summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/resource-timing/TAO-match.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/resource-timing/TAO-match.html
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/resource-timing/TAO-match.html')
-rw-r--r--testing/web-platform/tests/resource-timing/TAO-match.html82
1 files changed, 82 insertions, 0 deletions
diff --git a/testing/web-platform/tests/resource-timing/TAO-match.html b/testing/web-platform/tests/resource-timing/TAO-match.html
new file mode 100644
index 0000000000..dc0e2f7443
--- /dev/null
+++ b/testing/web-platform/tests/resource-timing/TAO-match.html
@@ -0,0 +1,82 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8" />
+<title>Resource Timing TAO tests</title>
+<link rel="author" title="Google" href="http://www.google.com/" />
+<link rel="help"
+ href="https://www.w3.org/TR/resource-timing-2/#timing-allow-origin"/>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/custom-cors-response.js"></script>
+<script src="resources/entry-invariants.js"></script>
+<script src="resources/resource-loaders.js"></script>
+<script src="resources/tao-response.js"></script>
+<body>
+<script>
+const {ORIGIN, REMOTE_ORIGIN} = get_host_info();
+
+const run_test = (loader, resource_type) => {
+ attribute_test(loader, remote_tao_response(ORIGIN),
+ invariants.assert_tao_pass_no_redirect_http,
+ `The timing allow check algorithm will pass when the Timing-Allow-Origin ` +
+ `header value contains only the origin. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response('*'),
+ invariants.assert_tao_pass_no_redirect_http,
+ `The timing allow check algorithm will pass when the Timing-Allow-Origin ` +
+ `header value contains only a wildcard. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response(`${ORIGIN},fake`),
+ invariants.assert_tao_pass_no_redirect_http,
+ `The timing allow check algorithm will pass when the Timing-Allow-Origin ` +
+ `header value list contains a case-sensitive match. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response(`${ORIGIN},*`),
+ invariants.assert_tao_pass_no_redirect_http,
+ `The timing allow check algorithm will pass when the Timing-Allow-Origin ` +
+ `header value list contains the origin and a wildcard. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response('fake,*'),
+ invariants.assert_tao_pass_no_redirect_http,
+ `The timing allow check algorithm will pass when the Timing-Allow-Origin ` +
+ `header value list contains a wildcard. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response('null'),
+ invariants.assert_tao_failure_resource,
+ `The timing allow check algorithm will fail when the Timing-Allow-Origin ` +
+ `header value list contains a null origin. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response('*,*'),
+ invariants.assert_tao_pass_no_redirect_http,
+ `The timing allow check algorithm will pass when the Timing-Allow-Origin ` +
+ `header value list contains multiple wildcards. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response(ORIGIN.toUpperCase()),
+ invariants.assert_tao_failure_resource,
+ `The timing allow check algorithm will fail when the Timing-Allow-Origin ` +
+ `header value contains only the uppercased origin. (${resource_type})`);
+
+ attribute_test(loader, remote_tao_response(`${ORIGIN} *`),
+ invariants.assert_tao_failure_resource,
+ `The timing allow check algorithm will fail when the Timing-Allow-Origin ` +
+ `header value contains the origin, a space, then a wildcard. ` +
+ `(${resource_type})`);
+
+ attribute_test(loader, custom_cors_response({}, REMOTE_ORIGIN),
+ invariants.assert_tao_failure_resource,
+ `The timing allow check algorithm will fail when the Timing-Allow-Origin ` +
+ `header is not present. (${resource_type})`);
+};
+
+run_test(load.font, "font");
+run_test(load.iframe, "iframe");
+run_test(load.image, "image");
+run_test(load.script, "script");
+run_test(load.stylesheet, "stylesheet");
+run_test(load.xhr_sync, "XMLHttpRequest");
+
+</script>
+</body>
+</html>