tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

fetch.any.js (4311B)

      1 // META: timeout=long
      2 // META: global=window,dedicatedworker,sharedworker
      3 // META: script=/common/get-host-info.sub.js
      4 
      5 const host = get_host_info();
      6 const path = "/fetch/cross-origin-resource-policy/";
      7 const localBaseURL = host.HTTP_ORIGIN + path;
      8 const sameSiteBaseURL = "http://" + host.ORIGINAL_HOST + ":" + host.HTTP_PORT2 + path;
      9 const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + path;
     10 const httpsBaseURL = host.HTTPS_ORIGIN + path;
     11 
     12 promise_test(async () => {
     13    const response = await fetch("./resources/hello.py?corp=same-origin");
     14    assert_equals(await response.text(), "hello");
     15 }, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     16 
     17 promise_test(async () => {
     18    const response = await fetch("./resources/hello.py?corp=same-site");
     19    assert_equals(await response.text(), "hello");
     20 }, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     21 
     22 promise_test(async (test) => {
     23    const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-origin");
     24    assert_equals(await response.text(), "hello");
     25 }, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     26 
     27 promise_test(async (test) => {
     28    const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-site");
     29    assert_equals(await response.text(), "hello");
     30 }, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     31 
     32 promise_test((test) => {
     33    const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin";
     34    return promise_rejects_js(test, TypeError, fetch(remoteURL, { mode : "no-cors" }));
     35 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     36 
     37 promise_test((test) => {
     38    const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-site";
     39    return promise_rejects_js(test, TypeError, fetch(remoteURL, { mode: "no-cors" }));
     40 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     41 
     42 promise_test((test) => {
     43    const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site";
     44    return promise_rejects_js(test, TypeError, fetch(remoteURL, { mode: "no-cors" }));
     45 }, "Cross-scheme (HTTP to HTTPS) no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     46 
     47 promise_test((test) => {
     48    const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-origin";
     49    return promise_rejects_js(test, TypeError, fetch(remoteURL, { mode : "no-cors" }));
     50 }, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     51 
     52 promise_test(async (test) => {
     53    const remoteSameSiteURL = sameSiteBaseURL + "resources/hello.py?corp=same-site";
     54 
     55    await fetch(remoteSameSiteURL, { mode: "no-cors" });
     56 
     57    return promise_rejects_js(test, TypeError, fetch(sameSiteBaseURL + "resources/hello.py?corp=same-origin", { mode: "no-cors" }));
     58 }, "Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     59 
     60 promise_test((test) => {
     61    const finalURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin";
     62    return promise_rejects_js(test, TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
     63 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.");
     64 
     65 promise_test((test) => {
     66    const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
     67    return fetch(notSameSiteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" });
     68 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection.");
     69 
     70 promise_test(async (test) => {
     71    const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
     72 
     73    await fetch(finalURL, { mode: "no-cors" });
     74 
     75    return promise_rejects_js(test, TypeError, fetch(notSameSiteBaseURL + "resources/redirect.py?corp=same-origin&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
     76 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header.");