tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

fetch.https.any.js (3109B)

      1 // META: timeout=long
      2 // META: global=window,worker
      3 // META: script=/common/get-host-info.sub.js
      4 
      5 const host = get_host_info();
      6 const path = "/fetch/cross-origin-resource-policy/";
      7 const localBaseURL = host.HTTPS_ORIGIN + path;
      8 const notSameSiteBaseURL = host.HTTPS_NOTSAMESITE_ORIGIN + path;
      9 
     10 promise_test(async () => {
     11    const response = await fetch("./resources/hello.py?corp=same-origin");
     12    assert_equals(await response.text(), "hello");
     13 }, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     14 
     15 promise_test(async () => {
     16    const response = await fetch("./resources/hello.py?corp=same-site");
     17    assert_equals(await response.text(), "hello");
     18 }, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     19 
     20 promise_test(async (test) => {
     21    const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-origin");
     22    assert_equals(await response.text(), "hello");
     23 }, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     24 
     25 promise_test(async (test) => {
     26    const response = await fetch(notSameSiteBaseURL + "resources/hello.py?corp=same-site");
     27    assert_equals(await response.text(), "hello");
     28 }, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     29 
     30 promise_test((test) => {
     31    const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin";
     32    return promise_rejects_js(test, TypeError, fetch(remoteURL, { mode : "no-cors" }));
     33 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     34 
     35 promise_test((test) => {
     36    const remoteURL = notSameSiteBaseURL + "resources/hello.py?corp=same-site";
     37    return promise_rejects_js(test, TypeError, fetch(remoteURL, { mode: "no-cors" }));
     38 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     39 
     40 promise_test((test) => {
     41    const finalURL = notSameSiteBaseURL + "resources/hello.py?corp=same-origin";
     42    return promise_rejects_js(test, TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
     43 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.");
     44 
     45 promise_test((test) => {
     46    const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
     47    return fetch(notSameSiteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" });
     48 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection.");
     49 
     50 promise_test(async (test) => {
     51    const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
     52 
     53    await fetch(finalURL, { mode: "no-cors" });
     54 
     55    return promise_rejects_js(test, TypeError, fetch(notSameSiteBaseURL + "resources/redirect.py?corp=same-origin&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
     56 }, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header.");