зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1493449. Change the default credentials mode for module scripts from 'omit' to 'same-origin'. r=farre
The tests come directly from https://github.com/web-platform-tests/wpt/pull/13176 and https://github.com/web-platform-tests/wpt/pull/13245 Differential Revision: https://phabricator.services.mozilla.com/D7113 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Boris Zbarsky
Родитель
e8874566d6
Коммит
4983b1e55c
|
|
@ -1070,9 +1070,8 @@ ScriptLoader::StartLoad(ScriptLoadRequest* aRequest)
|
|||
// According to the spec, module scripts have different behaviour to classic
|
||||
// scripts and always use CORS.
|
||||
securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
if (aRequest->CORSMode() == CORS_NONE) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_OMIT;
|
||||
} else if (aRequest->CORSMode() == CORS_ANONYMOUS) {
|
||||
if (aRequest->CORSMode() == CORS_NONE ||
|
||||
aRequest->CORSMode() == CORS_ANONYMOUS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
|
||||
} else {
|
||||
MOZ_ASSERT(aRequest->CORSMode() == CORS_USE_CREDENTIALS);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
[dynamic-imports-credentials.sub.html]
|
||||
[Dynamic imports should be loaded with or without the credentials based on the same-origin-ness and the parent script's crossOrigin attribute]
|
||||
expected: FAIL
|
||||
bug: 1342012
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
[dynamic-imports-fetch-error.sub.html]
|
||||
[import(): error cases occuring during fetching]
|
||||
expected: FAIL
|
||||
bug: 1342012
|
||||
|
|
|
|||
|
|
@ -39,31 +39,31 @@ promise_test(t => {
|
|||
}).then(() => {
|
||||
const w = iframe.contentWindow;
|
||||
|
||||
assert_equals(w.sameOriginNone, 'not found',
|
||||
'Modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
|
||||
assert_equals(w.sameOriginNone, 'found',
|
||||
'Modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
|
||||
assert_equals(w.sameOriginAnonymous, 'found',
|
||||
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
|
||||
assert_equals(w.sameOriginUseCredentials, 'found',
|
||||
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
|
||||
assert_equals(w.crossOriginNone, 'not found',
|
||||
'Modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
|
||||
'Modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
|
||||
assert_equals(w.crossOriginAnonymous, 'not found',
|
||||
'Modules should be loaded without the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
|
||||
'Modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
|
||||
assert_equals(w.crossOriginUseCredentials, 'found',
|
||||
'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
|
||||
|
||||
assert_equals(w.sameOriginNoneDecendent, 'not found',
|
||||
'Decendent modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
|
||||
assert_equals(w.sameOriginAnonymousDecendent, 'found',
|
||||
'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
|
||||
assert_equals(w.sameOriginUseCredentialsDecendent, 'found',
|
||||
'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
|
||||
assert_equals(w.crossOriginNoneDecendent, 'not found',
|
||||
'Decendent modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
|
||||
assert_equals(w.crossOriginAnonymousDecendent, 'not found',
|
||||
'Decendent modules should be loaded without the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
|
||||
assert_equals(w.crossOriginUseCredentialsDecendent, 'found',
|
||||
'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
|
||||
assert_equals(w.sameOriginNoneDescendant, 'found',
|
||||
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
|
||||
assert_equals(w.sameOriginAnonymousDescendant, 'found',
|
||||
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
|
||||
assert_equals(w.sameOriginUseCredentialsDescendant, 'found',
|
||||
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
|
||||
assert_equals(w.crossOriginNoneDescendant, 'not found',
|
||||
'Descendant modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
|
||||
assert_equals(w.crossOriginAnonymousDescendant, 'not found',
|
||||
'Descendant modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
|
||||
assert_equals(w.crossOriginUseCredentialsDescendant, 'found',
|
||||
'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
|
||||
});
|
||||
}, 'Modules should be loaded with or without the credentials based on the same-origin-ness and the crossOrigin attribute');
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,58 @@
|
|||
<!DOCTYPE html>
|
||||
<meta charset="utf-8">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/get-host-info.sub.js"></script>
|
||||
|
||||
<script type="text/javascript">
|
||||
host_info = get_host_info();
|
||||
|
||||
document.cookie = 'same=1';
|
||||
|
||||
const setCookiePromise = fetch(
|
||||
'http://{{domains[www2]}}:{{ports[http][0]}}/cookies/resources/set-cookie.py?name=cross&path=/html/semantics/scripting-1/the-script-element/module/',
|
||||
{
|
||||
mode: 'no-cors',
|
||||
credentials: 'include',
|
||||
});
|
||||
|
||||
const windowLoadPromise = new Promise(resolve => {
|
||||
window.addEventListener('load', () => {
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
|
||||
promise_test(t => {
|
||||
const iframe = document.createElement('iframe');
|
||||
|
||||
return Promise.all([setCookiePromise, windowLoadPromise]).then(() => {
|
||||
const messagePromise = new Promise(resolve => {
|
||||
window.addEventListener('message', event => {
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
|
||||
iframe.src = '../resources/dynamic-import-credentials-iframe.sub.html';
|
||||
document.body.appendChild(iframe);
|
||||
|
||||
return messagePromise;
|
||||
}).then(() => {
|
||||
const w = iframe.contentWindow;
|
||||
|
||||
assert_equals(w.sameOriginNoneDynamicDescendant, 'found',
|
||||
'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
|
||||
assert_equals(w.sameOriginAnonymousDynamicDescendant, 'found',
|
||||
'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
|
||||
assert_equals(w.sameOriginUseCredentialsDynamicDescendant, 'found',
|
||||
'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
|
||||
assert_equals(w.crossOriginNoneDynamicDescendant, 'not found',
|
||||
'Dynamic descendant modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
|
||||
assert_equals(w.crossOriginAnonymousDynamicDescendant, 'not found',
|
||||
'Dynamic descendant modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
|
||||
assert_equals(w.crossOriginUseCredentialsDynamicDescendant, 'found',
|
||||
'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
|
||||
});
|
||||
}, 'Dynamic imports should be loaded with or without the credentials based on the same-origin-ness and the parent script\'s crossOrigin attribute');
|
||||
</script>
|
||||
<body>
|
||||
</body>
|
||||
|
|
@ -25,22 +25,22 @@
|
|||
</script>
|
||||
|
||||
<script type="module">
|
||||
import "./check-cookie.py?id=sameOriginNoneDecendent&cookieName=same";
|
||||
import "./check-cookie.py?id=sameOriginNoneDescendant&cookieName=same";
|
||||
</script>
|
||||
<script type="module" crossOrigin="anonymous">
|
||||
import "./check-cookie.py?id=sameOriginAnonymousDecendent&cookieName=same";
|
||||
import "./check-cookie.py?id=sameOriginAnonymousDescendant&cookieName=same";
|
||||
</script>
|
||||
<script type="module" crossOrigin="use-credentials">
|
||||
import "./check-cookie.py?id=sameOriginUseCredentialsDecendent&cookieName=same";
|
||||
import "./check-cookie.py?id=sameOriginUseCredentialsDescendant&cookieName=same";
|
||||
</script>
|
||||
<script type="module">
|
||||
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDecendent&cookieName=cross";
|
||||
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDescendant&cookieName=cross";
|
||||
</script>
|
||||
<script type="module" crossOrigin="anonymous">
|
||||
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDecendent&cookieName=cross";
|
||||
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDescendant&cookieName=cross";
|
||||
</script>
|
||||
<script type="module" crossOrigin="use-credentials">
|
||||
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDecendent&cookieName=cross";
|
||||
import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDescendant&cookieName=cross";
|
||||
</script>
|
||||
|
||||
<script type="text/javascript">
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
<!DOCTYPE html>
|
||||
<script type="module">
|
||||
import("./check-cookie.py?id=sameOriginNoneDynamicDescendant&cookieName=same");
|
||||
</script>
|
||||
<script type="module" crossOrigin="anonymous">
|
||||
import("./check-cookie.py?id=sameOriginAnonymousDynamicDescendant&cookieName=same");
|
||||
</script>
|
||||
<script type="module" crossOrigin="use-credentials">
|
||||
import("./check-cookie.py?id=sameOriginUseCredentialsDynamicDescendant&cookieName=same");
|
||||
</script>
|
||||
<script type="module">
|
||||
import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDynamicDescendant&cookieName=cross");
|
||||
</script>
|
||||
<script type="module" crossOrigin="anonymous">
|
||||
import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDynamicDescendant&cookieName=cross");
|
||||
</script>
|
||||
<script type="module" crossOrigin="use-credentials">
|
||||
import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDynamicDescendant&cookieName=cross");
|
||||
</script>
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
window.addEventListener('load', event => {
|
||||
window.parent.postMessage({}, '*');
|
||||
});
|
||||
</script>
|
||||
Загрузка…
Ссылка в новой задаче