Skip to content

Commit

Permalink
Module scripts use same-origin credentials mode by default
Browse files Browse the repository at this point in the history
Before this CL, module scripts via <script type=module> used "omit" as
the default credentials mode. After this CL, "same-origin" is used. This
extends to module script descendants as well. Intent to implement and
ship: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/CUAxbvtnCh4.

[email protected], [email protected], [email protected]

Bug: 849101
Change-Id: I62617aafd3e226bc86459ec4a24138d9eac6e8ff
  • Loading branch information
domfarolino authored and Chrome-bot committed Sep 25, 2018
1 parent b040cb2 commit 7187550
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 19 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
}).then(() => {
const w = iframe.contentWindow;

assert_equals(w.sameOriginNone, 'not found',
assert_equals(w.sameOriginNone, 'found',
'Modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
assert_equals(w.sameOriginAnonymous, 'found',
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
Expand All @@ -52,18 +52,32 @@
assert_equals(w.crossOriginUseCredentials, 'found',
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');

assert_equals(w.sameOriginNoneDecendent, 'not found',
'Decendent modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
assert_equals(w.sameOriginAnonymousDecendent, 'found',
'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
assert_equals(w.sameOriginUseCredentialsDecendent, 'found',
'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
assert_equals(w.crossOriginNoneDecendent, 'not found',
'Decendent modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
assert_equals(w.crossOriginAnonymousDecendent, 'not found',
'Decendent modules should be loaded without the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
assert_equals(w.crossOriginUseCredentialsDecendent, 'found',
'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
assert_equals(w.sameOriginNoneDescendant, 'found',
'Descendant modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
assert_equals(w.sameOriginAnonymousDescendant, 'found',
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
assert_equals(w.sameOriginUseCredentialsDescendant, 'found',
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
assert_equals(w.crossOriginNoneDescendant, 'not found',
'Descendant modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
assert_equals(w.crossOriginAnonymousDescendant, 'not found',
'Descendant modules should be loaded without the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
assert_equals(w.crossOriginUseCredentialsDescendant, 'found',
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');

assert_equals(w.sameOriginNoneDynamicDescendant, 'found',
'Dynamic decendent modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
assert_equals(w.sameOriginAnonymousDynamicDescendant, 'found',
'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
assert_equals(w.sameOriginUseCredentialsDynamicDescendant, 'found',
'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
assert_equals(w.crossOriginNoneDynamicDescendant, 'not found',
'Dynamic descendant modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
assert_equals(w.crossOriginAnonymousDynamicDescendant, 'not found',
'Dynamic descendant modules should be loaded without the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
assert_equals(w.crossOriginUseCredentialsDynamicDescendant, 'found',
'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');

});
}, 'Modules should be loaded with or without the credentials based on the same-origin-ness and the crossOrigin attribute');
</script>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,24 +25,44 @@
</script>

<script type="module">
import "./check-cookie.py?id=sameOriginNoneDecendent&cookieName=same";
import "./check-cookie.py?id=sameOriginNoneDescendant&cookieName=same";
</script>
<script type="module" crossOrigin="anonymous">
import "./check-cookie.py?id=sameOriginAnonymousDecendent&cookieName=same";
import "./check-cookie.py?id=sameOriginAnonymousDescendant&cookieName=same";
</script>
<script type="module" crossOrigin="use-credentials">
import "./check-cookie.py?id=sameOriginUseCredentialsDecendent&cookieName=same";
import "./check-cookie.py?id=sameOriginUseCredentialsDescendant&cookieName=same";
</script>
<script type="module">
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDecendent&cookieName=cross";
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDescendant&cookieName=cross";
</script>
<script type="module" crossOrigin="anonymous">
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDecendent&cookieName=cross";
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDescendant&cookieName=cross";
</script>
<script type="module" crossOrigin="use-credentials">
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDecendent&cookieName=cross";
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDescendant&cookieName=cross";
</script>

<script type="module">
import("./check-cookie.py?id=sameOriginNoneDynamicDescendant&cookieName=same");
</script>
<script type="module" crossOrigin="anonymous">
import("./check-cookie.py?id=sameOriginAnonymousDynamicDescendant&cookieName=same");
</script>
<script type="module" crossOrigin="use-credentials">
import("./check-cookie.py?id=sameOriginUseCredentialsDynamicDescendant&cookieName=same");
</script>
<script type="module">
import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDynamicDescendant&cookieName=cross");
</script>
<script type="module" crossOrigin="anonymous">
import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDynamicDescendant&cookieName=cross");
</script>
<script type="module" crossOrigin="use-credentials">
import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDynamicDescendant&cookieName=cross");
</script>


<script type="text/javascript">
window.addEventListener('load', event => {
window.parent.postMessage({}, '*');
Expand Down

0 comments on commit 7187550

Please sign in to comment.