| <!DOCTYPE HTML> |
| <html> |
| <head> |
| <meta charset="utf-8" /> |
| <title>Verify that encodedBodySize/decodedBodySize are CORS-protected rather than TAO-protected</title> |
| <link rel="author" title="Noam Rosenthal" href="nrosenthal@chromium.org"> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/get-host-info.sub.js"></script> |
| <script src="/common/utils.js"></script> |
| </head> |
| <body> |
| <script> |
| const {ORIGIN, REMOTE_ORIGIN} = get_host_info(); |
| |
| async function test_body_size({mode, tao, expected_body_sizes}) { |
| promise_test(async t => { |
| const origin = mode === "same-origin" ? ORIGIN : REMOTE_ORIGIN; |
| const url = new URL(`${origin}/images/red.png?uid=${token()}`, |
| location.href); |
| const pipes = []; |
| if (mode === "cors") |
| pipes.push("header(Access-Control-Allow-Origin,*)"); |
| if (tao) |
| pipes.push("header(Timing-Allow-Origin,*)"); |
| const img = document.createElement("img"); |
| if (mode === "cors") |
| img.crossOrigin = "anonymous"; |
| |
| if (pipes.length) |
| url.searchParams.set("pipe", pipes.join("|")); |
| img.src = url.toString(); |
| await img.decode(); |
| const [entry] = performance.getEntriesByName(url.toString()); |
| if (expected_body_sizes) { |
| assert_greater_than(entry.encodedBodySize, 0); |
| assert_greater_than(entry.decodedBodySize, 0); |
| } else { |
| assert_equals(entry.encodedBodySize, 0); |
| assert_equals(entry.decodedBodySize, 0); |
| } |
| |
| if (tao || mode === "same-origin") |
| assert_equals(entry.transferSize, entry.encodedBodySize + 300); |
| else |
| assert_equals(entry.transferSize, 0); |
| |
| }, `Retrieving a ${mode} resource ${ |
| tao ? "with" : "without"} Timing-Allow-Origin should ${ |
| expected_body_sizes ? "expose" : "not expose" |
| } body size`); |
| } |
| |
| test_body_size({mode: "same-origin", tao: false, expected_body_sizes: true}); |
| test_body_size({mode: "same-origin", tao: true, expected_body_sizes: true}); |
| test_body_size({mode: "no-cors", tao: false, expected_body_sizes: false}); |
| test_body_size({mode: "no-cors", tao: true, expected_body_sizes: false}); |
| test_body_size({mode: "cors", tao: false, expected_body_sizes: true}); |
| test_body_size({mode: "cors", tao: true, expected_body_sizes: true}); |
| |
| </script> |
| </body> |
| </html> |