| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/js-test-resources/js-test.js"></script> |
| <script> |
| description("Tests that a cross-origin fetch in an iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header."); |
| jsTestIsAsync = true; |
| testRunner.dumpChildFramesAsText(); |
| |
| function addIframe (url) { |
| iframeElement = document.createElement("iframe"); |
| iframeElement.src = url; |
| document.body.appendChild(iframeElement); |
| } |
| |
| var ipAddressIframeDone = false; |
| var localhostIframeDone = false; |
| function receiveMessage(event) { |
| if (event.origin === "http://127.0.0.1:8000") { |
| ipAddressIframeDone = true; |
| if (event.data.indexOf("fetchSuccess") !== -1) |
| testFailed("Localhost fetch in 127.0.0.1 iframe succeeded."); |
| else if (event.data.indexOf("fetchError") === -1) |
| testFailed("Received an unrecognized message. " + event.data); |
| addIframe("http://localhost:8000/from-origin/resources/iframeIPAddressFetch.html"); |
| } else if (event.origin === "http://localhost:8000") { |
| localhostIframeDone = true; |
| if (event.data.indexOf("fetchSuccess") !== -1) |
| testFailed("127.0.0.1 fetch in localhost iframe succeeded."); |
| else if (event.data.indexOf("fetchError") === -1) |
| testFailed("Received an unrecognized message. " + event.data); |
| } else { |
| testFailed("Received a message from an unexpected origin: " + event.origin); |
| finishJSTest(); |
| } |
| |
| if (ipAddressIframeDone && localhostIframeDone) { |
| testPassed("Localhost fetch in 127.0.0.1 iframe blocked and 127.0.0.1 fetch in localhost iframe blocked."); |
| finishJSTest(); |
| } |
| } |
| |
| window.addEventListener("message", receiveMessage, false); |
| |
| function run() { |
| addIframe("http://127.0.0.1:8000/from-origin/resources/iframeLocalhostFetch.html"); |
| } |
| </script> |
| </head> |
| <body onload="run()"> |
| </body> |
| </html> |