Bug 1464409 [wpt PR 11164] - Origin header and 308 redirect, a=testonly

Automatic update from web-platform-testsOrigin header and 308 redirect For whatwg/fetch#594. -- wpt-commits: 89ae808d4ba430f83f8bc185b69108cf10070599 wpt-pr: 11164
xeonchen · Jun 10, 2018 · acd50e5 · acd50e5
1 parent 6bd8450
commit acd50e5
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 0 deletions.
diff --git a/testing/web-platform/meta/MANIFEST.json b/testing/web-platform/meta/MANIFEST.json
@@ -273592,6 +273592,11 @@
      {}
     ]
    ],
+   "fetch/origin/resources/redirect-and-stash.py": [
+    [
+     {}
+    ]
+   ],
    "fetch/sec-metadata/README.md": [
     [
      {}
@@ -330514,6 +330519,16 @@
      {}
     ]
    ],
+   "fetch/origin/no-cors.any.js": [
+    [
+     "/fetch/origin/no-cors.any.html",
+     {}
+    ],
+    [
+     "/fetch/origin/no-cors.any.worker.html",
+     {}
+    ]
+   ],
    "fetch/sec-metadata/fetch.tentative.https.sub.html": [
     [
      "/fetch/sec-metadata/fetch.tentative.https.sub.html",
@@ -559631,6 +559646,14 @@
    "a9e0f5b9b70917aabbff3ad5dd03a5d5dccfa9f0",
    "testharness"
   ],
+  "fetch/origin/no-cors.any.js": [
+   "e9774c1c02bac3833b042c4895733d7bc8b36456",
+   "testharness"
+  ],
+  "fetch/origin/resources/redirect-and-stash.py": [
+   "bb002c0d5d4d46f426462f776cff00cf600f5a4a",
+   "support"
+  ],
   "fetch/sec-metadata/README.md": [
    "75d58b35c1e5572d02dd3ad90ac65301e35c4bc7",
    "support"

diff --git a/testing/web-platform/tests/fetch/origin/no-cors.any.js b/testing/web-platform/tests/fetch/origin/no-cors.any.js
@@ -0,0 +1,20 @@
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+
+promise_test(async function() {
+  const stash = token(),
+        origins = get_host_info(),
+        redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
+
+  // Cross-origin -> same-origin will result in setting the tainted origin flag for the second
+  // request.
+  let url = origins.HTTP_ORIGIN + redirectPath + "?stash=" + stash;
+  url = origins.HTTP_REMOTE_ORIGIN + redirectPath + "?stash=" + stash + "&location=" + encodeURIComponent(url);
+
+  await fetch(url, { mode: "no-cors", method: "POST" });
+
+  const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
+
+  assert_equals(json[0], origins.HTTP_ORIGIN, "first origin should equal this origin");
+  assert_equals(json[1], "null", "second origin should be opaque and therefore null");
+}, "Origin header and 308 redirect");
diff --git a/testing/web-platform/tests/fetch/origin/resources/redirect-and-stash.py b/testing/web-platform/tests/fetch/origin/resources/redirect-and-stash.py
@@ -0,0 +1,29 @@
+import json
+
+def main(request, response):
+    key = request.GET.first("stash")
+    origin = request.headers.get("origin")
+    if origin is None:
+        origin = "no Origin header"
+
+    origin_list = request.server.stash.take(key)
+
+    if "dump" in request.GET:
+        response.headers.set("content-Type", "application/json")
+        response.content = json.dumps(origin_list)
+        return
+
+    if origin_list is None:
+        origin_list = [origin]
+    else:
+        origin_list.append(origin)
+
+    request.server.stash.put(key, origin_list)
+
+    if "location" in request.GET:
+        response.status = 308
+        response.headers.set("Location", request.GET.first("location"))
+        return
+
+    response.headers.set("content-Type", "text/plain")
+    response.content = "Fix https://github.com/whatwg/fetch/issues/737..."