1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=./resources/pending_beacon-helper.js
'use strict';
const {HTTPS_ORIGIN, HTTPS_NOTSAMESITE_ORIGIN} = get_host_info();
const SMALL_SIZE = 500;
for (const dataType in BeaconDataType) {
postBeaconSendDataTest(
dataType, generatePayload(SMALL_SIZE),
`PendingPostBeacon[${dataType}]: same-origin`,
{urlOptions: {host: HTTPS_ORIGIN, expectOrigin: HTTPS_ORIGIN}});
postBeaconSendDataTest(
dataType, generatePayload(SMALL_SIZE),
`PendingPostBeacon[${dataType}]: cross-origin, ` +
`CORS-safelisted Content-Type`,
{
urlOptions: {
host: HTTPS_NOTSAMESITE_ORIGIN,
expectOrigin: HTTPS_ORIGIN,
}
});
postBeaconSendDataTest(
dataType, generatePayload(SMALL_SIZE),
`PendingPostBeacon[${dataType}]: cross-origin, ` +
'CORS-safelisted Content-Type => ' +
'non-CORS response (from redirect handler) ' +
'should be rejected by browser',
{
expectCount: 0,
urlOptions: {
useRedirectHandler: true,
host: HTTPS_NOTSAMESITE_ORIGIN,
}
});
postBeaconSendDataTest(
dataType, generatePayload(SMALL_SIZE),
`PendingPostBeacon[${dataType}]: cross-origin, ` +
'CORS-safelisted Content-Type => no cookie expected',
{
setCookie: 'test_beacon_cookie',
urlOptions: {
host: HTTPS_NOTSAMESITE_ORIGIN,
expectOrigin: HTTPS_ORIGIN,
expectCredentials: false,
}
});
}
postBeaconSendDataTest(
BeaconDataType.Blob, generatePayload(SMALL_SIZE),
'PendingPostBeacon[Blob]: cross-origin, non-CORS-safelisted Content-Type' +
' => preflight expected',
{
urlOptions: {
host: HTTPS_NOTSAMESITE_ORIGIN,
contentType: 'application/octet-stream',
expectOrigin: HTTPS_ORIGIN,
expectPreflight: true,
}
});
|