| <!DOCTYPE html> |
| <title>Check request cookies for image resources with crossOrigin.</title> |
| <script src="../resources/testharness.js"></script> |
| <script src="../resources/testharnessreport.js"></script> |
| <script src="../resources/get-host-info.js?pipe=sub"></script> |
| <script> |
| if (window.testRunner) |
| testRunner.setAlwaysAcceptCookies(true); |
| |
| |
| function load_image(url, cross_origin) { |
| return new Promise(function(resolve, reject) { |
| var img = document.createElement('img'); |
| document.body.appendChild(img); |
| img.onload = resolve; |
| img.onerror = reject; |
| if (cross_origin != '') { |
| img.crossOrigin = cross_origin; |
| } |
| img.src = url; |
| }); |
| } |
| |
| function assert_resolves(promise, description) { |
| return promise.catch(function(reason) { |
| throw description + ' - ' + reason; |
| }); |
| } |
| |
| promise_test(function(t) { |
| document.cookie = "TestCookie=same"; |
| var host_info = get_host_info(); |
| var RESOURCES_PATH = host_info['HTTP_ORIGIN'] + '/security/resources/'; |
| var REMOTE_RESOURCES_PATH = host_info['HTTP_REMOTE_ORIGIN'] + |
| '/security/resources/'; |
| |
| return fetch(new Request(REMOTE_RESOURCES_PATH + 'set-cookie.php?' + |
| 'name=TestCookie&value=cross', |
| {mode: 'no-cors', credentials: 'include'})) |
| .then(function() { |
| return Promise.all([ |
| assert_resolves( |
| load_image( |
| RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', ''), |
| 'Same-origin request for a resource whose CORS setting is ' + |
| 'NoCORS must contain cookies.'), |
| assert_resolves( |
| load_image( |
| RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', |
| 'anonymous'), |
| 'Same-origin request for a resource whose CORS setting is ' + |
| 'Anonymous must contain cookies.'), |
| assert_resolves( |
| load_image( |
| RESOURCES_PATH + 'abe-cookie-check.php?Cookie=same', |
| 'use-credentials'), |
| 'Same-origin request for a resource whose CORS setting is ' + |
| 'UseCredentials must contain cookies.'), |
| assert_resolves( |
| load_image( |
| REMOTE_RESOURCES_PATH + 'abe-cookie-check.php?Cookie=cross', |
| ''), |
| 'Cross-origin request for a resource whose CORS setting is ' + |
| 'NoCORS must contain cookies.'), |
| assert_resolves( |
| load_image( |
| REMOTE_RESOURCES_PATH + 'abe-allow-star.php?Cookie=NotSet', |
| 'anonymous'), |
| 'Cross-origin request for a resource whose CORS setting is ' + |
| 'Anonymous must not contain cookies.'), |
| assert_resolves( |
| load_image( |
| REMOTE_RESOURCES_PATH + 'abe-allow-credentials.php?' + |
| 'Cookie=cross', |
| 'use-credentials'), |
| 'Cross-origin request for a resource whose CORS setting is ' + |
| 'UseCredentials must contain cookies.'), |
| ]);} |
| ); |
| }, 'Check request cookies for image resources with crossOrigin.'); |
| </script> |