unsafe-method.https.window.js (1833B)
1 // META: script=resources/util.js 2 3 async_test((t) => { 4 // This test requires a navigation with a non-safe (i.e. non-GET) HTTP 5 // response, which the Critical-CH spec says to ignore. The most 6 // "straight-forward" way to do this in JS is by making a form with an 7 // unsafe method (e.g. POST) method and submit it. 8 9 // Build the form DOM element 10 var form = document.createElement("form"); 11 form.setAttribute("method", "post"); 12 form.setAttribute("action", ECHO_URL); 13 form.setAttribute("target", "popup"); //don't navigate away from the page running the test... 14 document.body.appendChild(form); 15 16 window.addEventListener('message', (e) => { 17 t.step(()=>{assert_equals(e.data, "FAIL")}); 18 t.done(); 19 }); 20 21 var popup_window = window.open("/common/blank.html", "popup"); 22 assert_not_equals(popup_window, null, "Popup windows not allowed?"); 23 24 form.submit(); 25 }, "Critical-CH unsafe method") 26 27 async_test((t) => { 28 // This test requires a navigation with a non-safe (i.e. non-GET) HTTP 29 // response, which the Critical-CH spec says to ignore. The most 30 // "straight-forward" way to do this in JS is by making a form with an 31 // unsafe method (e.g. POST) method and submit it. 32 33 // Build the form DOM element 34 var form = document.createElement("form"); 35 form.setAttribute("method", "post"); 36 form.setAttribute("action", ECHO_URL+"?multiple=true"); 37 form.setAttribute("target", "popup"); //don't navigate away from the page running the test... 38 document.body.appendChild(form); 39 40 window.addEventListener('message', (e) => { 41 t.step(()=>{assert_equals(e.data, "FAIL")}); 42 t.done(); 43 }); 44 45 var popup_window = window.open("/common/blank.html", "popup"); 46 assert_not_equals(popup_window, null, "Popup windows not allowed?"); 47 48 form.submit(); 49 }, "Critical-CH w/ multiple headers and unsafe method")