1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Resource Timing - Check that nextHopProtocol is TAO protected</title>
<link rel="help" href="https://www.w3.org/TR/resource-timing-2/#sec-performanceresourcetiming"/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/custom-cors-response.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/entry-invariants.js"></script>
<script src="resources/resource-loaders.js"></script>
<script src="resources/tao-response.js"></script>
</head>
<body>
<script>
const {HTTPS_REMOTE_ORIGIN} = get_host_info();
const tao_protected_next_hop_test = (loader, item) => {
attribute_test(
loader, custom_cors_response({}, HTTPS_REMOTE_ORIGIN),
entry => assert_equals(entry.nextHopProtocol, "",
"nextHopProtocol should be the empty string."),
`Fetch TAO-less ${item} from remote origin. Make sure nextHopProtocol ` +
"is the empty string."
);
attribute_test(
loader, remote_tao_response('*'),
entry => assert_not_equals(entry.nextHopProtocol, "",
"nextHopProtocol should not be the empty string."),
`Fetch TAO'd ${item} from remote origin. Make sure nextHopProtocol ` +
"is not the empty string."
);
}
tao_protected_next_hop_test(load.font, "font");
tao_protected_next_hop_test(load.iframe, "iframe");
tao_protected_next_hop_test(load.image, "image");
tao_protected_next_hop_test(path => load.object(path, "text/plain"), "object");
tao_protected_next_hop_test(load.script, "script");
tao_protected_next_hop_test(load.stylesheet, "stylesheet");
tao_protected_next_hop_test(load.xhr_sync, "synchronous xhr");
tao_protected_next_hop_test(load.xhr_async, "asynchronous xhr");
</script>
</body>
</html>
|