tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

require-corp-cached-images.https.html (2606B)

      1 <!doctype html>
      2 <html>
      3 <title> Images on a page Cross-Origin-Embedder-Policy: require-corp should load the same from the cache or network</title>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/get-host-info.sub.js"></script>
      7 <script src="/common/utils.js"></script>
      8 <script>
      9 
     10 function remote(path) {
     11  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
     12  return new URL(path, REMOTE_ORIGIN);
     13 }
     14 
     15 //
     16 // This test loads a same-origin iframe resources/load-corp-images.html with
     17 // Cross-Origin-Embedder-Policy: require-corp
     18 // The iframe loads two cross origin images, one with a
     19 // Cross-Origin-Resource-Policy: cross-origin header, and one without.
     20 // We expect the image with the header to load successfully and the one without
     21 // to fail to load.
     22 // After the first load we then reload the iframe, with the same expectations
     23 // for the image loads when they are loaded from the cache.
     24 //
     25 
     26 const RUNS = ["NETWORK", "CACHED"];
     27 const RESOURCE_DESC = ["No CORP image", "CORP image"];
     28 
     29 let EXPECTED_LOADS = {
     30  [`${RUNS[0]} - ${RESOURCE_DESC[0]}`]: false,
     31  [`${RUNS[0]} - ${RESOURCE_DESC[1]}`]: true,
     32  [`${RUNS[1]} - ${RESOURCE_DESC[0]}`]: false,
     33  [`${RUNS[1]} - ${RESOURCE_DESC[1]}`]: true,
     34 }
     35 
     36 let TESTS = {};
     37 for (let t in EXPECTED_LOADS) {
     38  TESTS[t] = async_test(t);
     39 }
     40 
     41 window.addEventListener("load", async () => {
     42  const t = async_test("main_test");
     43  const iframe = document.createElement("iframe");
     44  // The token attribute is used to ensure the resource has never been seen by
     45  // the HTTP cache. This can be useful if the cache isn't properly flushed in
     46  // between two tests.
     47  iframe.src = `resources/load-corp-images.html?revalidate=false&token=${token()}`;
     48  let runCount = 0;
     49  window.addEventListener("message", (event) => {
     50    // After the first done event we reload the iframe.
     51    if (event.data.done) {
     52      ++runCount;
     53      if (runCount < RUNS.length) {
     54        iframe.contentWindow.location.reload();
     55      } else {
     56        // After the second done event the test is finished.
     57        t.done();
     58      }
     59      return;
     60    }
     61 
     62    // Check that each image either loads or doesn't based on the expectations
     63    let testName = `${RUNS[runCount]} - ${event.data.corp ? RESOURCE_DESC[1] : RESOURCE_DESC[0]}`;
     64    let test = TESTS[testName];
     65    test.step(() => {
     66      assert_equals(event.data.loaded, EXPECTED_LOADS[testName], `${testName} should ${EXPECTED_LOADS[testName] ? "" : "not"} succeed`);
     67    });
     68    test.done();
     69  }, false);
     70  document.body.appendChild(iframe);
     71 });
     72 
     73 </script>
     74 </html>