TAO-match.html (3582B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta charset="utf-8" /> 5 <title>Resource Timing TAO tests</title> 6 <link rel="author" title="Google" href="http://www.google.com/" /> 7 <link rel="help" 8 href="https://www.w3.org/TR/resource-timing-2/#timing-allow-origin"/> 9 <script src="/resources/testharness.js"></script> 10 <script src="/resources/testharnessreport.js"></script> 11 <script src="/common/get-host-info.sub.js"></script> 12 <script src="/common/custom-cors-response.js"></script> 13 <script src="resources/entry-invariants.js"></script> 14 <script src="resources/resource-loaders.js"></script> 15 <script src="resources/tao-response.js"></script> 16 <body> 17 <script> 18 const {ORIGIN, REMOTE_ORIGIN} = get_host_info(); 19 20 const run_test = (loader, resource_type) => { 21 attribute_test(loader, remote_tao_response(ORIGIN), 22 invariants.assert_tao_pass_no_redirect_http, 23 `The timing allow check algorithm will pass when the Timing-Allow-Origin ` + 24 `header value contains only the origin. (${resource_type})`); 25 26 attribute_test(loader, remote_tao_response('*'), 27 invariants.assert_tao_pass_no_redirect_http, 28 `The timing allow check algorithm will pass when the Timing-Allow-Origin ` + 29 `header value contains only a wildcard. (${resource_type})`); 30 31 attribute_test(loader, remote_tao_response(`${ORIGIN},fake`), 32 invariants.assert_tao_pass_no_redirect_http, 33 `The timing allow check algorithm will pass when the Timing-Allow-Origin ` + 34 `header value list contains a case-sensitive match. (${resource_type})`); 35 36 attribute_test(loader, remote_tao_response(`${ORIGIN},*`), 37 invariants.assert_tao_pass_no_redirect_http, 38 `The timing allow check algorithm will pass when the Timing-Allow-Origin ` + 39 `header value list contains the origin and a wildcard. (${resource_type})`); 40 41 attribute_test(loader, remote_tao_response('fake,*'), 42 invariants.assert_tao_pass_no_redirect_http, 43 `The timing allow check algorithm will pass when the Timing-Allow-Origin ` + 44 `header value list contains a wildcard. (${resource_type})`); 45 46 attribute_test(loader, remote_tao_response('null'), 47 invariants.assert_tao_failure_resource, 48 `The timing allow check algorithm will fail when the Timing-Allow-Origin ` + 49 `header value list contains a null origin. (${resource_type})`); 50 51 attribute_test(loader, remote_tao_response('*,*'), 52 invariants.assert_tao_pass_no_redirect_http, 53 `The timing allow check algorithm will pass when the Timing-Allow-Origin ` + 54 `header value list contains multiple wildcards. (${resource_type})`); 55 56 attribute_test(loader, remote_tao_response(ORIGIN.toUpperCase()), 57 invariants.assert_tao_failure_resource, 58 `The timing allow check algorithm will fail when the Timing-Allow-Origin ` + 59 `header value contains only the uppercased origin. (${resource_type})`); 60 61 attribute_test(loader, remote_tao_response(`${ORIGIN} *`), 62 invariants.assert_tao_failure_resource, 63 `The timing allow check algorithm will fail when the Timing-Allow-Origin ` + 64 `header value contains the origin, a space, then a wildcard. ` + 65 `(${resource_type})`); 66 67 attribute_test(loader, custom_cors_response({}, REMOTE_ORIGIN), 68 invariants.assert_tao_failure_resource, 69 `The timing allow check algorithm will fail when the Timing-Allow-Origin ` + 70 `header is not present. (${resource_type})`); 71 }; 72 73 run_test(load.font, "font"); 74 run_test(load.iframe, "iframe"); 75 run_test(load.image, "image"); 76 run_test(load.script, "script"); 77 run_test(load.stylesheet, "stylesheet"); 78 run_test(load.xhr_sync, "XMLHttpRequest"); 79 80 </script> 81 </body> 82 </html>