Bug 1478689 [wpt PR 12192] - [OOR-CORS] Add a wpt for CORS with sandboxed-iframe, a=testonly

Automatic update from web-platform-tests[OOR-CORS] Add a wpt for CORS with sandboxed-iframe CORSURLLoader uses network::ResourceRequest::request_initiator which ignores iframe sandboxing, which is a bug. Let's add a simple test for the behavior. Bug: 867834 Change-Id: Ia45113503f98b3d18e31c785e703d29eee658d08 Reviewed-on: https://chromium-review.googlesource.com/1151167 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#578636} -- wpt-commits: b1f0b037511dbfb6ce9801c57fecc7efed944482 wpt-pr: 12192
2018-07-30 15:17:38 +00:00 · 2018-07-30 15:17:38 +00:00 · e297b5c8de
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@ -275938,6 +275938,11 @@
     {}
    ]
   ],
+   "fetch/api/resources/sandboxed-iframe.html": [
+    [
+     {}
+    ]
+   ],
   "fetch/api/resources/script-with-header.py": [
    [
     {}
@ -347868,6 +347873,12 @@
     {}
    ]
   ],
+   "fetch/api/cors/sandboxed-iframe.html": [
+    [
+     "/fetch/api/cors/sandboxed-iframe.html",
+     {}
+    ]
+   ],
   "fetch/api/credentials/authentication-basic.any.js": [
    [
     "/fetch/api/credentials/authentication-basic.any.html",
@ -580641,6 +580652,10 @@
   "cdf4097d5669241373dc7a03ad52c1cb974b5258",
   "testharness"
  ],
+  "fetch/api/cors/sandboxed-iframe.html": [
+   "feb9f1f2e5bd3e2a1d1937103ea13c2fdb32aea6",
+   "testharness"
+  ],
  "fetch/api/credentials/authentication-basic.any.js": [
   "4969b3042e8dcde56b0adb708fb2c5f64d18a9eb",
   "testharness"
@ -581121,6 +581136,10 @@
   "8e6f9c24b77f7850ea5e8045e8ce276f204f61f4",
   "support"
  ],
+  "fetch/api/resources/sandboxed-iframe.html": [
+   "6e5d5065474d47d34bab3959ae5d0e8f0dc7d072",
+   "support"
+  ],
  "fetch/api/resources/script-with-header.py": [
   "5337cc97bdd7737e40398cb066a98a5246ba4392",
   "support"
--- a/testing/web-platform/tests/fetch/api/cors/sandboxed-iframe.html
+++ b/testing/web-platform/tests/fetch/api/cors/sandboxed-iframe.html
@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<iframe sandbox="allow-scripts" src="../resources/sandboxed-iframe.html"></iframe>
+<script>
+promise_test(async (t) => {
+  const message = await new Promise((resolve) => {
+    window.addEventListener('message', e => resolve(e.data));
+  });
+  assert_equals(message, 'PASS');
+}, 'CORS with sandboxed iframe');
+</script>
+</html>
--- a/testing/web-platform/tests/fetch/api/resources/sandboxed-iframe.html
+++ b/testing/web-platform/tests/fetch/api/resources/sandboxed-iframe.html
@ -0,0 +1,34 @@
+<!doctype html>
+<html>
+<script>
+async function no_cors_should_be_rejected() {
+  let thrown = false;
+  try {
+    const resp = await fetch('top.txt');
+  } catch (e) {
+    thrown = true;
+  }
+  if (!thrown) {
+    throw Error('fetching "top.txt" should be rejected.');
+  }
+}
+
+async function null_origin_should_be_accepted() {
+  const url = 'top.txt?pipe=header(access-control-allow-origin,null)|' +
+              'header(cache-control,no-store)';
+  const resp = await fetch(url);
+}
+
+async function test() {
+  try {
+    await no_cors_should_be_rejected();
+    await null_origin_should_be_accepted();
+    parent.postMessage('PASS', '*');
+  } catch (e) {
+    parent.postMessage(e.message, '*');
+  }
+}
+
+test();
+</script>
+</html>