diff options
Diffstat (limited to 'test/wpt/tests/fetch/cross-origin-resource-policy/script-loads.html')
| -rw-r--r-- | test/wpt/tests/fetch/cross-origin-resource-policy/script-loads.html | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/test/wpt/tests/fetch/cross-origin-resource-policy/script-loads.html b/test/wpt/tests/fetch/cross-origin-resource-policy/script-loads.html new file mode 100644 index 0000000..a9690fc --- /dev/null +++ b/test/wpt/tests/fetch/cross-origin-resource-policy/script-loads.html @@ -0,0 +1,52 @@ +<!DOCTYPE html> +<html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/get-host-info.sub.js"></script> +</head> +<body> + <div id="testDiv"></div> + <script> +const host = get_host_info(); +const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ; +const ok = true; +const ko = false; +const noCors = false; + +function loadScript(url, shoudLoad, corsMode, title) +{ + const testDiv = document.getElementById("testDiv"); + promise_test(() => { + const script = document.createElement("script"); + if (corsMode) + script.crossOrigin = corsMode; + script.src = url; + return new Promise((resolve, reject) => { + script.onload = shoudLoad ? resolve : reject; + script.onerror = shoudLoad ? reject : resolve; + testDiv.appendChild(script); + }); + }, title); +} + +loadScript("./resources/script.py?corp=same-origin", ok, noCors, + "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); + +loadScript("./resources/script.py?corp=same-site", ok, noCors, + "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header."); + +loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-origin&acao=*", ok, "anonymous", + "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); + +loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-site&acao=*", ok, "anonymous", + "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header."); + +loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-origin&acao=*", ko, noCors, + "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header."); + +loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-site&acao=*", ko, noCors, + "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header."); + </script> +</body> +</html> |