summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fetch/security/redirect-to-url-with-credentials.https.html
blob: b06464805c2b0efcfca2546efade06ef1d532858 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

<html>
<header>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src="/common/get-host-info.sub.js"></script>
</header>
<body>
<script>
var host = get_host_info();

var sameOriginImageURL = "/common/redirect.py?location=" + host.HTTPS_ORIGIN_WITH_CREDS + "/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin= " + host.HTTPS_ORIGIN + "%26PNGIMAGE%26ACACredentials=true";
var imageURL = "/common/redirect.py?location=" + host.HTTPS_REMOTE_ORIGIN_WITH_CREDS + "/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin= " + host.HTTPS_ORIGIN + "%26PNGIMAGE%26ACACredentials=true";
var frameURL = "/common/redirect.py?location=" + host.HTTPS_REMOTE_ORIGIN_WITH_CREDS + "/common/blank.html";

promise_test((test) => {
    return fetch(imageURL, {mode: "no-cors"});
}, "No CORS fetch after a redirect with an URL containing credentials");

promise_test((test) => {
    return promise_rejects_js(test, TypeError, fetch(imageURL, {mode: "cors"}));
}, "CORS fetch after a redirect with a cross origin URL containing credentials");

promise_test((test) => {
    return fetch(sameOriginImageURL, {mode: "cors"});
}, "CORS fetch after a redirect with a same origin URL containing credentials");

promise_test((test) => {
    return new Promise((resolve, reject) => {
        var image = new Image();
        image.onload = resolve;
        image.onerror = (e) => reject(e);
        image.src = imageURL;
    });
}, "Image loading after a redirect with an URL containing credentials");

promise_test((test) => {
    return new Promise((resolve, reject) => {
        var image = new Image();
        image.crossOrigin = "use-credentials";
        image.onerror = resolve;
        image.onload = () => reject("Image should not load");
        image.src = imageURL;
    });
}, "CORS Image loading after a redirect with a cross origin URL containing credentials");

promise_test((test) => {
    return new Promise((resolve, reject) => {
        var image = new Image();
        image.crossOrigin = "use-credentials";
        image.onload = resolve;
        image.onerror = (e) => reject(e);
        image.src = sameOriginImageURL;
    });
}, "CORS Image loading after a redirect with a same origin URL containing credentials");

promise_test(async (test) => {
    var iframe = document.createElement("iframe");
    document.body.appendChild(iframe);
    await new Promise((resolve, reject) => {
        iframe.src = frameURL;
        iframe.onload = resolve;
        iframe.onerror = (e) => reject(e);
    });
    document.body.removeChild(iframe);
}, "Frame loading after a redirect with an URL containing credentials");
</script>
</body>
</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-10 04:06:14 +0000