LayoutTests/imported/w3c/web-platform-tests/subresource-integrity/sri-test-helpers.sub.js - WebKit - Git at Google

 // This horrible hack is needed for the 'use-credentials' tests because, on
 // response, if port 80 or 443 is the current port, it will not appear to
 // the browser as part of the origin string. Since the origin *string* is
 // used for CORS access control, instead of the origin itself, if there
 // isn't an exact string match, the check will fail. For example,
 // "http://example.com" would not match "http://example.com:80", because
 // they are not exact string matches, even though the origins are the same.
 //
 // Thus, we only want the Access-Control-Allow-Origin header to have
 // the port if it's not port 80 or 443, since the user agent will elide the
 // ports in those cases.
 const main_domain = '{{domains[]}}';
 const www_domain = '{{hosts[alt][]}}';
 const default_port = (location.protocol === 'https:') ? '{{ports[https][0]}}' :
                                                         '{{ports[http][0]}}';

 const port_string = (default_port !== '80' && default_port !== '443') ?
                       `:${default_port}` : '';
 const www_host_and_port = www_domain + port_string;

 // General resource prefixes.
 const same_origin_prefix = '/subresource-integrity/';
 const xorigin_prefix = `${location.protocol}//${www_host_and_port}/subresource-integrity/`;

 // General resource suffixes, for piping CORS headers.
 const anonymous = '&pipe=header(Access-Control-Allow-Origin,*)';
 const use_credentials = "&pipe=header(Access-Control-Allow-Credentials,true)|" +
                         "header(Access-Control-Allow-Origin," + location.origin + ")";

 // Note that all of these style URLs have query parameters started, so any
 // additional parameters should be appended starting with '&'.
 const xorigin_anon_style = location.protocol
   + '//' + www_host_and_port
   + '/subresource-integrity/crossorigin-anon-style.css?';

 const xorigin_creds_style = location.protocol
   + '//' + www_host_and_port
   + '/subresource-integrity/crossorigin-creds-style.css?acao_port='
   + port_string;

 const xorigin_ineligible_style = location.protocol
   + '//' + www_host_and_port
   + '/subresource-integrity/crossorigin-ineligible-style.css?';
	// This horrible hack is needed for the 'use-credentials' tests because, on
	// response, if port 80 or 443 is the current port, it will not appear to
	// the browser as part of the origin string. Since the origin string is
	// used for CORS access control, instead of the origin itself, if there
	// isn't an exact string match, the check will fail. For example,
	// "http://example.com" would not match "http://example.com:80", because
	// they are not exact string matches, even though the origins are the same.
	//
	// Thus, we only want the Access-Control-Allow-Origin header to have
	// the port if it's not port 80 or 443, since the user agent will elide the
	// ports in those cases.
	const main_domain = '{{domains[]}}';
	const www_domain = '{{hosts[alt][]}}';
	const default_port = (location.protocol === 'https:') ? '{{ports[https][0]}}' :
	'{{ports[http][0]}}';

	const port_string = (default_port !== '80' && default_port !== '443') ?
	`:${default_port}` : '';
	const www_host_and_port = www_domain + port_string;

	// General resource prefixes.
	const same_origin_prefix = '/subresource-integrity/';
	const xorigin_prefix = `${location.protocol}//${www_host_and_port}/subresource-integrity/`;

	// General resource suffixes, for piping CORS headers.
	const anonymous = '&pipe=header(Access-Control-Allow-Origin,*)';
	const use_credentials = "&pipe=header(Access-Control-Allow-Credentials,true)\|" +
	"header(Access-Control-Allow-Origin," + location.origin + ")";

	// Note that all of these style URLs have query parameters started, so any
	// additional parameters should be appended starting with '&'.
	const xorigin_anon_style = location.protocol
	+ '//' + www_host_and_port
	+ '/subresource-integrity/crossorigin-anon-style.css?';

	const xorigin_creds_style = location.protocol
	+ '//' + www_host_and_port
	+ '/subresource-integrity/crossorigin-creds-style.css?acao_port='
	+ port_string;

	const xorigin_ineligible_style = location.protocol
	+ '//' + www_host_and_port
	+ '/subresource-integrity/crossorigin-ineligible-style.css?';