| <script src="/resources/get-host-info.js?pipe=sub"></script> |
| <script src="test-helpers.js"></script> |
| <script> |
| var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE'; |
| var host_info = get_host_info(); |
| |
| var NOT_TAINTED = 'NOT_TAINTED'; |
| var TAINTED = 'TAINTED'; |
| var LOAD_ERROR = 'LOAD_ERROR'; |
| |
| function create_test_case_promise(url, cross_origin) { |
| return new Promise(function(resolve) { |
| var img = new Image(); |
| if (cross_origin != '') { |
| img.crossOrigin = cross_origin; |
| } |
| img.onload = function() { |
| try { |
| var canvas = document.createElement('canvas'); |
| canvas.width = 100; |
| canvas.height = 100; |
| var context = canvas.getContext('2d'); |
| context.drawImage(img, 0, 0); |
| context.getImageData(0, 0, 100, 100); |
| resolve(NOT_TAINTED); |
| } catch (e) { |
| resolve(TAINTED); |
| } |
| }; |
| img.onerror = function() { |
| resolve(LOAD_ERROR); |
| } |
| img.src = url; |
| }); |
| } |
| |
| function create_test_promise(url, cross_origin, expected_result) { |
| return new Promise(function(resolve, reject) { |
| create_test_case_promise(url, cross_origin) |
| .then(function(result) { |
| if (result == expected_result) { |
| resolve(); |
| } else { |
| reject('Result of url:' + url + ' ' + |
| ' cross_origin: ' + cross_origin + ' must be ' + |
| expected_result + ' but ' + result); |
| } |
| }) |
| }); |
| } |
| |
| window.addEventListener('message', function(evt) { |
| var port = evt.ports[0]; |
| var image_url = host_info['HTTP_ORIGIN'] + image_path; |
| var remote_image_url = host_info['HTTP_REMOTE_ORIGIN'] + image_path; |
| Promise.all([ |
| // Reject tests |
| create_test_promise(image_url + '&reject', '', LOAD_ERROR), |
| create_test_promise(image_url + '&reject', 'anonymous', LOAD_ERROR), |
| create_test_promise( |
| image_url + '&reject', 'use-credentials', LOAD_ERROR), |
| // Fallback tests |
| create_test_promise( |
| image_url + '&ignore', |
| '', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + '&ignore', |
| '', |
| TAINTED), |
| create_test_promise( |
| remote_image_url + '&ignore', |
| 'anonymous', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
| '&ignore', |
| 'anonymous', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + '&ignore', |
| 'use-credentials', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
| '&ignore', |
| 'use-credentials', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
| '&ACACredentials=true&ignore', |
| 'use-credentials', |
| NOT_TAINTED), |
| |
| // Credential test (fallback) |
| create_test_promise( |
| image_url + '&Auth&ignore', |
| '', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + '&Auth&ignore', |
| '', |
| TAINTED), |
| create_test_promise( |
| remote_image_url + '&Auth&ignore', |
| 'anonymous', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + '&Auth&ignore', |
| 'use-credentials', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
| '&ignore', |
| 'use-credentials', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] + |
| '&ACACredentials=true&ignore', |
| 'use-credentials', |
| NOT_TAINTED), |
| |
| // Basic response |
| create_test_promise( |
| image_url + |
| '&mode=same-origin&url=' + encodeURIComponent(image_url), |
| '', |
| NOT_TAINTED), |
| create_test_promise( |
| image_url + |
| '&mode=same-origin&url=' + encodeURIComponent(image_url), |
| 'anonymous', |
| NOT_TAINTED), |
| create_test_promise( |
| image_url + |
| '&mode=same-origin&url=' + encodeURIComponent(image_url), |
| 'use-credentials', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=same-origin&url=' + encodeURIComponent(image_url), |
| '', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=same-origin&url=' + encodeURIComponent(image_url), |
| 'anonymous', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=same-origin&url=' + encodeURIComponent(image_url), |
| 'use-credentials', |
| NOT_TAINTED), |
| |
| // Opaque response |
| create_test_promise( |
| image_url + |
| '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
| '', |
| TAINTED), |
| create_test_promise( |
| image_url + |
| '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
| 'anonymous', |
| LOAD_ERROR), |
| create_test_promise( |
| image_url + |
| '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
| 'use-credentials', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + |
| '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
| '', |
| TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
| 'anonymous', |
| LOAD_ERROR), |
| create_test_promise( |
| remote_image_url + |
| '&mode=no-cors&url=' + encodeURIComponent(remote_image_url), |
| 'use-credentials', |
| LOAD_ERROR), |
| |
| // CORS response |
| create_test_promise( |
| image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent(remote_image_url + |
| '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| '', |
| NOT_TAINTED), |
| create_test_promise( |
| image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent(remote_image_url + |
| '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| 'anonymous', |
| NOT_TAINTED), |
| create_test_promise( |
| image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent(remote_image_url + |
| '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| 'use-credentials', |
| NOT_TAINTED), |
| create_test_promise( |
| image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent( |
| remote_image_url + |
| '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| 'use-credentials', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent(remote_image_url + |
| '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| '', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent(remote_image_url + |
| '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| 'anonymous', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent(remote_image_url + |
| '&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| 'use-credentials', |
| NOT_TAINTED), |
| create_test_promise( |
| remote_image_url + |
| '&mode=cors&url=' + |
| encodeURIComponent( |
| remote_image_url + |
| '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']), |
| 'use-credentials', |
| NOT_TAINTED) |
| ]) |
| .then(function() { |
| port.postMessage({results: 'finish'}); |
| }) |
| .catch(function(e) { |
| port.postMessage({results: 'failure:' + e}); |
| }); |
| }, false); |
| </script> |