Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Trust Tokens: Add an XMLHttpRequest interface
The experimental Trust Token API (https://github.com/wicg/trust-token-api) takes in parameters specifying a Trust Tokens protocol operation, annotates outgoing requests with request headers corresponding to protocol state, and processes corresponding response headers. For the MVP of the API, we're making the functionality available via Fetch, iframe, and XHR. To implement the XHR surface, this CL adds a new XHR setter, that accepts a trustToken object (identical to the one for the Fetch interface added in crrev.com/c/2036648) specifying a Trust Tokens operation to execute against the request. Test: Expands integration tests to ensure Trust Tokens params are propagated correctly from the XHR interface to the network stack. Bug: 1062395 Change-Id: I5f32d60c7b59002e79dc877719ba549ce5b9f412
- Loading branch information
1 parent
14988fd
commit 195e4c5
Showing
3 changed files
with
135 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
trust-tokens/trust-token-parameter-validation-xhr.tentative.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"> | ||
<title>JavaScript: the Trust Token API XHR interface correctly validates its parameters</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script> | ||
'use strict'; | ||
|
||
test(() => { | ||
assert_throws_dom("InvalidStateError", () => { | ||
let request = new XMLHttpRequest(); | ||
request.setTrustToken({ | ||
type: 'token-request' | ||
}); | ||
}); | ||
}, 'Setting XHR Trust Tokens parameters requires that the XHR request be open.'); | ||
|
||
test(() => { | ||
assert_throws_dom("InvalidStateError", () => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.send(); | ||
request.setTrustToken({ | ||
type: 'token-request' | ||
}); | ||
}); | ||
}, 'Setting XHR Trust Tokens parameters requires that the XHR request not have been sent.'); | ||
|
||
test(() => { | ||
assert_throws_js(TypeError, () => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.setTrustToken({}); | ||
}); | ||
}, 'Trust Tokens operations require present `type` values.'); | ||
|
||
test(() => { | ||
assert_throws_js(TypeError, () => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.setTrustToken({ | ||
type: "invalid" | ||
}); | ||
}); | ||
}, 'Trust Tokens operations require valid `type` values.'); | ||
|
||
test(() => { | ||
assert_throws_js(TypeError, () => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.setTrustToken({ | ||
type: "token-request", | ||
signRequestData: "not a member of the signRequestData enum" | ||
}); | ||
}); | ||
}, 'Trust Tokens operations require valid `signRequestData` values, if provided.'); | ||
|
||
test(() => { | ||
assert_throws_js(TypeError, () => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.setTrustToken({ | ||
type: "token-request", | ||
refreshPolicy: "not a member of the refreshPolicy enum", | ||
}); | ||
}); | ||
}, 'Trust Tokens operations require valid `refreshPolicy:` values, if provided.'); | ||
|
||
test(() => { | ||
assert_throws_js(TypeError, () => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.setTrustToken({ | ||
type: "send-srr", | ||
issuer: "not a valid URL" | ||
}); | ||
}); | ||
}, 'Trust Tokens operations require valid issuer URLs, if provided.'); | ||
|
||
test(() => { | ||
assert_throws_js(TypeError, () => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.setTrustToken({ | ||
type: "send-srr", | ||
issuer: "http://not-secure.com" | ||
}); | ||
}); | ||
}, 'Trust Tokens operations require secure issuer URLs, if provided.'); | ||
|
||
test(() => { | ||
let request = new XMLHttpRequest(); | ||
request.open('GET', 'https://trusttoken.example'); | ||
request.setTrustToken({ | ||
type: "send-srr", | ||
issuer: "http://localhost" | ||
}); | ||
}, 'Since localhost URLs are potentially trustworthy, setting an issuer to localhost should succeed.'); | ||
</script> |