1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
<!DOCTYPE html>
<meta charset="utf-8">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
document.cookie = 'same=1';
const setCookiePromise = fetch(
'http://{{domains[www2]}}:{{ports[http][0]}}/cookies/resources/set-cookie.py?name=cross&path=/html/semantics/scripting-1/the-script-element/module/',
{
mode: 'no-cors',
credentials: 'include',
});
const windowLoadPromise = new Promise(resolve => {
window.addEventListener('load', () => {
resolve();
});
});
promise_test(t => {
const iframe = document.createElement('iframe');
return Promise.all([setCookiePromise, windowLoadPromise]).then(() => {
const messagePromise = new Promise(resolve => {
window.addEventListener('message', event => {
resolve();
});
});
iframe.src = 'resources/credentials-iframe.sub.html';
document.body.appendChild(iframe);
return messagePromise;
}).then(() => {
const w = iframe.contentWindow;
assert_equals(w.sameOriginNone, 'found',
'Modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
assert_equals(w.sameOriginAnonymous, 'found',
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
assert_equals(w.sameOriginUseCredentials, 'found',
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
assert_equals(w.crossOriginNone, 'not found',
'Modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
assert_equals(w.crossOriginAnonymous, 'not found',
'Modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
assert_equals(w.crossOriginUseCredentials, 'found',
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
assert_equals(w.sameOriginNoneDescendant, 'found',
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
assert_equals(w.sameOriginAnonymousDescendant, 'found',
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
assert_equals(w.sameOriginUseCredentialsDescendant, 'found',
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
assert_equals(w.crossOriginNoneDescendant, 'not found',
'Descendant modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
assert_equals(w.crossOriginAnonymousDescendant, 'not found',
'Descendant modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
assert_equals(w.crossOriginUseCredentialsDescendant, 'found',
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
});
}, 'Modules should be loaded with or without the credentials based on the same-origin-ness and the crossOrigin attribute');
</script>
<body>
</body>
|
