Fetch: basic syntax tests for Cross-Origin-Resource-Policy #11427
Conversation
wpt-pr-bot
requested review from
domfarolino,
jdm,
mnot,
youennf and
yutakahirano
|
@youennf I based these on your tests (and copied your hello.py). If you want I suppose I could add equivalents for same-site. Not sure if we needed that from the get go. |
This header makes it easier for sites to block unwanted "no-cors" cross-origin requests. Tests: * web-platform-tests/wpt#11171 * web-platform-tests/wpt#11427 * web-platform-tests/wpt#11428 Follow-up: #760. Fixes #687.
| def main(request, response): | ||
| headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])] | ||
| if 'origin' in request.headers: | ||
| headers.append(('Access-Control-Allow-Origin', request.headers['origin'])) |
There was a problem hiding this comment.
I assume you're going to use this bit in a future test that checks the no-cors restrictions?
There was a problem hiding this comment.
Yeah, this file is from #11171. I copied it here so the tests can run standalone and I don't have to include all prior commits making this harder to review.
| "same, same-origin", | ||
| "SAME-ORIGIN", | ||
| "Same-Origin", | ||
| "same-origin, <>" |
There was a problem hiding this comment.
same-origin, same-origin also seems interesting.
| // Note: an incorrect value results in a successful load, so this test is only meaningful in | ||
| // implementations with support for the header. | ||
| promise_test(t => { | ||
| return fetch(crossOriginURL + encodeURIComponent(incorrectHeaderValue), { mode: "no-cors" }); |
There was a problem hiding this comment.
Might as well check same-site as well, perhaps by adding {{hosts[alt][]}} to get-host-info.sub.js with some reasonable name?
There was a problem hiding this comment.
#11171 adds that. I guess once this all lands we could add same-site.
This header makes it easier for sites to block unwanted "no-cors" cross-origin requests. Tests: * web-platform-tests/wpt#11171 * web-platform-tests/wpt#11427 * web-platform-tests/wpt#11428 Follow-up: #760 & #767. Fixes #687.
Supplements #11171.