[Refactoring] Use CustomCorsResponse.py script instead of
TAOResponse.py, Which provides the same functionality in a more generic way.
Remove wpt/resource-timing/resources/TAOResponse.py
Fixed: 1241646
Change-Id: I94a798328f67f9f6fb448e80e072e691d1846996
diff --git a/common/CustomCorsResponse.py b/common/CustomCorsResponse.py
index fc4d122..e3bcea6 100644
--- a/common/CustomCorsResponse.py
+++ b/common/CustomCorsResponse.py
@@ -13,6 +13,11 @@
- Response content defined by the 'content' query parameter
- Must be a serialized JSON string representing the desired response body
'''
+
+ if b'origin' in request.headers:
+ origin = request.headers[b'origin']
+ response.headers.set(b'Access-Control-Allow-Origin', origin)
+
def query_parameter_or_default(param, default):
return request.GET.first(param) if param in request.GET else default
diff --git a/resource-timing/TAO-port-mismatch-means-crossorigin.html b/resource-timing/TAO-port-mismatch-means-crossorigin.html
index f1218d1..98255b5 100644
--- a/resource-timing/TAO-port-mismatch-means-crossorigin.html
+++ b/resource-timing/TAO-port-mismatch-means-crossorigin.html
@@ -17,9 +17,10 @@
// subresource will be requested on a separate port (PORT2). The response will
// have a Timing-Allow-Origin header value with the second port so this page's
// origin should not be a match.
+const port_mismatch_headers = encodeURIComponent(`headers={"Timing-Allow-Origin": "${ORIGINAL_HOST}:${PORT2}:${PORT2}"}`)
const port_mismatch_url = `${location.protocol}//${ORIGINAL_HOST}:${PORT2}` +
- `/resource-timing/resources/TAOResponse.py?` +
- `tao=origin_port_${PORT2}`;
+ `/common/CustomCorsResponse.py?` +
+ `${port_mismatch_headers}`;
attribute_test(
fetch, port_mismatch_url, invariants.assert_tao_failure_resource,
"A port mismatch must fail the TAO check");
@@ -28,9 +29,10 @@
// same port as this page's origin. Therefore, this page's origin will match
// the Timing-Allow-Origin header's value. Therefore, the subresource's timings
// must be exposed.
+const port_match_headers = encodeURIComponent(`headers={"Timing-Allow-Origin": "${ORIGINAL_HOST}:${PORT2}:${PORT}"}`)
const port_match_url = `${location.protocol}//${ORIGINAL_HOST}:${PORT2}` +
- `/resource-timing/resources/TAOResponse.py?` +
- `tao=origin_port_${PORT}`;
+ `/common/CustomCorsResponse.py?` +
+ `${port_match_headers}`;
attribute_test(
fetch, port_match_url, invariants.assert_tao_pass_no_redirect_http,
"An identical port must pass the TAO check");
diff --git a/resource-timing/cross-origin-iframe.html b/resource-timing/cross-origin-iframe.html
index 69daebf..148dcf0 100644
--- a/resource-timing/cross-origin-iframe.html
+++ b/resource-timing/cross-origin-iframe.html
@@ -24,7 +24,7 @@
promise_test(async t => {
const iframe = document.createElement('iframe');
t.add_cleanup(() => iframe.remove());
- iframe.src = `${REMOTE_ORIGIN}/resource-timing/resources/TAOResponse.py?tao=wildcard`;
+ iframe.src = `${REMOTE_ORIGIN}/common/CustomCorsResponse.py?${encodeURIComponent('headers={"Timing-Allow-Origin": "*"}')}`;
document.body.appendChild(iframe);
const entry = await observe_entry(iframe.src);
invariants.assert_tao_pass_no_redirect_http(entry);
diff --git a/resource-timing/opaque-origin.html b/resource-timing/opaque-origin.html
index 598ee50..eb56fb9 100644
--- a/resource-timing/opaque-origin.html
+++ b/resource-timing/opaque-origin.html
@@ -20,17 +20,17 @@
<iframe id="frameContext"></iframe>
<script>
const {ORIGIN} = get_host_info();
-const url = `${ORIGIN}/resource-timing/resources/TAOResponse.py`;
+const url = `${ORIGIN}/common/CustomCorsResponse.py`;
const frame_content = `data:text/html;utf8,<body>
<script src="${ORIGIN}/resources/testharness.js"></` + `script>
<script src="${ORIGIN}/resource-timing/resources/entry-invariants.js">
</` + `script>
<script>
- attribute_test(fetch, "${url}?tao=null",
+ attribute_test(fetch, "${url}?${encodeURIComponent('headers={"Timing-Allow-Origin": "null"}')}",
invariants.assert_tao_pass_no_redirect_http,
"An opaque origin should be authorized to see resource timings when the" +
"TAO header is the string 'null'");
- attribute_test(fetch, "${url}?tao=Null",
+ attribute_test(fetch, "${url}?${encodeURIComponent('headers={"Timing-Allow-Origin": "Null"}')}",
invariants.assert_tao_failure_resource,
"An opaque origin must not be authorized to see resource timings when " +
"the TAO header is the string 'Null'. (The check for 'null' must be " +
diff --git a/resource-timing/resources/TAOResponse.py b/resource-timing/resources/TAOResponse.py
deleted file mode 100644
index 60392b8..0000000
--- a/resource-timing/resources/TAOResponse.py
+++ /dev/null
@@ -1,64 +0,0 @@
-import os
-
-def main(request, response):
- if b'origin' in request.headers:
- origin = request.headers[b'origin']
- response.headers.set(b'Access-Control-Allow-Origin', origin)
-
- tao = request.GET.first(b'tao')
- img = request.GET.first(b'img') if b'img' in request.GET else None
-
- if tao == b'zero':
- # zero TAO value, fail
- pass
- elif tao == b'wildcard':
- # wildcard, pass
- response.headers.set(b'Timing-Allow-Origin', b'*')
- elif tao == b'null':
- # null, fail unless it's an opaque origin
- response.headers.set(b'Timing-Allow-Origin', b'null')
- elif tao == b'Null':
- # case-insensitive null, fail
- response.headers.set(b'Timing-Allow-Origin', b'Null')
- elif tao == b'origin':
- # case-sensitive match for origin, pass
- response.headers.set(b'Timing-Allow-Origin', origin)
- elif tao.startswith(b'origin_port'):
- # case-sensitive match for origin and port, pass
- origin_parts = origin.split(b':')
- host = origin_parts[0] + b':' + origin_parts[1]
- port = tao.split(b'origin_port_')[1]
- response.headers.set(b'Timing-Allow-Origin', host + b':' + port)
- elif tao == b'space':
- # space separated list of origin and wildcard, fail
- response.headers.set(b'Timing-Allow-Origin', (origin + b' *'))
- elif tao == b'multi':
- # more than one TAO values, separated by comma, pass
- response.headers.set(b'Timing-Allow-Origin', origin)
- response.headers.append(b'Timing-Allow-Origin', b'*')
- elif tao == b'multi_wildcard':
- # multiple wildcards, separated by comma, pass
- response.headers.set(b'Timing-Allow-Origin', b'*')
- response.headers.append(b'Timing-Allow-Origin', b'*')
- elif tao == b'match_origin':
- # contains a match of origin, separated by comma, pass
- response.headers.set(b'Timing-Allow-Origin', origin)
- response.headers.append(b'Timing-Allow-Origin', b"fake")
- elif tao == b'match_wildcard':
- # contains a wildcard, separated by comma, pass
- response.headers.set(b'Timing-Allow-Origin', b"fake")
- response.headers.append(b'Timing-Allow-Origin', b'*')
- elif tao == b'uppercase':
- # non-case-sensitive match for origin, fail
- response.headers.set(b'Timing-Allow-Origin', origin.upper())
- else:
- pass
- response.status = 200
- if img:
- response.headers.set(b"Content-Type", b"image/png")
- with open(request.doc_root + "/resource-timing/resources/blue.png", "rb") as f:
- response.content = f.read()
- f.close()
- else:
- response.headers.set(b"Content-Type", b"text/plain")
- response.content = "TEST"
diff --git a/resource-timing/resources/iframe-TAO-crossorigin-port.sub.html b/resource-timing/resources/iframe-TAO-crossorigin-port.sub.html
index 97d77fc..2d2b82c 100644
--- a/resource-timing/resources/iframe-TAO-crossorigin-port.sub.html
+++ b/resource-timing/resources/iframe-TAO-crossorigin-port.sub.html
@@ -2,7 +2,10 @@
<html>
<body>
<script>
- const url = '{{location[scheme]}}://{{host}}:{{ports[http][1]}}/resource-timing/resources/TAOResponse.py?tao=origin_port_{{ports[http][1]}}';
+ const port = ports[http][1];
+ const headers = encodeURIComponent(`headers={"Timing-Allow-Origin": "${host}:${port}:${port}"}`)
+
+ const url = `${location[scheme]}://${host}:${port}/common/CustomCorsResponse.py?${headers}}`;
const observe = (list, observer) => {
const entry = list.getEntries()[0];
const sum = entry.redirectStart +
diff --git a/resource-timing/resources/iframe_TAO_match_origin.html b/resource-timing/resources/iframe_TAO_match_origin.html
index cf68aad..9a023ee 100644
--- a/resource-timing/resources/iframe_TAO_match_origin.html
+++ b/resource-timing/resources/iframe_TAO_match_origin.html
@@ -6,9 +6,10 @@
function request() {
var dirName = dirname(location.href);
+ const headers = encodeURIComponent(`headers={"Timing-Allow-Origin": "${location.origin},fake"}`)
var client = new XMLHttpRequest,
// create a cross-origin request
- url = dirName.replace('://', '://www.') + 'TAOResponse.py?tao=match_origin';
+ url = dirName.replace('://', '://www.') + `/common/CustomCorsResponse.py?${headers}`;
client.open("GET", url, false);
client.send(null);
}
diff --git a/resource-timing/sizes-redirect-img.html b/resource-timing/sizes-redirect-img.html
index e440029..b7767f9 100644
--- a/resource-timing/sizes-redirect-img.html
+++ b/resource-timing/sizes-redirect-img.html
@@ -10,7 +10,7 @@
// don't, so this test covers extra code paths beyond those covered by
// resource-timing-sizes-redirect.html.
-const baseUrl = new URL('/resource-timing/resources/TAOResponse.py?tao=wildcard&img=true', location.href).href;
+const baseUrl = new URL('/common/CustomCorsResponse.py?' + encodeURIComponent('headers={"Timing-Allow-Origin": "*", "Content-Type", "image/png"}'), location.href).href;
const expectedSize = 1010;
diff --git a/resource-timing/sizes-redirect.any.js b/resource-timing/sizes-redirect.any.js
index e483a4d..a4ac197 100644
--- a/resource-timing/sizes-redirect.any.js
+++ b/resource-timing/sizes-redirect.any.js
@@ -3,7 +3,7 @@
// META: script=/resource-timing/resources/sizes-helper.js
const baseUrl =
- new URL('/resource-timing/resources/TAOResponse.py?tao=wildcard', location.href).href;
+ new URL('/common/CustomCorsResponse.py?' + encodeURIComponent('headers={"Timing-Allow-Origin": "*"}'), location.href).href;
const expectedSize = 4;
const hostInfo = get_host_info();