SO-XO-SO-redirect-chain-tao.https.html (2677B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8" /> 5 <title>This test validates resource timing information for a same-origin=>cross-origin=>same-origin redirect chain without Timing-Allow-Origin.</title> 6 <link rel="help" href="https://www.w3.org/TR/resource-timing-2/#sec-cross-origin-resources"/> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script src="/common/get-host-info.sub.js"></script> 10 <script src="resources/resource-loaders.js"></script> 11 <script src="resources/entry-invariants.js"></script> 12 </head> 13 <body> 14 <script> 15 const {HTTPS_REMOTE_ORIGIN} = get_host_info(); 16 const SAME_ORIGIN = location.origin; 17 // Same-Origin => Cross-Origin => Same-Origin => Same-Origin redirect chain 18 let destUrl = `${SAME_ORIGIN}/resource-timing/resources/multi_redirect.py?`; 19 destUrl += `page_origin=${SAME_ORIGIN}`; 20 destUrl += `&cross_origin=${HTTPS_REMOTE_ORIGIN}`; 21 destUrl += `&final_resource=/resource-timing/resources/blank_page_green.htm`; 22 23 // No TAO in the redirect chain 24 attribute_test( 25 load.iframe, destUrl, 26 invariants.assert_cross_origin_redirected_resource, 27 "Verify that cross origin resources' timings are not exposed when " + 28 "same-origin=>cross-origin=>same-origin redirects have no " + 29 "`Timing-Allow-Origin:` headers."); 30 31 // Partial TAO in the redirect chain 32 destUrl += '&tao_steps=2'; 33 attribute_test( 34 load.iframe, destUrl, 35 invariants.assert_cross_origin_redirected_resource, 36 "Verify that cross origin resources' timings are not exposed when " + 37 "same-origin=>cross-origin=>same-origin redirects have " + 38 "`Timing-Allow-Origin:` headers only on some of the responses."); 39 40 // Cross-origin => Cross-Origin => Same-Origin => Same-Origin redirect chain. 41 destUrl = `${HTTPS_REMOTE_ORIGIN}/resource-timing/resources/multi_redirect.py?`; 42 destUrl += `page_origin=${SAME_ORIGIN}`; 43 destUrl += `&cross_origin=${HTTPS_REMOTE_ORIGIN}`; 44 destUrl += `&final_resource=/resource-timing/resources/blue-with-tao.png`; 45 destUrl += `&tao_steps=3`; 46 47 // Full redirect chain with `TAO: *`. 48 attribute_test( 49 load.image, destUrl, 50 invariants.assert_tao_enabled_cross_origin_redirected_resource, 51 "Verify that cross origin resources' timings are exposed when cross-origin " + 52 "redirects have `Timing-Allow-Origin: *` headers"); 53 54 // TAO with a specific origin 55 destUrl += `&tao_value=${SAME_ORIGIN}`; 56 attribute_test( 57 load.image, destUrl, 58 invariants.assert_cross_origin_redirected_resource, 59 "Verify that cross origin resources' timings are not exposed when " + 60 "same-origin=>cross-origin=>same-origin redirects have " + 61 "`Timing-Allow-Origin:` headers with a specific origin."); 62 </script> 63 </body> 64 </html>