1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
<!DOCTYPE html>
<html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
const fetch_from_data_url_shared_worker_test =
(url, cors, expectation, description) => {
promise_test(async () => {
const fetchURL = new URL(url, location.href) +
`${cors === 'null-origin'
? '?pipe=header(Access-Control-Allow-Origin, null)' : ''}`;
const scriptURL =
`data:text/javascript,` +
`async function test() {` +
` let allowed = true;` +
` try {` +
` await fetch('${fetchURL}');` +
` } catch (e) {` +
` allowed = false;` +
` }` +
` postMessage({allowed});` +
`}` +
`test();`;
const worker = new Worker(scriptURL);
const msgEvent = await new Promise(resolve => worker.onmessage = resolve);
assert_equals(msgEvent.data.allowed ? 'allowed' : 'rejected', expectation);
}, description);
};
fetch_from_data_url_shared_worker_test(
'../resources/top.txt',
'acao-omitted',
'rejected',
'fetching "top.txt" without ACAO should be rejected.'
);
fetch_from_data_url_shared_worker_test(
'../resources/top.txt',
'null-origin',
'allowed',
'fetching "top.txt" with CORS allowing null origin should be allowed.'
);
fetch_from_data_url_shared_worker_test(
'data:text/plain, top',
'acao-omitted',
'allowed',
'fetching data url script should be allowed.'
);
</script>
|
