers.js"></script> |
+<script src="../resources/get-host-info.sub.js"></script> |
+<script src="test-helpers.sub.js?pipe=sub"></script> |
<script> |
-var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE'; |
+var image_path = base_path() + 'fetch-access-control.py?PNGIMAGE'; |
var host_info = get_host_info(); |
+var params = get_query_params(location.href); |
var NOT_TAINTED = 'NOT_TAINTED'; |
var TAINTED = 'TAINTED'; |
var LOAD_ERROR = 'LOAD_ERROR'; |
+function get_query_params(url) { |
+ var search = (new URL(url)).search; |
+ if (!search) { |
+ return {}; |
+ } |
+ var ret = {}; |
+ var params = search.substring(1).split('&'); |
+ params.forEach(function(param) { |
+ var element = param.split('='); |
+ ret[decodeURIComponent(element[0])] = decodeURIComponent(element[1]); |
+ }); |
+ return ret; |
+} |
+ |
function create_test_case_promise(url, cross_origin) { |
return new Promise(function(resolve) { |
var img = new Image(); |
@@ -35,6 +50,10 @@ function create_test_case_promise(url, cross_origin) { |
} |
function create_test_promise(url, cross_origin, expected_result) { |
+ if (params['cache']) { |
+ url += "&cache"; |
+ } |
+ |
return new Promise(function(resolve, reject) { |
create_test_case_promise(url, cross_origin) |
.then(function(result) { |
@@ -51,8 +70,8 @@ function create_test_promise(url, cross_origin, expected_result) { |
window.addEventListener('message', function(evt) { |
var port = evt.ports[0]; |
- var image_url = host_info['HTTP_ORIGIN'] + image_path; |
- var remote_image_url = host_info['HTTP_REMOTE_ORIGIN'] + image_path; |
+ var image_url = host_info['HTTPS_ORIGIN'] + image_path; |
+ var remote_image_url = host_info['HTTPS_REMOTE_ORIGIN'] + image_path; |
Promise.all([ |
// Reject tests |
create_test_promise(image_url + '&reject', '', LOAD_ERROR), |
@@ -73,7 +92,7 @@ window.addEventListener('message', function(evt) { |
'anonymous', |
LOAD_ERROR), |
create_test_promise( |
- remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
+ remote_image_url + '&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
'&ignore', |
'anonymous', |
NOT_TAINTED), |
@@ -82,12 +101,12 @@ window.addEventListener('message', function(evt) { |
'use-credentials', |
LOAD_ERROR), |
create_test_promise( |
- remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
+ remote_image_url + '&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
'&ignore', |
'use-credentials', |
LOAD_ERROR), |
create_test_promise( |
- remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
+ remote_image_url + '&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
'&ACACredentials=true&ignore', |
'use-credentials', |
NOT_TAINTED), |
@@ -110,12 +129,12 @@ window.addEventListener('message', function(evt) { |
'use-credentials', |
LOAD_ERROR), |
create_test_promise( |
- remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
+ remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
'&ignore', |
'use-credentials', |
LOAD_ERROR), |
create_test_promise( |
- remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
+ remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTPS_ORIGIN'] + |
'&ACACredentials=true&ignore', |
'use-credentials', |
NOT_TAINTED), |
@@ -140,7 +159,7 @@ window.addEventListener('message', function(evt) { |
remote_image_url + |
'&mode=same-origin&url=' + encodeURIComponent(image_url), |
'', |
- NOT_TAINTED), |
+ TAINTED), |
create_test_promise( |
remote_image_url + |
'&mode=same-origin&url=' + encodeURIComponent(image_url), |
@@ -183,64 +202,85 @@ window.addEventListener('message', function(evt) { |
'&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
'use-credentials', |
LOAD_ERROR), |
- |
+ |
// CORS response |
create_test_promise( |
image_url + |
'&mode=cors&url=' + |
encodeURIComponent(remote_image_url + |
- '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
+ '', |
+ LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respond |
+ // with an Access-Control-Allow-Credentials header. |
+ create_test_promise( |
+ image_url + |
+ '&mode=cors&credentials=same-origin&url=' + |
+ encodeURIComponent(remote_image_url + |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'', |
NOT_TAINTED), |
create_test_promise( |
image_url + |
'&mode=cors&url=' + |
encodeURIComponent(remote_image_url + |
- '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'anonymous', |
NOT_TAINTED), |
create_test_promise( |
image_url + |
'&mode=cors&url=' + |
encodeURIComponent(remote_image_url + |
- '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'use-credentials', |
- NOT_TAINTED), |
+ LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respond |
+ // with an Access-Control-Allow-Credentials header. |
create_test_promise( |
image_url + |
'&mode=cors&url=' + |
encodeURIComponent( |
remote_image_url + |
- '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACACredentials=true&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'use-credentials', |
NOT_TAINTED), |
create_test_promise( |
remote_image_url + |
'&mode=cors&url=' + |
encodeURIComponent(remote_image_url + |
- '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'', |
- NOT_TAINTED), |
+ LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respond |
+ // with an Access-Control-Allow-Credentials header. |
+ create_test_promise( |
+ remote_image_url + |
+ '&mode=cors&credentials=same-origin&url=' + |
+ encodeURIComponent(remote_image_url + |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
+ '', |
+ TAINTED), // The cross-origin no-cors request is immediately tainted. |
+ // Since this happens before the service worker interception, |
+ // it does not matter what kind of response it returns. |
+ // The result will always be tainted. |
create_test_promise( |
remote_image_url + |
'&mode=cors&url=' + |
encodeURIComponent(remote_image_url + |
- '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'anonymous', |
NOT_TAINTED), |
create_test_promise( |
remote_image_url + |
'&mode=cors&url=' + |
encodeURIComponent(remote_image_url + |
- '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'use-credentials', |
- NOT_TAINTED), |
+ LOAD_ERROR), // We expect LOAD_ERROR since the server doesn't respond |
+ // with an Access-Control-Allow-Credentials header. |
create_test_promise( |
remote_image_url + |
'&mode=cors&url=' + |
encodeURIComponent( |
remote_image_url + |
- '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
+ '&ACACredentials=true&ACAOrigin=' + host_info['HTTPS_ORIGIN']), |
'use-credentials', |
NOT_TAINTED) |
]) |