CORS: Add content-length to the safelisted response header name

Make the safelisted response header name up to date to conform
the latest spec.

Bug: 841308
Change-Id: I4f27f520e2596dd24d2737f4d1d0a712a3e79bfb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1599765
Auto-Submit: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#659397}

third_party/blink/renderer/platform/loader/cors/cors.cc

@@ -435,13 +435,17 @@ WebHTTPHeaderSet ExtractCorsExposedHeaderNamesList(
 bool IsCorsSafelistedResponseHeader(const String& name) {
   // https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name
   // TODO(dcheng): Consider using a flat_set here with a transparent comparator.
-  // TODO(toyoshim): This set is missing "content-length".
-  DEFINE_THREAD_SAFE_STATIC_LOCAL(
-      WebHTTPHeaderSet, allowed_cross_origin_response_headers,
-      ({
-          "cache-control", "content-language", "content-type", "expires",
-          "last-modified", "pragma",
-      }));
+  DEFINE_THREAD_SAFE_STATIC_LOCAL(WebHTTPHeaderSet,
+                                  allowed_cross_origin_response_headers,
+                                  ({
+                                      "cache-control",
+                                      "content-language",
+                                      "content-length",
+                                      "content-type",
+                                      "expires",
+                                      "last-modified",
+                                      "pragma",
+                                  }));
   return allowed_cross_origin_response_headers.find(name.Ascii().data()) !=
          allowed_cross_origin_response_headers.end();
 }

third_party/blink/web_tests/external/wpt/fetch/api/cors/cors-filtering.sub.any-expected.txt

-This is a testharness.js-based test.
-PASS CORS filter on Cache-Control header
-PASS CORS filter on Content-Language header
-PASS CORS filter on Content-Type header
-PASS CORS filter on Expires header
-PASS CORS filter on Last-Modified header
-PASS CORS filter on Pragma header
-FAIL CORS filter on Content-Length header assert_equals: Content-Length header should be included in response with value: 3 expected (string) "3" but got (object) null
-PASS CORS filter on Age header
-PASS CORS filter on Server header
-PASS CORS filter on Warning header
-PASS CORS filter on Set-Cookie header
-PASS CORS filter on Set-Cookie2 header
-PASS CORS filter on Age header, header is exposed
-PASS CORS filter on Server header, header is exposed
-PASS CORS filter on Warning header, header is exposed
-PASS CORS filter on Set-Cookie header, header is forbidden
-PASS CORS filter on Set-Cookie2 header, header is forbidden
-PASS CORS filter on Set-Cookie header, header is forbidden(credentials = include)
-PASS CORS filter on Set-Cookie2 header, header is forbidden(credentials = include)
-Harness: the test ran to completion.
-

third_party/blink/web_tests/external/wpt/fetch/api/cors/cors-filtering.sub.any.worker-expected.txt

-This is a testharness.js-based test.
-PASS CORS filter on Cache-Control header
-PASS CORS filter on Content-Language header
-PASS CORS filter on Content-Type header
-PASS CORS filter on Expires header
-PASS CORS filter on Last-Modified header
-PASS CORS filter on Pragma header
-FAIL CORS filter on Content-Length header assert_equals: Content-Length header should be included in response with value: 3 expected (string) "3" but got (object) null
-PASS CORS filter on Age header
-PASS CORS filter on Server header
-PASS CORS filter on Warning header
-PASS CORS filter on Set-Cookie header
-PASS CORS filter on Set-Cookie2 header
-PASS CORS filter on Age header, header is exposed
-PASS CORS filter on Server header, header is exposed
-PASS CORS filter on Warning header, header is exposed
-PASS CORS filter on Set-Cookie header, header is forbidden
-PASS CORS filter on Set-Cookie2 header, header is forbidden
-PASS CORS filter on Set-Cookie header, header is forbidden(credentials = include)
-PASS CORS filter on Set-Cookie2 header, header is forbidden(credentials = include)
-Harness: the test ran to completion.
-

third_party/blink/web_tests/http/tests/fetch/resources/filtered-response.php

@@ -3,9 +3,12 @@
 header('Set-Cookie: cookie3=test-cookie');
 header('Set-Cookie2: cookie4=test-cookie2');
 
+$content = "Success.";
+
 // Headers NOT filtered in 'CORS filtered response'
 header('Cache-Control: private, no-store, no-cache, must-revalidate');
 header('Content-Language: test-content-language');
+header('Content-Length: ' . strlen($content));
 header('Content-Type: test-content-type');
 header('Expires: test-expires');
 header('Last-Modified: test-last-modified');
@@ -19,5 +22,5 @@ header('X-test2: test-x-test2');
 
 header('Access-Control-Allow-Origin: *');
 
-echo "Success.";
-?>
\ No newline at end of file
+echo $content;
+?>

third_party/blink/web_tests/http/tests/fetch/script-tests/filtered-response.js

@@ -31,6 +31,7 @@ function check_headers(headers,
 var headers_common = [
   ['cAche-cOntrol', 'private, no-store, no-cache, must-revalidate'],
   ['cOntent-lAnguage', 'test-content-language'],
+  ['cOntent-lEngth', '8'],  // size of response body "Success."
   ['cOntent-tYpe', 'test-content-type'],
   ['eXpires', 'test-expires'],
   ['lAst-mOdified', 'test-last-modified'],

third_party/blink/web_tests/http/tests/fetch/script-tests/thorough/cors-preflight.js

@@ -23,12 +23,12 @@ var TEST_TARGETS = [];
        [fetchRejected]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&ACAHeaders=x-serviceworker-test',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=' + BASE_ORIGIN +
        '&ACAHeaders=x-serviceworker-test',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&ACAHeaders=x-serviceworker-test' +
@@ -47,7 +47,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*' +
        '&PACAHeaders=x-serviceworker-test&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*' +
@@ -68,14 +68,14 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*' +
        '&PACAHeaders=x-serviceworker-test&PACEHeaders=Content-Length, X-ServiceWorker-ServerHeader&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
 
       // Test that CORS preflight with Status 2XX succeeds.
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*' +
        '&PACAHeaders=x-serviceworker-test&PreflightTest=201',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
 
       // Test that CORS preflight with Status other than 2XX fails.
@@ -97,7 +97,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM2&ACAOrigin=*' +
        '&PACAOrigin=*&PACAHeaders=x-servicEworker-u,x-servicEworker-ua,x-servicewOrker-test,x-sErviceworker-s,x-sErviceworker-v&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader2]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM2&ACAOrigin=*&PACAOrigin=*' +
@@ -109,7 +109,7 @@ var TEST_TARGETS = [];
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*' +
        '&PACAHeaders=x-serviceworker-test&PACRMethod=' + method +
        '&PACRHeaders=x-serviceworker-test&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       // Test Access-Control-Request-Headers is sorted https://crbug.com/452391
 
@@ -117,7 +117,7 @@ var TEST_TARGETS = [];
        '&headers=CUSTOM2&ACAOrigin=*&PACAOrigin=*' +
        '&PACAHeaders=x-servicEworker-u,x-servicEworker-ua,x-servicewOrker-test,x-sErviceworker-s,x-sErviceworker-v&PACRMethod=' + method +
        '&PACRHeaders=x-serviceworker-s,x-serviceworker-test,x-serviceworker-u,x-serviceworker-ua,x-serviceworker-v&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader2]]);
   });
 

third_party/blink/web_tests/http/tests/fetch/script-tests/thorough/cors-preflight2.js

@@ -28,7 +28,7 @@ var TEST_TARGETS = [];
        [fetchRejected]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&ACAMethods=' + method,
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&headers=CUSTOM&ACAMethods=' + method,
@@ -36,7 +36,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&headers=CUSTOM&ACAMethods=' + method +
        '&ACAHeaders=x-serviceworker-test',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&headers=CUSTOM&ACAMethods=' + method +
@@ -50,7 +50,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&headers=CUSTOM&ACAMethods=PUT, XXX' +
        '&ACAHeaders=x-serviceworker-test',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&headers=CUSTOM&ACAMethods=PUT, XXX' +
@@ -62,7 +62,7 @@ var TEST_TARGETS = [];
        [fetchRejected]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=' + BASE_ORIGIN + '&ACAMethods=' + method,
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=' + BASE_ORIGIN + '&headers=CUSTOM&ACAMethods=' + method,
@@ -70,7 +70,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=' + BASE_ORIGIN + '&headers=CUSTOM&ACAMethods=' + method +
        '&ACAHeaders=x-serviceworker-test',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=' + BASE_ORIGIN + '&headers=CUSTOM&ACAMethods=' + method +
@@ -84,7 +84,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=' + BASE_ORIGIN +
        '&headers=CUSTOM&ACAMethods=PUT, XXX&ACAHeaders=x-serviceworker-test',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=' + BASE_ORIGIN +
@@ -97,7 +97,7 @@ var TEST_TARGETS = [];
       // CORS preflight fetch.
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method + '&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&PACAOrigin=*&ACAMethods=' + method + '&PreflightTest=200',
@@ -108,7 +108,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
        '&PACAHeaders=x-serviceworker-test&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
@@ -128,13 +128,13 @@ var TEST_TARGETS = [];
        '&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
        '&PACEHeaders=Content-Length, X-ServiceWorker-ServerHeader' +
        '&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod]],
 
       // Test that CORS preflight with Status 2XX succeeds.
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method + '&PreflightTest=201',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod]],
 
       // Test that CORS preflight with Status other than 2XX fails.
@@ -153,7 +153,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM2&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
        '&PACAHeaders=x-servicEworker-u,x-servicEworker-ua,x-servicewOrker-test,x-sErviceworker-s,x-sErviceworker-v&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader2]],
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=CUSTOM2&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
@@ -165,7 +165,7 @@ var TEST_TARGETS = [];
        '&headers=CUSTOM&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
        '&PACAHeaders=x-serviceworker-test&PACRMethod=' + method +
        '&PACRHeaders=x-serviceworker-test&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader]],
 
       // Verify that Access-Control-Request-Headers: is not present in preflight
@@ -173,7 +173,7 @@ var TEST_TARGETS = [];
       [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=' + method +
        '&headers=SAFE&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
        '&PACRHeaders=missing&PACRMethod=' + method + '&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod]],
 
       // Test Access-Control-Request-Headers is sorted https://crbug.com/452391
@@ -181,7 +181,7 @@ var TEST_TARGETS = [];
        '&headers=CUSTOM2&ACAOrigin=*&PACAOrigin=*&PACAMethods=' + method +
        '&PACAHeaders=x-servicEworker-u,x-servicEworker-ua,x-servicewOrker-test,x-sErviceworker-s,x-sErviceworker-v&PACRMethod=' + method +
        '&PACRHeaders=x-serviceworker-s,x-serviceworker-test,x-serviceworker-u,x-serviceworker-ua,x-serviceworker-v&PreflightTest=200',
-       [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+       [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
        [checkMethod, hasCustomHeader2]]);
   });
 

third_party/blink/web_tests/http/tests/fetch/script-tests/thorough/cors.js

@@ -21,11 +21,11 @@ var TEST_TARGETS = [
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=GET',
    [fetchRejected]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=GET&ACAOrigin=*',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=GET' +
    '&ACAOrigin=' + BASE_ORIGIN,
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=GET&' +
    'ACAOrigin=' + BASE_ORIGIN + ',http://www.example.com',
@@ -39,12 +39,12 @@ var TEST_TARGETS = [
   // Tests for Access-Control-Expose-Headers header.
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=GET&ACAOrigin=*' +
    '&ACEHeaders=X-ServiceWorker-ServerHeader',
-   [fetchResolved, noContentLength, hasServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeCors],
    [methodIsGET]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=GET' +
    '&ACAOrigin=' + BASE_ORIGIN +
    '&ACEHeaders=X-ServiceWorker-ServerHeader',
-   [fetchResolved, noContentLength, hasServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeCors],
    [methodIsGET]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=GET' +
    '&ACAOrigin=*&ACEHeaders=Content-Length, X-ServiceWorker-ServerHeader',
@@ -64,11 +64,11 @@ var TEST_TARGETS = [
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=POST',
    [fetchRejected]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=POST&ACAOrigin=*',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsPOST]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=POST' +
    '&ACAOrigin=' + BASE_ORIGIN,
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsPOST]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=POST' +
    '&ACAOrigin=' + BASE_ORIGIN +
@@ -83,11 +83,11 @@ var TEST_TARGETS = [
   // Tests for Access-Control-Expose-Headers header.
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=POST' +
    '&ACAOrigin=*&ACEHeaders=X-ServiceWorker-ServerHeader',
-   [fetchResolved, noContentLength, hasServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeCors],
    [methodIsPOST]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=POST' +
    '&ACAOrigin=' + BASE_ORIGIN + '&ACEHeaders=X-ServiceWorker-ServerHeader',
-   [fetchResolved, noContentLength, hasServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, hasServerHeader, hasBody, typeCors],
    [methodIsPOST]],
   [OTHER_BASE_URL + 'mode=cors&credentials=same-origin&method=POST' +
    '&ACAOrigin=*&ACEHeaders=Content-Length, X-ServiceWorker-ServerHeader',

third_party/blink/web_tests/http/tests/fetch/script-tests/thorough/redirect-credentials.js

@@ -34,13 +34,13 @@ var TEST_TARGETS = [
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL + '&ACAOrigin=' + BASE_ORIGIN + '') +
    '&mode=cors&credentials=omit&method=GET',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL +
                       '&ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true') +
    '&mode=cors&credentials=omit&method=GET',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
 
   [REDIRECT_URL +
@@ -51,51 +51,51 @@ var TEST_TARGETS = [
    encodeURIComponent(OTHER_BASE_URL +
                       '&ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true') +
    '&mode=cors&credentials=include&method=GET',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheck2]],
 
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL + '&ACAOrigin=' + BASE_ORIGIN + '') +
    '&mode=cors&credentials=same-origin&method=GET',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL +
                       '&ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true') +
    '&mode=cors&credentials=same-origin&method=GET',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
 
   // Redirect: other origin -> same origin
   // Credentials test
   [OTHER_REDIRECT_URL + encodeURIComponent(BASE_URL + 'ACAOrigin=*') +
    '&mode=cors&credentials=omit&method=GET&ACAOrigin=*',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
   [OTHER_REDIRECT_URL + encodeURIComponent(BASE_URL + 'ACAOrigin=*') +
    '&mode=cors&credentials=include&method=GET&ACAOrigin=*',
    [fetchRejected]],
   [OTHER_REDIRECT_URL + encodeURIComponent(BASE_URL + 'ACAOrigin=*') +
    '&mode=cors&credentials=same-origin&method=GET&ACAOrigin=*',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(BASE_URL + 'ACAOrigin=null&ACACredentials=true') +
    '&mode=cors&credentials=omit&method=GET' +
    '&ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(BASE_URL + 'ACAOrigin=null&ACACredentials=true') +
    '&mode=cors&credentials=include&method=GET' +
    '&ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheck1]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(BASE_URL + 'ACAOrigin=null&ACACredentials=true') +
    '&mode=cors&credentials=same-origin&method=GET' +
    '&ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors],
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors],
    [methodIsGET, authCheckNone]],
 ];
 

third_party/blink/web_tests/http/tests/fetch/script-tests/thorough/redirect-loop.js

@@ -30,7 +30,7 @@ var TEST_TARGETS = [
   // Redirect loop: same origin -> other origin
   [REDIRECT_LOOP_URL + encodeURIComponent(OTHER_BASE_URL + '&ACAOrigin=*') +
    '&Count=20&mode=cors&credentials=same-origin&method=GET',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors,
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors,
     responseRedirected,
     checkURLList.bind(
         self,
@@ -47,7 +47,7 @@ var TEST_TARGETS = [
   // Redirect loop: other origin -> same origin
   [OTHER_REDIRECT_LOOP_URL + encodeURIComponent(BASE_URL + 'ACAOrigin=*') +
    '&Count=20&mode=cors&credentials=same-origin&method=GET&ACAOrigin=*',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors,
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors,
     responseRedirected,
     checkURLList.bind(
         self,
@@ -66,7 +66,7 @@ var TEST_TARGETS = [
   [OTHER_REDIRECT_LOOP_URL +
    encodeURIComponent(OTHER_BASE_URL + 'ACAOrigin=*') +
    '&Count=20&mode=cors&credentials=same-origin&method=GET&ACAOrigin=*',
-   [fetchResolved, noContentLength, noServerHeader, hasBody, typeCors,
+   [fetchResolved, hasContentLength, noServerHeader, hasBody, typeCors,
     responseRedirected,
     checkURLList.bind(
         self,