1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
async_test(t => {
var i = document.createElement('img');
i.onerror = t.step_func_done();
i.onload = t.unreached_func("'onload' should not fire.");
i.src = "http://user:pass@{{domains[www]}}:{{ports[http][0]}}/images/red.png";
}, "Embedded credentials are treated as network errors.");
async_test(t => {
var i = document.createElement('iframe');
i.src = "./support/embedded-credential-window.sub.html";
i.onload = t.step_func(_ => {
var c = new MessageChannel();
c.port1.onmessage = t.step_func_done(e => {
assert_equals(e.data, "Error", "The image should not load.");
i.remove();
});
i.contentWindow.postMessage("Hi!", "*", [c.port2]);
});
document.body.appendChild(i);
}, "Embedded credentials are treated as network errors in frames.");
async_test(t => {
var w = window.open("./support/embedded-credential-window.sub.html");
window.addEventListener("message", t.step_func(message => {
if (message.source != w)
return;
var c = new MessageChannel();
c.port1.onmessage = t.step_func_done(e => {
w.close();
assert_equals(e.data, "Error", "The image should not load.");
});
w.postMessage("absolute", "*", [c.port2]);
}));
}, "Embedded credentials are treated as network errors in new windows.");
async_test(t => {
var w = window.open();
w.location.href = "http://user:pass@{{domains[www]}}:{{ports[http][0]}}/fetch/security/support/embedded-credential-window.sub.html";
window.addEventListener("message", t.step_func(message => {
if (message.source != w)
return;
var c = new MessageChannel();
c.port1.onmessage = t.step_func_done(e => {
w.close();
assert_equals(e.data, "Load", "The image should load.");
});
w.postMessage("relative", "*", [c.port2]);
}));
}, "Embedded credentials matching the top-level are not treated as network errors for relative URLs.");
async_test(t => {
var w = window.open();
w.location.href = "http://user:pass@{{domains[www]}}:{{ports[http][0]}}/fetch/security/support/embedded-credential-window.sub.html";
window.addEventListener("message", t.step_func(message => {
if (message.source != w)
return;
var c = new MessageChannel();
c.port1.onmessage = t.step_func_done(e => {
w.close();
assert_equals(e.data, "Load", "The image should load.");
});
w.postMessage("same-origin-matching", "*", [c.port2]);
}));
}, "Embedded credentials matching the top-level are not treated as network errors for same-origin URLs.");
async_test(t => {
var w = window.open();
w.location.href = "http://user:pass@{{domains[www]}}:{{ports[http][0]}}/fetch/security/support/embedded-credential-window.sub.html";
window.addEventListener("message", t.step_func(message => {
if (message.source != w)
return;
var c = new MessageChannel();
c.port1.onmessage = t.step_func_done(e => {
w.close();
assert_equals(e.data, "Error", "The image should load.");
});
w.postMessage("cross-origin-matching", "*", [c.port2]);
}));
}, "Embedded credentials matching the top-level are treated as network errors for cross-origin URLs.");
</script>
|
