Diff
Modified: trunk/LayoutTests/ChangeLog (260002 => 260003)
--- trunk/LayoutTests/ChangeLog 2020-04-13 10:30:11 UTC (rev 260002)
+++ trunk/LayoutTests/ChangeLog 2020-04-13 13:10:48 UTC (rev 260003)
@@ -1,3 +1,29 @@
+2020-04-13 Yusuke Suzuki <[email protected]>
+
+ module's default cross-origin value should be "anonymous"
+ https://bugs.webkit.org/show_bug.cgi?id=210326
+
+ Reviewed by Sam Weinig.
+
+ * http/tests/security/basic-auth-module-expected.txt: Added.
+ * http/tests/security/basic-auth-module-import-expected.txt: Added.
+ * http/tests/security/basic-auth-module-import-propagate-expected.txt: Added.
+ * http/tests/security/basic-auth-module-import-propagate.html: Added.
+ * http/tests/security/basic-auth-module-import.html: Added.
+ * http/tests/security/basic-auth-module-propagate-expected.txt: Added.
+ * http/tests/security/basic-auth-module-propagate.html: Added.
+ * http/tests/security/basic-auth-module.html: Added.
+ * http/tests/security/resources/module-nest-import.php: Added.
+ * http/tests/security/resources/protected-script.php: Added.
+ * platform/mac-wk1/http/tests/security/basic-auth-module-expected.txt: Added.
+ * platform/mac-wk1/http/tests/security/basic-auth-module-import-expected.txt: Added.
+ * platform/mac-wk1/http/tests/security/basic-auth-module-import-propagate-expected.txt: Added.
+ * platform/mac-wk1/http/tests/security/basic-auth-module-propagate-expected.txt: Added.
+ * platform/win/http/tests/security/basic-auth-module-expected.txt: Added.
+ * platform/win/http/tests/security/basic-auth-module-import-expected.txt: Added.
+ * platform/win/http/tests/security/basic-auth-module-import-propagate-expected.txt: Added.
+ * platform/win/http/tests/security/basic-auth-module-propagate-expected.txt: Added.
+
2020-04-13 Diego Pino Garcia <[email protected]>
[GTK] Gardening, flaky failures in editing/pasteboard and editing/deleting
Added: trunk/LayoutTests/http/tests/security/basic-auth-module-expected.txt (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,77 @@
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=2 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=3 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=6 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=7 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=10 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=11 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/protected-script.php?testId=12 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/protected-script.php?testId=13 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=14 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=15 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=18 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=19 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did not load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/security/basic-auth-module-import-expected.txt (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module-import-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module-import-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,17 @@
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=2 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=3 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+PASS did load script with ./resources/protected-script.php?testId=0.
+
+PASS did load script with http://127.0.0.1:8000/security/resources/protected-script.php?testId=1.
+
+PASS did not load script with https://127.0.0.1:8443/security/resources/protected-script.php?testId=2.
+
+PASS did not load script with https://localhost:8443/security/resources/protected-script.php?testId=3.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/security/basic-auth-module-import-propagate-expected.txt (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module-import-propagate-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module-import-propagate-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,17 @@
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=2 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=3 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+PASS did load script with ./protected-script.php?testId=0.
+
+PASS did load script with http://127.0.0.1:8000/security/resources/protected-script.php?testId=1.
+
+PASS did not load script with https://127.0.0.1:8443/security/resources/protected-script.php?testId=2.
+
+PASS did not load script with https://localhost:8443/security/resources/protected-script.php?testId=3.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/security/basic-auth-module-import-propagate.html (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module-import-propagate.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module-import-propagate.html 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+
+if (window.testRunner) {
+ testRunner.setHandlesAuthenticationChallenges(true);
+ testRunner.setAuthenticationUsername("testUser");
+ testRunner.setAuthenticationPassword("testPassword");
+}
+
+window.jsTestIsAsync = true;
+
+function pass(url, messagePrefix)
+{
+ testPassed(`${messagePrefix} with ${url}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function fail(url, messagePrefix)
+{
+ testFailed(`${messagePrefix} with ${url}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function done()
+{
+ finishJSTest();
+}
+
+let counter = 0;
+function runNextScriptTest()
+{
+ var test = scriptTests.shift();
+ if (!test) {
+ done();
+ return;
+ }
+ var url = "" + "?testId=" + (counter++);
+ import("./resources/module-nest-import.php?url="" + encodeURIComponent(url)).then(
+ () => test.onload(url),
+ () => test.onerror(url)
+ );
+}
+
+window._onload_ = runNextScriptTest;
+
+// Tests
+
+const DidLoadScript = "did load script";
+const DidNotLoadScript = "did not load script";
+
+var scriptTests = [
+{
+ src: "./protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+},
+];
+</script>
+</head>
+<body>
+<div id="test-container"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/basic-auth-module-import.html (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module-import.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module-import.html 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+
+if (window.testRunner) {
+ testRunner.setHandlesAuthenticationChallenges(true);
+ testRunner.setAuthenticationUsername("testUser");
+ testRunner.setAuthenticationPassword("testPassword");
+}
+
+window.jsTestIsAsync = true;
+
+function pass(url, messagePrefix)
+{
+ testPassed(`${messagePrefix} with ${url}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function fail(url, messagePrefix)
+{
+ testFailed(`${messagePrefix} with ${url}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function done()
+{
+ finishJSTest();
+}
+
+let counter = 0;
+function runNextScriptTest()
+{
+ var test = scriptTests.shift();
+ if (!test) {
+ done();
+ return;
+ }
+ var url = "" + "?testId=" + (counter++);
+ import(url).then(
+ () => test.onload(url),
+ () => test.onerror(url)
+ );
+}
+
+window._onload_ = runNextScriptTest;
+
+// Tests
+
+const DidLoadScript = "did load script";
+const DidNotLoadScript = "did not load script";
+
+var scriptTests = [
+{
+ src: "./resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+},
+];
+</script>
+</head>
+<body>
+<div id="test-container"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/basic-auth-module-propagate-expected.txt (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module-propagate-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module-propagate-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,77 @@
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=2 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=3 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=6 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=7 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=10 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=11 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=12 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=13 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=14 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=15 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=18 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=19 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=0.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=1.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=2.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=3.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=4.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=5.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=6.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=7.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=8.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=9.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=10.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=11.
+
+PASS did not load script with origin ./protected-script.php?source=module-propagate&testId=12.
+
+PASS did not load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=13.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=14.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=15.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=16.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=17.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=18.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=19.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/security/basic-auth-module-propagate.html (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module-propagate.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module-propagate.html 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,183 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+
+if (window.testRunner) {
+ testRunner.setHandlesAuthenticationChallenges(true);
+ testRunner.setAuthenticationUsername("testUser");
+ testRunner.setAuthenticationPassword("testPassword");
+}
+
+window.jsTestIsAsync = true;
+
+function pass(url, messagePrefix)
+{
+ testPassed(`${messagePrefix} with origin ${url}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function fail(url, messagePrefix)
+{
+ testFailed(`${messagePrefix} with origin ${url}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function done()
+{
+ finishJSTest();
+}
+
+let counter = 0;
+function runNextScriptTest()
+{
+ var test = scriptTests.shift();
+ if (!test) {
+ done();
+ return;
+ }
+ var script = document.createElement("script");
+ script.type = "module";
+ if (test.crossOrigin != null)
+ script.crossOrigin = test.crossOrigin;
+ var url = "" + "?source=module-propagate&testId=" + (counter++);
+ script._onload_ = () => test.onload(url);
+ script._onerror_ = () => test.onerror(url);
+ script.src = "" + encodeURIComponent(url);
+ document.getElementById("test-container").appendChild(script);
+}
+
+window._onload_ = runNextScriptTest;
+
+// Tests
+
+const DidLoadScript = "did load script";
+const DidNotLoadScript = "did not load script";
+
+var scriptTests = [
+{
+ src: "./protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+},
+{
+ src: "./protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "./protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "./protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "./protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (url) => pass(url, DidLoadScript),
+ onerror: (url) => fail(url, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (url) => fail(url, DidLoadScript),
+ onerror: (url) => pass(url, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+];
+</script>
+</head>
+<body>
+<div id="test-container"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/basic-auth-module.html (0 => 260003)
--- trunk/LayoutTests/http/tests/security/basic-auth-module.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/basic-auth-module.html 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,182 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+
+if (window.testRunner) {
+ testRunner.setHandlesAuthenticationChallenges(true);
+ testRunner.setAuthenticationUsername("testUser");
+ testRunner.setAuthenticationPassword("testPassword");
+}
+
+window.jsTestIsAsync = true;
+
+function pass(script, messagePrefix)
+{
+ testPassed(`${messagePrefix} with origin ${(new URL(script.src)).origin}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function fail(script, messagePrefix)
+{
+ testFailed(`${messagePrefix} with origin ${(new URL(script.src)).origin}.`);
+ debug("");
+ runNextScriptTest();
+}
+
+function done()
+{
+ finishJSTest();
+}
+
+let counter = 0;
+function runNextScriptTest()
+{
+ var test = scriptTests.shift();
+ if (!test) {
+ done();
+ return;
+ }
+ var script = document.createElement("script");
+ script.type = "module";
+ if (test.crossOrigin != null)
+ script.crossOrigin = test.crossOrigin;
+ script._onload_ = () => test.onload(script);
+ script._onerror_ = () => test.onerror(script);
+ script.src = "" + "?testId=" + (counter++);
+ document.getElementById("test-container").appendChild(script);
+}
+
+window._onload_ = runNextScriptTest;
+
+// Tests
+
+const DidLoadScript = "did load script";
+const DidNotLoadScript = "did not load script";
+
+var scriptTests = [
+{
+ src: "resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+},
+{
+ src: "resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "",
+},
+{
+ src: "resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "anonymous",
+},
+{
+ src: "resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "omit",
+},
+{
+ src: "resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+{
+ src: "http://127.0.0.1:8000/security/resources/protected-script.php",
+ onload: (script) => pass(script, DidLoadScript),
+ onerror: (script) => fail(script, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+{
+ src: "https://127.0.0.1:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+{
+ src: "https://localhost:8443/security/resources/protected-script.php",
+ onload: (script) => fail(script, DidLoadScript),
+ onerror: (script) => pass(script, DidNotLoadScript),
+ crossOrigin: "use-credentials",
+},
+];
+</script>
+</head>
+<body>
+<div id="test-container"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/resources/module-nest-import.php (0 => 260003)
--- trunk/LayoutTests/http/tests/security/resources/module-nest-import.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/module-nest-import.php 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,6 @@
+<?php
+header("Cache-Control: no-store");
+header("Connection: close");
+header("Content-Type: application/_javascript_");
+echo "import \"" . $_GET["url"] . "\"";
+?>
Added: trunk/LayoutTests/http/tests/security/resources/protected-script.php (0 => 260003)
--- trunk/LayoutTests/http/tests/security/resources/protected-script.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/protected-script.php 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,12 @@
+<?php
+header("Cache-Control: no-store");
+header("Connection: close");
+if (!isset($_SERVER["PHP_AUTH_USER"])) {
+ header("WWW-authenticate: Basic realm=\"" . $_SERVER["REQUEST_URI"] . "\"");
+ header("HTTP/1.0 401 Unauthorized");
+ exit;
+}
+// Authenticated
+header("Content-Type: application/_javascript_");
+echo "";
+?>
Added: trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,67 @@
+http://127.0.0.1:8000/security/resources/protected-script.php?testId=0 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=18 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?testId=19 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did not load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-import-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-import-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-import-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,15 @@
+http://127.0.0.1:8000/security/resources/protected-script.php?testId=0 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+PASS did load script with ./resources/protected-script.php?testId=0.
+
+PASS did load script with http://127.0.0.1:8000/security/resources/protected-script.php?testId=1.
+
+PASS did not load script with https://127.0.0.1:8443/security/resources/protected-script.php?testId=2.
+
+PASS did not load script with https://localhost:8443/security/resources/protected-script.php?testId=3.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-import-propagate-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-import-propagate-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-import-propagate-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,15 @@
+http://127.0.0.1:8000/security/resources/protected-script.php?testId=0 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+PASS did load script with ./protected-script.php?testId=0.
+
+PASS did load script with http://127.0.0.1:8000/security/resources/protected-script.php?testId=1.
+
+PASS did not load script with https://127.0.0.1:8443/security/resources/protected-script.php?testId=2.
+
+PASS did not load script with https://localhost:8443/security/resources/protected-script.php?testId=3.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-propagate-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-propagate-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/basic-auth-module-propagate-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,67 @@
+http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=0 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=18 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=19 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=0.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=1.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=2.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=3.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=4.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=5.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=6.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=7.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=8.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=9.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=10.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=11.
+
+PASS did not load script with origin ./protected-script.php?source=module-propagate&testId=12.
+
+PASS did not load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=13.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=14.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=15.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=16.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=17.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=18.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=19.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,55 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?testId=18 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did not load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did load script with origin http://127.0.0.1:8000.
+
+PASS did not load script with origin https://127.0.0.1:8443.
+
+PASS did not load script with origin https://localhost:8443.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-import-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-import-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-import-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,13 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+PASS did load script with ./resources/protected-script.php?testId=0.
+
+PASS did load script with http://127.0.0.1:8000/security/resources/protected-script.php?testId=1.
+
+PASS did not load script with https://127.0.0.1:8443/security/resources/protected-script.php?testId=2.
+
+PASS did not load script with https://localhost:8443/security/resources/protected-script.php?testId=3.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-import-propagate-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-import-propagate-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-import-propagate-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,14 @@
+http://127.0.0.1:8000/security/resources/protected-script.php?testId=0 - didReceiveAuthenticationChallenge - Responding with testUser:testPassword
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+PASS did load script with ./protected-script.php?testId=0.
+
+PASS did load script with http://127.0.0.1:8000/security/resources/protected-script.php?testId=1.
+
+PASS did not load script with https://127.0.0.1:8443/security/resources/protected-script.php?testId=2.
+
+PASS did not load script with https://localhost:8443/security/resources/protected-script.php?testId=3.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-propagate-expected.txt (0 => 260003)
--- trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-propagate-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/security/basic-auth-module-propagate-expected.txt 2020-04-13 13:10:48 UTC (rev 260003)
@@ -0,0 +1,55 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=18 from asking for credentials because it is a cross-origin request.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=0.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=1.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=2.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=3.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=4.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=5.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=6.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=7.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=8.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=9.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=10.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=11.
+
+PASS did not load script with origin ./protected-script.php?source=module-propagate&testId=12.
+
+PASS did not load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=13.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=14.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=15.
+
+PASS did load script with origin ./protected-script.php?source=module-propagate&testId=16.
+
+PASS did load script with origin http://127.0.0.1:8000/security/resources/protected-script.php?source=module-propagate&testId=17.
+
+PASS did not load script with origin https://127.0.0.1:8443/security/resources/protected-script.php?source=module-propagate&testId=18.
+
+PASS did not load script with origin https://localhost:8443/security/resources/protected-script.php?source=module-propagate&testId=19.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Modified: trunk/Source/WebCore/ChangeLog (260002 => 260003)
--- trunk/Source/WebCore/ChangeLog 2020-04-13 10:30:11 UTC (rev 260002)
+++ trunk/Source/WebCore/ChangeLog 2020-04-13 13:10:48 UTC (rev 260003)
@@ -1,3 +1,26 @@
+2020-04-13 Yusuke Suzuki <[email protected]>
+
+ module's default cross-origin value should be "anonymous"
+ https://bugs.webkit.org/show_bug.cgi?id=210326
+
+ Reviewed by Sam Weinig.
+
+ The original spec was using "omit" crossorigin for modules when crossorigin is not set / empty.
+ However, the spec is changed to sending requests with "same-origin" credentials ("anonymous" crossorigin mode)
+ by default. We should follow it.
+
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::requestModuleScript):
+ * dom/ScriptElementCachedScriptFetcher.cpp:
+ (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const):
+ * dom/ScriptElementCachedScriptFetcher.h:
+ * html/parser/HTMLResourcePreloader.cpp:
+ (WebCore::PreloadRequest::resourceRequest):
+ * loader/cache/CachedScript.cpp:
+ (WebCore::CachedScript::script): While this is not directly related to this patch, added new tests found that we are returning
+ null StringView if the resource is zero byte. This totally works, but JSC::Parser has assertion that this is non-null
+ StringView. For zero byte CachedScript resource, we should return non-null empty StringView instead.
+
2020-04-13 Charlie Turner <[email protected]>
[EME][GStreamer] remove m_cdmInstance ASSERT in cdmInstanceDetached
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (260002 => 260003)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2020-04-13 10:30:11 UTC (rev 260002)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2020-04-13 13:10:48 UTC (rev 260003)
@@ -313,10 +313,12 @@
bool ScriptElement::requestModuleScript(const TextPosition& scriptStartPosition)
{
+ // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
+ // Module is always CORS request. If attribute is not given, it should be same-origin credential.
String nonce = m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr);
String crossOriginMode = m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
if (crossOriginMode.isNull())
- crossOriginMode = "omit"_s;
+ crossOriginMode = ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule;
if (hasSourceAttribute()) {
String sourceURL = sourceAttributeValue();
Modified: trunk/Source/WebCore/dom/ScriptElementCachedScriptFetcher.cpp (260002 => 260003)
--- trunk/Source/WebCore/dom/ScriptElementCachedScriptFetcher.cpp 2020-04-13 10:30:11 UTC (rev 260002)
+++ trunk/Source/WebCore/dom/ScriptElementCachedScriptFetcher.cpp 2020-04-13 13:10:48 UTC (rev 260003)
@@ -31,12 +31,15 @@
namespace WebCore {
+const ASCIILiteral ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule { "anonymous"_s };
+
CachedResourceHandle<CachedScript> ScriptElementCachedScriptFetcher::requestModuleScript(Document& document, const URL& sourceURL, String&& integrity) const
{
- // https://github.com/tc39/proposal-dynamic-import/blob/master/HTML Integration.md
- // If the fetcher is not module script, credential mode is always "omit".
+ // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
+ // If the fetcher is not module script, credential mode is always "same-origin" ("anonymous").
+ // This code is for dynamic module import (`import` operator).
- return requestScriptWithCache(document, sourceURL, isClassicScript() ? "omit"_s : m_crossOriginMode, WTFMove(integrity), { });
+ return requestScriptWithCache(document, sourceURL, isClassicScript() ? defaultCrossOriginModeForModule : m_crossOriginMode, WTFMove(integrity), { });
}
}
Modified: trunk/Source/WebCore/dom/ScriptElementCachedScriptFetcher.h (260002 => 260003)
--- trunk/Source/WebCore/dom/ScriptElementCachedScriptFetcher.h 2020-04-13 10:30:11 UTC (rev 260002)
+++ trunk/Source/WebCore/dom/ScriptElementCachedScriptFetcher.h 2020-04-13 13:10:48 UTC (rev 260003)
@@ -31,6 +31,8 @@
class ScriptElementCachedScriptFetcher : public CachedScriptFetcher {
public:
+ static const ASCIILiteral defaultCrossOriginModeForModule;
+
virtual CachedResourceHandle<CachedScript> requestModuleScript(Document&, const URL& sourceURL, String&& integrity) const;
virtual bool isClassicScript() const = 0;
Modified: trunk/Source/WebCore/html/parser/HTMLResourcePreloader.cpp (260002 => 260003)
--- trunk/Source/WebCore/html/parser/HTMLResourcePreloader.cpp 2020-04-13 10:30:11 UTC (rev 260002)
+++ trunk/Source/WebCore/html/parser/HTMLResourcePreloader.cpp 2020-04-13 13:10:48 UTC (rev 260003)
@@ -29,6 +29,7 @@
#include "CachedResourceLoader.h"
#include "CrossOriginAccessControl.h"
#include "Document.h"
+#include "ScriptElementCachedScriptFetcher.h"
#include "MediaQueryEvaluator.h"
#include "RenderView.h"
@@ -57,7 +58,7 @@
String crossOriginMode = m_crossOriginMode;
if (m_moduleScript == ModuleScript::Yes) {
if (crossOriginMode.isNull())
- crossOriginMode = "omit"_s;
+ crossOriginMode = ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule;
}
if (m_resourceType == CachedResource::Type::Script)
options.referrerPolicy = m_referrerPolicy;
Modified: trunk/Source/WebCore/loader/cache/CachedScript.cpp (260002 => 260003)
--- trunk/Source/WebCore/loader/cache/CachedScript.cpp 2020-04-13 10:30:11 UTC (rev 260002)
+++ trunk/Source/WebCore/loader/cache/CachedScript.cpp 2020-04-13 13:10:48 UTC (rev 260003)
@@ -57,7 +57,7 @@
StringView CachedScript::script()
{
if (!m_data)
- return { };
+ return emptyString();
if (m_decodingState == NeverDecoded
&& TextEncoding(encoding()).isByteBasedEncoding()
