tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

script-loads.html (2136B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4    <script src="/resources/testharness.js"></script>
      5    <script src="/resources/testharnessreport.js"></script>
      6    <script src="/common/get-host-info.sub.js"></script>
      7 </head>
      8 <body>
      9    <div id="testDiv"></div>
     10    <script>
     11 const host = get_host_info();
     12 const notSameSiteBaseURL = host.HTTP_NOTSAMESITE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
     13 const ok = true;
     14 const ko = false;
     15 const noCors = false;
     16 
     17 function loadScript(url, shoudLoad, corsMode, title)
     18 {
     19    const testDiv = document.getElementById("testDiv");
     20    promise_test(() => {
     21        const script = document.createElement("script");
     22        if (corsMode)
     23            script.crossOrigin = corsMode;
     24        script.src = url;
     25        return new Promise((resolve, reject) => {
     26            script.onload = shoudLoad ? resolve : reject;
     27            script.onerror = shoudLoad ? reject : resolve;
     28            testDiv.appendChild(script);
     29        });
     30    }, title);
     31 }
     32 
     33 loadScript("./resources/script.py?corp=same-origin", ok, noCors,
     34    "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     35 
     36 loadScript("./resources/script.py?corp=same-site", ok, noCors,
     37    "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     38 
     39 loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-origin&acao=*", ok, "anonymous",
     40    "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     41 
     42 loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-site&acao=*", ok, "anonymous",
     43    "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     44 
     45 loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-origin&acao=*", ko, noCors,
     46    "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
     47 
     48 loadScript(notSameSiteBaseURL + "resources/script.py?corp=same-site&acao=*", ko, noCors,
     49    "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.");
     50    </script>
     51 </body>
     52 </html>