Change request's mode to reflect the WebBundle explainer's change
Reflect the change of the WebBundle subresource loading explainer in
https://github.com/WICG/webpackage/pull/622.
Request for a bundle will have its mode set to "cors" and its
credentials mode set to "same-origin" unless a crossorigin attribute
is specified.
BUG=1149816, 1168449
Change-Id: Ie836e77fd50524b4019283d5237aec70cc29433b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2703299
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#855997}
diff --git a/web-bundle/subresource-loading/subresource-loading-cors-error.tentative.html b/web-bundle/subresource-loading/subresource-loading-cors-error.tentative.html
index 31ad66e..1ea96fa 100644
--- a/web-bundle/subresource-loading/subresource-loading-cors-error.tentative.html
+++ b/web-bundle/subresource-loading/subresource-loading-cors-error.tentative.html
@@ -33,6 +33,7 @@
prefix + "resource.no-cors.js",
];
for (const crossorigin_attribute_value of [
+ undefined, // crossorigin attribute is not set
"anonymous",
"use-credential",
]) {
diff --git a/web-bundle/subresource-loading/subresource-loading-cors.tentative.html b/web-bundle/subresource-loading/subresource-loading-cors.tentative.html
index b1b2595..7920115 100644
--- a/web-bundle/subresource-loading/subresource-loading-cors.tentative.html
+++ b/web-bundle/subresource-loading/subresource-loading-cors.tentative.html
@@ -16,57 +16,16 @@
This wpt should run on an origin different from https://web-platform.test:8444/,
from where cross-orign WebBundles are served.
- This test uses the two cross-origin WebBundles:
+ This test uses a cross-origin WebBundle,
+ https://web-platform.test:8444/web-bundle/resources/wbn/cors/cross-origin.wbn,
+ which is served with an Access-Control-Allow-Origin response header.
- 1. https://web-platform.test:8444/web-bundle/resources/wbn/cors/cross-origin.wbn,
- which is served with an Access-Control-Allow-Origin response header.
- 2. https://web-platform.test:8444/web-bundle/resources/wbn/no-cors/cross-origin.wbn,
- which is served *without* an Access-Control-Allow-Origin response header.
-
- Each `cross-origin.wbn` includes two subresources:
+ `cross-origin.wbn` includes two subresources:
a. `resource.cors.json`, which includes an Access-Control-Allow-Origin response header.
b. `resource.no-cors.json`, which doesn't include an Access-Control-Allow-Origin response header.
-->
<script>
promise_test(async () => {
- for (const prefix of [
- "https://web-platform.test:8444/web-bundle/resources/wbn/cors/",
- "https://web-platform.test:8444/web-bundle/resources/wbn/no-cors/",
- ]) {
- const resources = [
- prefix + "resource.cors.js",
- prefix + "resource.no-cors.js",
- ];
- const link = await addLinkAndWaitForLoad(
- prefix + "cross-origin.wbn",
- resources
- );
-
- // Can fetch a subresource which has a valid Access-Control-Allow-Origin response header.
- const response = await fetch(prefix + "resource.cors.js");
- assert_true(response.ok);
- const text = await response.text();
- assert_equals(text, "scriptLoaded('resource.cors.js');");
-
- // Can not fetch a subresource which does NOT have a valid
- // Access-Control-Allow-Origin response header.
- await fetchAndWaitForReject(prefix + "resource.no-cors.js");
-
- // Both subresource js can be loaded via a <script> element, which doesn't use cors.
- for (const resource of resources) {
- const scriptEvaluted = new Promise((resolve, reject) => {
- window.scriptLoaded = resolve;
- });
- const script = document.createElement("script");
- script.src = resource;
- document.body.appendChild(script);
- await scriptEvaluted;
- }
- link.remove();
- }
- }, "Use no-cors if crossorigin=attribute is not specified");
-
- promise_test(async () => {
const prefix =
"https://web-platform.test:8444/web-bundle/resources/wbn/cors/";
const resources = [
@@ -74,6 +33,7 @@
prefix + "resource.no-cors.js",
];
for (const crossorigin_attribute_value of [
+ undefined, // crossorigin attribute is not set
"anonymous",
"use-credential",
]) {
@@ -105,6 +65,6 @@
}
link.remove();
}
- }, "Use CORS if crossorigin=anonymous or crossorigin=use-credential is specified. A server should return a valid Access-Control-Allow-Origin header if a bundle is a cross origin bundle.");
+ }, "request's mode must be cors. A server should return a valid Access-Control-Allow-Origin header if a bundle is a cross origin bundle.");
</script>
</body>
diff --git a/web-bundle/subresource-loading/subresource-loading-credential.tentative.sub.html b/web-bundle/subresource-loading/subresource-loading-credential.tentative.sub.html
index d7d8e52..7b9fa7a 100644
--- a/web-bundle/subresource-loading/subresource-loading-credential.tentative.sub.html
+++ b/web-bundle/subresource-loading/subresource-loading-credential.tentative.sub.html
@@ -53,9 +53,9 @@
const link = document.createElement("link");
link.rel = "webbundle";
link.href = cross_origin_bundle;
- await addElementAndWaitForLoad(link);
+ await addElementAndWaitForError(link);
link.remove()
- }, "'no crossorigin attribute' should send a credential to a cross origin bundle");
+ }, "'no crossorigin attribute' should not send a credential to a cross origin bundle");
promise_test(async () => {
const link = document.createElement("link");
