Upstream version 5.34.104.0

[platform/framework/web/crosswalk.git] / src / third_party / WebKit / LayoutTests / http / tests / security / img-crossorigin-redirect-credentials.html

<!DOCTYPE HTML>
<script src="/js-test-resources/js-test.js"></script>
<script>
description("Testing the handling of CORS-enabled fetch in the presence of 'credentialled' redirects.");

// Explain the short form descriptions ('=>' representing the redirect.)
debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
debug("");

var redirect_cors = "use-credentials";

window.jsTestIsAsync = true;
if (window.testRunner)
    testRunner.dumpAsText();

function finish() {
    if (window.testRunner)
        finishJSTest();
}

function fail() {
    debug("FAIL: " + this.description);
    runNextTest();
}

function pass() {
    debug("PASS: " + this.description);
    runNextTest();
}

var tests = [
    { description: "Anonymous request: credentialled => no-CORS image resource.",
      url: "http://localhost:8000/security/resources/abe.png",
      // Redirect is allowed, but fails access check on the non-CORS resource.
      success: false,
      access: "anonymous"},
    { description: "Anonymous request: credentialled => anonymous CORS image resource (same origin.)",
      url: "http://localhost:8000/security/resources/abe-allow-star.php",
      // Redirect is allowed, as is access to the anonymous CORS resource.
      success: true,
      access: "anonymous"},
    { description: "Anonymous request: credentialled => anonymous CORS image resource (cross origin.)",
      url: "http://localhost:8080/security/resources/abe-allow-star.php",
      // Redirect is allowed, as is access (with origin 'null') to the CORS resource.
      success: true,
      access: "anonymous"},
    { description: "Credentialled request: credentialled => credentialled-CORS image resource (same origin.)",
      url: "http://localhost:8000/security/resources/abe-allow-credentials.php",
      // Redirect is allowed, as is access (with original origin) to the CORS resource.
      success: true,
      access: "use-credentials"},
    { description: "Credentialled request: credentialled => credentialled-CORS image resource (cross origin.)",
      url: "http://127.0.0.1:8080/security/resources/abe-allow-credentials.php",
      // Redirect is allowed, source origin mutates to 'null', so credentialled resource not accessible.
      success: false,
      access: "use-credentials"},
    { description: "Credentialled request: credentialled => anonymous-CORS image resource (same origin.)",
      url: "http://localhost:8000/security/resources/abe-allow-star.php",
      // Redirect is allowed, but anonymous resource with * as allowed origins is not accessible.
      success: false,
      access: "use-credentials"},
    { description: "Credentialled request: credentialled => anonymous-CORS image resource (cross origin.)",
      url: "http://127.0.0.1:8000/security/resources/abe-allow-star.php",
      // Redirect is allowed, source origin mutates to 'null', so anonymous resource with * as allowed origins is not accessible.
      success: false,
      access: "use-credentials"},
    ];

function runNextTest() {
    if (!tests.length) {
        finish();
        return;
    }
    var test = tests.shift();
    var img = new Image();
    img.onload = test.success ? pass : fail;
    img.onerror = test.success ? fail : pass;
    img.crossOrigin = test.access;
    img.description = test.description;
    var args = [ "mode=" + redirect_cors,
                 "url=" + test.url];
    img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
    document.body.appendChild(img);
}
window.onload = runNextTest;
</script>