tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

image-loads.html (2141B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4    <script src="/resources/testharness.js"></script>
      5    <script src="/resources/testharnessreport.js"></script>
      6    <script src="/common/get-host-info.sub.js"></script>
      7 </head>
      8 <body>
      9    <div id="testDiv"></div>
     10    <script>
     11 const host = get_host_info();
     12 const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
     13 const ok = true;
     14 const ko = false;
     15 const noCors = false;
     16 
     17 function loadImage(url, shoudLoad, corsMode, title)
     18 {
     19    const testDiv = document.getElementById("testDiv");
     20    promise_test(() => {
     21        const img = new Image();
     22        if (corsMode)
     23            img.crossOrigin = corsMode;
     24        img.src = url;
     25        return new Promise((resolve, reject) => {
     26            img.onload = shoudLoad ? resolve : reject;
     27            img.onerror = shoudLoad ? reject : resolve;
     28            testDiv.appendChild(img);
     29        }).finally(() => {
     30            testDiv.innerHTML = "";
     31        });
     32    }, title);
     33 }
     34 
     35 loadImage("./resources/image.py?corp=same-origin", ok, noCors,
     36    "Same-origin image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     37 
     38 loadImage("./resources/image.py?corp=same-site", ok, noCors,
     39    "Same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     40 
     41 loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-origin&acao=*", ok, "anonymous",
     42    "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     43 
     44 loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-site&acao=*", ok, "anonymous",
     45    "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     46 
     47 loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-origin&acao=*", ko, noCors,
     48    "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     49 
     50 loadImage(notSameSiteBaseURL + "resources/image.py?corp=same-site&acao=*", ko, noCors,
     51    "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     52    </script>
     53 </body>
     54 </html>