blob: 94a872e6e3db5d6666c9b44c4df0c66d7e0aa9a0 [file] [log] [blame]
if (this.document === undefined) {
importScripts("/js-test-resources/testharness.js");
importScripts("resources/sri-utilities.js");
}
var main_host = '127.0.0.1';
var remote_host = 'localhost';
var port_string = "8000";
var main_host_and_port = main_host + ':' + port_string;
var remote_host_and_port = remote_host + ':' + port_string;
var resource = "resources/resource.txt";
var empty_resource = "resources/empty-resource.txt";
var crossorigin_anon_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-anon-resource.txt';
var crossorigin_creds_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-creds-resource.txt';
var crossorigin_ineligible_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-ineligible-resource.txt';
function integrity(desc, url, options, expectedError) {
if (expectedError === undefined) {
promise_test(function(test) {
return fetch(url, options).then(function(resp) {
assert_equals(resp.status, 200, "Response's status is 200");
});
}, desc);
} else {
promise_test(function(test) {
return promise_rejects_js(test, expectedError, fetch(url, options));
}, desc);
}
}
var topSha256 = "sha256-KHIDZcXnR2oBHk9DrAA+5fFiR6JjudYjqoXtMR1zvzk=";
var topSha384 = "sha384-MgZYnnAzPM/MjhqfOIMfQK5qcFvGZsGLzx4Phd7/A8fHTqqLqXqKo8cNzY3xEPTL";
var topSha512 = "sha512-D6yns0qxG0E7+TwkevZ4Jt5t7Iy3ugmAajG/dlf6Pado1JqTyneKXICDiqFIkLMRExgtvg8PlxbKTkYfRejSOg==";
var invalidSha256 = "sha256-dKUcPOn/AlUjWIwcHeHNqYXPlvyGiq+2dWOdFcE+24I=";
var invalidSha512 = "sha512-oUceBRNxPxnY60g/VtPCj2syT4wo4EZh2CgYdWy9veW8+OsReTXoh7dizMGZafvx9+QhMS39L/gIkxnPIn41Zg==";
var unknownAlgorithm = "foo666-dKUcPOn/AlUjWIwcHeHNqYXPlvyGiq+2dWOdFcE+24I=";
integrity("Empty string integrity", resource, { 'integrity': "" });
integrity("SHA-256 integrity", resource, { 'integrity': topSha256 });
integrity("SHA-384 integrity", resource, { 'integrity': topSha384 });
integrity("SHA-512 integrity", resource, { 'integrity': topSha512 });
integrity("Invalid integrity", resource, { 'integrity': invalidSha256 }, TypeError);
integrity("Unknown integrity", resource, { 'integrity': unknownAlgorithm });
integrity("Multiple integrities: valid stronger than invalid", resource, { 'integrity': invalidSha256 + " " + topSha384 });
integrity("Multiple integrities: invalid stronger than valid", resource, { 'integrity': invalidSha512 + " " + topSha384 }, TypeError);
integrity("Multiple integrities: invalid as strong as valid", resource, { 'integrity': invalidSha512 + " " + topSha512 });
integrity("Multiple integrities: both are valid", resource, { 'integrity': topSha384 + " " + topSha512 });
integrity("Multiple integrities: both are invalid", resource, { 'integrity': invalidSha256 + " " + invalidSha512 }, TypeError);
integrity("Anonymous CORS empty integrity", crossorigin_anon_resource, { 'integrity': "" });
integrity("Anonymous CORS SHA-512 integrity", crossorigin_anon_resource, { 'integrity': topSha512 });
integrity("Anonymous CORS invalid integrity", crossorigin_anon_resource, { 'integrity': invalidSha512 }, TypeError);
// FIXME: Upstream these additional tests to the official web-platform-tests repository.
integrity("Credential CORS empty integrity", crossorigin_creds_resource, { 'integrity': "", 'credentials': 'include' });
integrity("Credential CORS SHA-512 integrity", crossorigin_creds_resource, { 'integrity': topSha512, 'credentials': 'include' });
integrity("Credential CORS invalid integrity", crossorigin_creds_resource, { 'integrity': invalidSha512, 'credentials': 'include' }, TypeError);
integrity("Ineligible CORS empty integrity", crossorigin_ineligible_resource, { 'integrity': "" }, TypeError);
integrity("Ineligible CORS SHA-512 integrity", crossorigin_ineligible_resource, { 'integrity': topSha512 }, TypeError);
integrity("Ineligible CORS invalid integrity", crossorigin_ineligible_resource, { 'integrity': invalidSha512 }, TypeError);
integrity("SHA-256 integrity with 'no-cors' mode", resource, { 'integrity': topSha256, 'mode': 'no-cors' });
integrity("Resource with zero length body", empty_resource, { 'integrity': "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" });
done();