src/third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-redirect-anonymous.html

   1 <!DOCTYPE HTML>
   2 <script src="/js-test-resources/js-test.js"></script>
   3 <script>
   4 description("Testing the handling of CORS-enabled fetch in the presence of 'anonymous' redirects.");
   5
   6 // Explain the short form descriptions ('=>' representing the redirect.)
   7 debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
   8 debug("");
   9
  10 var redirect_cors = "anonymous";
  11
  12 window.jsTestIsAsync = true;
  13 if (window.testRunner)
  14     testRunner.dumpAsText();
  15
  16 function finish() {
  17     if (window.testRunner)
  18         finishJSTest();
  19 }
  20
  21 function fail() {
  22     debug("FAIL: " + this.description);
  23     runNextTest();
  24 }
  25
  26 function pass() {
  27     debug("PASS: " + this.description);
  28     runNextTest();
  29 }
  30 var tests = [
  31     { description: "Anonymous request: anonymous => no-CORS image resource.",
  32       url: "http://localhost:8000/security/resources/abe.png",
  33       // Redirect is allowed, but fails access check on the non-CORS resource.
  34       success: false,
  35       access: "anonymous"},
  36     { description: "Anonymous request: anonymous => anonymous-CORS image resource.",
  37       url: "http://localhost:8000/security/resources/abe-allow-star.php",
  38       // Redirect is allowed, and passes access check on the CORS resource.
  39       success: true,
  40       access: "anonymous"},
  41     { description: "Credentialled request: anonymous => credentialled image resource (same origin.)",
  42       url: "http://localhost:8000/security/resources/abe-allow-credentials.php",
  43       // Redirect is not allowed ('*' on the CORS redirect response), no access.
  44       success: false,
  45       access: "use-credentials"},
  46     { description: "Credentialled request: anonymous => credentialled image resource (cross origin.)",
  47       url: "http://127.0.0.1:8000/security/resources/abe-allow-credentials.php",
  48       // Redirect is not allowed ('*' on the CORS redirect response), no access.
  49       success: false,
  50       access: "use-credentials"},
  51     ];
  52
  53 function runNextTest() {
  54     if (!tests.length) {
  55         finish();
  56         return;
  57     }
  58     var test = tests.shift();
  59     var img = new Image();
  60     img.onload = test.success ? pass : fail;
  61     img.onerror = test.success ? fail : pass;
  62     img.crossOrigin = test.access;
  63     img.description = test.description;
  64     var args = [ "mode=" + redirect_cors,
  65                  "url=" + test.url];
  66     img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
  67     document.body.appendChild(img);
  68 }
  69 window.onload = runNextTest;
  70 </script>