forked from web-platform-tests/wpt
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Part 3: Add a web-platform test for the cors preflight partitioning.
Differential Revision: https://phabricator.services.mozilla.com/D93993 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1670617 gecko-commit: a41982f2e7ff59dcf930b472ad4a72a6217efa6b gecko-reviewers: ckerschb, annevk
- Loading branch information
1 parent
1e35b8b
commit d5c8455
Showing
4 changed files
with
124 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| // META: script=/common/utils.js | ||
|
|
||
| const TEST_PAGE = | ||
| "http://{{host}}:{{ports[http][0]}}/cors/resources/preflight-cache-partitioning.sub.html"; | ||
| const TEST_ANOTHER_PAGE = | ||
| "http://{{hosts[alt][]}}:{{ports[http][0]}}/cors/resources/preflight-cache-partitioning.sub.html"; | ||
|
|
||
| promise_test(async t => { | ||
| let uuid_token = token(); | ||
|
|
||
| const TEST_PAGES = [TEST_PAGE, TEST_ANOTHER_PAGE]; | ||
|
|
||
| // We will load the same page with different top-level origins to check if the | ||
| // CORS preflight cache is partitioned. The page will load the iframe with one | ||
| // origin and trigger the CORS preflight through fetching a cross-origin | ||
| // resources in the iframe. | ||
|
|
||
| for (let test_page of TEST_PAGES) { | ||
| let win; | ||
|
|
||
| await new Promise(resolve => { | ||
| window.onmessage = (e) => { | ||
| if (e.data.type === "loaded") { | ||
| resolve(); | ||
| } | ||
| }; | ||
|
|
||
| win = window.open(test_page); | ||
| }); | ||
|
|
||
| await new Promise(resolve => { | ||
| win.postMessage({ type: "run", token: uuid_token }, "*"); | ||
|
|
||
| window.onmessage = (e) => { | ||
| assert_equals(e.data.type, "pass", e.data.msg); | ||
| resolve(); | ||
| }; | ||
| }); | ||
|
|
||
| win.close(); | ||
| } | ||
| }, "The preflight cache should be partitioned"); |
27 changes: 27 additions & 0 deletions
27
cors/resources/preflight-cache-partitioning-iframe.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| <script> | ||
| window.onmessage = async (e) => { | ||
| if (e.data.type === "run") { | ||
| let token = e.data.token; | ||
| const test_url = | ||
| `http://{{hosts[alt][]}}:{{ports[http][0]}}/cors/resources/preflight-partitioning.py?token=${token}`; | ||
|
|
||
| let response = await fetch( | ||
| new Request(test_url, { | ||
| mode: "cors", | ||
| method: "GET", | ||
| headers: [["x-print", token]], | ||
| }) | ||
| ); | ||
|
|
||
| let result = await response.text(); | ||
|
|
||
| if (result === "1") { | ||
| parent.postMessage({ type: "pass", msg: "The CORS preflight was sent" }, "*"); | ||
| } else { | ||
| parent.postMessage({ type: "fail", msg: "The CORS preflight wasn't sent" }, "*"); | ||
| } | ||
| } | ||
| }; | ||
|
|
||
| parent.postMessage({ type: "loaded" }, "*"); | ||
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| <!doctype html> | ||
| <meta charset="utf-8"> | ||
| <title>Helper page for testing preflight cache partitioning</title> | ||
| <iframe id="iframe" src="http://{{host}}:{{ports[http][0]}}/cors/resources/preflight-cache-partitioning-iframe.sub.html"></iframe> | ||
| <script> | ||
| window.onmessage = (e) => { | ||
| switch (e.data.type || "") { | ||
| case "pass": | ||
| case "fail": | ||
| case "loaded": | ||
| opener.postMessage(e.data, "*"); | ||
| break; | ||
| default: | ||
| let iframe = document.getElementById("iframe"); | ||
| iframe.contentWindow.postMessage(e.data, "*"); | ||
| break; | ||
| } | ||
| }; | ||
|
|
||
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| def main(request, response): | ||
| headers = [(b"Content-Type", b"text/plain")] | ||
| headers.append((b"Access-Control-Allow-Origin", b"*")) | ||
|
|
||
| if request.method == u"GET": | ||
| token = request.GET.first(b"token") | ||
| value = request.server.stash.take(token) | ||
| if value == None: | ||
| body = u"0" | ||
| else: | ||
| if request.GET.first(b"check", None) == b"keep": | ||
| request.server.stash.put(token, value) | ||
| body = u"1" | ||
|
|
||
| return headers, body | ||
|
|
||
| if request.method == u"OPTIONS": | ||
| if not b"Access-Control-Request-Method" in request.headers: | ||
| response.set_error(400, u"No Access-Control-Request-Method header") | ||
| return u"ERROR: No access-control-request-method in preflight!" | ||
|
|
||
| headers.append((b"Access-Control-Allow-Methods", | ||
| request.headers[b'Access-Control-Request-Method'])) | ||
|
|
||
| if b"max_age" in request.GET: | ||
| headers.append((b"Access-Control-Max-Age", request.GET[b'max_age'])) | ||
|
|
||
| if b"token" in request.GET: | ||
| request.server.stash.put(request.GET.first(b"token"), 1) | ||
|
|
||
| headers.append((b"Access-Control-Allow-Headers", b"x-print")) | ||
|
|
||
| body = request.headers.get(b"x-print", b"NO") | ||
|
|
||
| return headers, body |