opaque-origin.html (1854B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta charset="utf-8" /> 5 <title>Resource Timing TAO - "null" and opaque origin</title> 6 <link rel="author" title="Google" href="http://www.google.com/" /> 7 <link rel="help" href="https://www.w3.org/TR/resource-timing-2/#timing-allow-origin"/> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src="/common/get-host-info.sub.js"></script> 11 </head> 12 <body> 13 <h1>Description</h1> 14 <p>This test validates that, for a cross origin resource, the timing allow 15 check algorithm will correctly distinguish between 'null' and 'Null' values in 16 the Timing-Allow-Origin header. An opaque origin's serialization is the string 17 "null" and the timing allow origin check needs to do a case-sensitive comparison 18 to the Timing-Allow-Origin header. 19 </p> 20 <iframe id="frameContext"></iframe> 21 <script> 22 const {ORIGIN} = get_host_info(); 23 const url = `${ORIGIN}/resource-timing/resources/TAOResponse.py`; 24 const frame_content = `data:text/html;utf8,<body> 25 <script src="${ORIGIN}/resources/testharness.js"></` + `script> 26 <script src="${ORIGIN}/resource-timing/resources/entry-invariants.js"> 27 </` + `script> 28 <script> 29 attribute_test(fetch, "${url}?tao=null", 30 invariants.assert_tao_pass_no_redirect_http, 31 "An opaque origin should be authorized to see resource timings when the" + 32 "TAO header is the string 'null'"); 33 attribute_test(fetch, "${url}?tao=Null", 34 invariants.assert_tao_failure_resource, 35 "An opaque origin must not be authorized to see resource timings when " + 36 "the TAO header is the string 'Null'. (The check for 'null' must be " + 37 "case-sensitive)"); 38 </` + `script> 39 </body>`; 40 41 frameContext.style = "display:none"; 42 frameContext.src = frame_content; 43 fetch_tests_from_window(frameContext.contentWindow); 44 </script> 45 </body> 46 </html>