diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
| commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
| tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /testing/web-platform/tests/subresource-integrity/sri-test-helpers.sub.js | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip | |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | testing/web-platform/tests/subresource-integrity/sri-test-helpers.sub.js | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/testing/web-platform/tests/subresource-integrity/sri-test-helpers.sub.js b/testing/web-platform/tests/subresource-integrity/sri-test-helpers.sub.js new file mode 100644 index 0000000000..53102d4544 --- /dev/null +++ b/testing/web-platform/tests/subresource-integrity/sri-test-helpers.sub.js @@ -0,0 +1,43 @@ +// This horrible hack is needed for the 'use-credentials' tests because, on +// response, if port 80 or 443 is the current port, it will not appear to +// the browser as part of the origin string. Since the origin *string* is +// used for CORS access control, instead of the origin itself, if there +// isn't an exact string match, the check will fail. For example, +// "http://example.com" would not match "http://example.com:80", because +// they are not exact string matches, even though the origins are the same. +// +// Thus, we only want the Access-Control-Allow-Origin header to have +// the port if it's not port 80 or 443, since the user agent will elide the +// ports in those cases. +const main_domain = '{{domains[]}}'; +const www_domain = '{{domains[www]}}'; +const default_port = (location.protocol === 'https:') ? '{{ports[https][0]}}' : + '{{ports[http][0]}}'; + +const port_string = (default_port !== '80' && default_port !== '443') ? + `:${default_port}` : ''; +const www_host_and_port = www_domain + port_string; + +// General resource prefixes. +const same_origin_prefix = '/subresource-integrity/'; +const xorigin_prefix = `${location.protocol}//${www_host_and_port}/subresource-integrity/`; + +// General resource suffixes, for piping CORS headers. +const anonymous = '&pipe=header(Access-Control-Allow-Origin,*)'; +const use_credentials = "&pipe=header(Access-Control-Allow-Credentials,true)|" + + "header(Access-Control-Allow-Origin," + location.origin + ")"; + +// Note that all of these style URLs have query parameters started, so any +// additional parameters should be appended starting with '&'. +const xorigin_anon_style = location.protocol + + '//' + www_host_and_port + + '/subresource-integrity/crossorigin-anon-style.css?'; + +const xorigin_creds_style = location.protocol + + '//' + www_host_and_port + + '/subresource-integrity/crossorigin-creds-style.css?acao_port=' + + port_string; + +const xorigin_ineligible_style = location.protocol + + '//' + www_host_and_port + + '/subresource-integrity/crossorigin-ineligible-style.css?'; |