Skip to content

Commit b8b37d4

Browse files
annevkannevk
committed
Fetch: test Cross-Origin-Resource-Policy: same-site's scheme restriction
Supplements #11171. For whatwg/fetch#733.
1 parent b7373b4 commit b8b37d4

File tree

3 files changed

+20
-1
lines changed

3 files changed

+20
-1
lines changed

fetch/cross-origin-resource-policy/resources/image.py

-1
Original file line numberDiff line numberDiff line change
@@ -18,4 +18,3 @@ def main(request, response):
1818
response.writer.end_headers()
1919

2020
response.writer.write(body)
21-

fetch/cross-origin-resource-policy/scheme-restriction.any.js

+7
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
// META: script=/common/get-host-info.sub.js
2+
3+
promise_test(t => {
4+
return promise_rejects(t,
5+
new TypeError(),
6+
fetch(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site", { mode: "no-cors" }));
7+
}, "Cross-Origin-Resource-Policy: same-site blocks retrieving HTTPS from HTTP");

fetch/cross-origin-resource-policy/scheme-restriction.https.window.js

+13
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
// META: script=/common/get-host-info.sub.js
2+
3+
promise_test(t => {
4+
const img = new Image();
5+
img.src = get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site";
6+
return new Promise((resolve, reject) => {
7+
img.onload = resolve;
8+
img.onerror = reject;
9+
document.body.appendChild(img);
10+
}).finally(() => {
11+
img.remove();
12+
});
13+
}, "Cross-Origin-Resource-Policy does not block Mixed Content <img>");

0 commit comments

Comments
 (0)