From 0ca581a985265d52f53dd5102dba41b910649278 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Thu, 4 Feb 2021 16:17:45 +0000 Subject: [PATCH] Bug 1687453 [wpt PR 27240] - Fetch: ensure preflight is required for Authorization/Range, a=testonly Automatic update from web-platform-tests Fetch: ensure preflight is required for Authorization/Range Plus some minor cleanup. We will likely have to treat Range as a special case for media elements (see https://github.com/whatwg/fetch/issues/145) so creating this to ensure that only happens when Range is set by the user agent. -- wpt-commits: 56116583e8a403e4b9d410c1429a83fbb96397f4 wpt-pr: 27240 --- .../fetch/api/cors/resources/not-cors-safelisted.json | 2 ++ .../fetch/api/credentials/authentication-basic.any.js | 4 ++-- testing/web-platform/tests/fetch/api/resources/utils.js | 7 ------- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/testing/web-platform/tests/fetch/api/cors/resources/not-cors-safelisted.json b/testing/web-platform/tests/fetch/api/cors/resources/not-cors-safelisted.json index 20a162f92c13b..945dc0f93ba4a 100644 --- a/testing/web-platform/tests/fetch/api/cors/resources/not-cors-safelisted.json +++ b/testing/web-platform/tests/fetch/api/cors/resources/not-cors-safelisted.json @@ -3,9 +3,11 @@ ["accept", "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"], ["accept-language", "\u0001"], ["accept-language", "@"], + ["authorization", "basics"], ["content-language", "\u0001"], ["content-language", "@"], ["content-type", "text/html"], ["content-type", "text/plain; long=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901"], + ["range", "bytes 0-"], ["test", "hi"] ] diff --git a/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js b/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js index babc5d003b108..31ccc3869775f 100644 --- a/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js +++ b/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js @@ -1,11 +1,10 @@ // META: global=window,worker -// META: script=../resources/utils.js function basicAuth(desc, user, pass, mode, status) { promise_test(function(test) { var headers = { "Authorization": "Basic " + btoa(user + ":" + pass)}; var requestInit = {"credentials": mode, "headers": headers}; - return fetch(RESOURCES_DIR + "authentication.py?realm=test", requestInit).then(function(resp) { + return fetch("../resources/authentication.py?realm=test", requestInit).then(function(resp) { assert_equals(resp.status, status, "HTTP status is " + status); assert_equals(resp.type , "basic", "Response's type is basic"); }); @@ -15,3 +14,4 @@ function basicAuth(desc, user, pass, mode, status) { basicAuth("User-added Authorization header with include mode", "user", "password", "include", 200); basicAuth("User-added Authorization header with same-origin mode", "user", "password", "same-origin", 200); basicAuth("User-added Authorization header with omit mode", "user", "password", "omit", 200); +basicAuth("User-added bogus Authorization header with omit mode", "notuser", "notpassword", "omit", 401); diff --git a/testing/web-platform/tests/fetch/api/resources/utils.js b/testing/web-platform/tests/fetch/api/resources/utils.js index 213d01a8bbf56..dfd5c1404cb9b 100644 --- a/testing/web-platform/tests/fetch/api/resources/utils.js +++ b/testing/web-platform/tests/fetch/api/resources/utils.js @@ -1,12 +1,5 @@ -var inWorker = false; var RESOURCES_DIR = "../resources/"; -try { - inWorker = !(self instanceof Window); -} catch (e) { - inWorker = true; -} - function dirname(path) { return path.replace(/\/[^\/]*$/, '/') }