| <!doctype html> |
| <meta charset="utf-8"> |
| <title>HTMLScriptElement: crossorigin attribute network test</title> |
| <link rel="author" title="KiChjang" href="mailto:kungfukeith11@gmail.com"> |
| <link rel="help" href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute"> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| |
| <body> |
| <script type="text/javascript"> |
| var test1 = async_test(document.title + "1"); |
| var test2 = async_test(document.title + "2"); |
| var test3 = async_test(document.title + "3"); |
| |
| var script1 = document.createElement("script"); |
| script1.src = "resources/cross-origin.py"; |
| script1.crossOrigin = "use-credentials"; |
| var script2 = document.createElement("script"); |
| script2.src = "resources/cross-origin.py"; |
| script2.crossOrigin = "gibberish"; |
| var script3 = document.createElement("script"); |
| script3.src = "resources/cross-origin.py"; |
| |
| document.cookie = "milk=yes"; |
| document.body.appendChild(script1); |
| script1.onload = function() { |
| test1.step(function() { |
| assert_true(included, "credentials should be included in script request"); |
| test1.done(); |
| }); |
| }; |
| |
| document.body.appendChild(script2); |
| script2.onload = function() { |
| test2.step(function() { |
| assert_true(included, "invalid values should default to include credentials due to response tainting"); |
| test2.done(); |
| }); |
| }; |
| |
| document.body.appendChild(script3); |
| script3.onload = function() { |
| test3.step(function() { |
| assert_true(included, "missing value should default to include credentials"); |
| test3.done(); |
| }); |
| }; |
| </script> |
| </body> |