[OOR-CORS] Fix xmlhttprequest-no-file-access-real.html

The test has used synchronous XHR, but blink::ThreadableLoader ignores
a network error for the synchronous case. Currently CORS is implemented
in ThreadableLoader and thus the error is notified, but that will not
be true with out-of-blink CORS. This CL fixes the test so that it uses
asynchronous XHR to make it pass even with out-of-blink CORS.

Bug: 870173
Change-Id: I1c315ddf7f2a25d54f6de7f297d16677da8ba862
Reviewed-on: https://chromium-review.googlesource.com/c/1245057Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#596124}

third_party/WebKit/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-no-file-access-real.html

@@ -3,43 +3,37 @@
 <html>
 <head>
     <script>
-        function log(message)
-        {
-            var console = document.getElementById('console');
-            console.appendChild(document.createTextNode(message));
-            console.appendChild(document.createElement('br'));
+        function logFailure(message) {
+          window.top.postMessage(message, "*");
+        }
+        function done() {
+          window.top.postMessage("DONE", "*");
         }
-
         function testXHRDenied()
         {
-            log("Checking that same-origin iframes work.");
             var f = document.getElementById("f");
+            // Check that access to an empty iframe allowed.
             f.contentDocument.body.innerHTML = "Successful write into iframe";
-            log("Doing an XHR to an existing file.");
             xhr = new XMLHttpRequest();
 
-            try {
-                xhr.open("GET", "../xmlhttprequest-no-file-access-expected.txt", false);
-                xhr.send("");
-                log("Bad: XHR didn't throw exception");
-            } catch(e) {
-                log("Exception: " + e.message);
-                try {
-                    var results = window.top.document.getElementById('results');
-                    log("Bad: DOM access didn't throw exception");
-                } catch (e) {
-                    log("Exception: " + e.message);
-                    if (window.testRunner) {
-                        setTimeout("testRunner.notifyDone()", 0);
-                    }
-                }
-            }
+            xhr.open("GET", "../xmlhttprequest-no-file-access-expected.txt");
+            xhr.onload = () => {
+              logFailure("Bad: XHR didn't throw exception");
+              done();
+            };
+            xhr.onerror = (e) => {
+                 try {
+                    window.top.document.body;
+                    logFailure("Bad: DOM access didn't throw exception");
+                 } finally {
+                    done();
+                 }
+            };
+            xhr.send("");
         }
         </script>
     </head>
     <body onload="testXHRDenied()">
     <iframe id="f"></iframe>
-        <p> We're checking we can't read an arbitrary file when we set each file:// URI to have a unique domain. </p>
-        <div id="console"/>
     </body>
 </html>

third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt

-CONSOLE WARNING: line 22: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
-CONSOLE ERROR: line 23: Access to XMLHttpRequest at 'xmlhttprequest-no-file-access-expected.txt' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-
-The child iframe cannot paste its textual results into this iframe because it is considered a different domain - that's the point of this test! Therefore, success is denoted by the child iframe calling notifyDone. The test will hang if something goes amiss with the access control checks.

third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-no-file-access.html

 <html>
 <head>
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
 <script>
 if (window.testRunner) {
-    testRunner.dumpAsText();
-    testRunner.waitUntilDone();
     testRunner.setAllowUniversalAccessFromFileURLs(false);
     testRunner.setAllowFileAccessFromFileURLs(false);
 }
 </script>
 </head>
 <body>
+<script>
+async_test((test) => {
+  window.onmessage = (e) => {
+    if (e.data === 'DONE') {
+      test.done();
+      return;
+    }
+    assert_unreached(e.data);
+  };
+}, 'Test if file: origin is treate as (virtually) opaque.');
+</script>
 <iframe src="resources/xmlhttprequest-no-file-access-real.html"></iframe>
-<div id="results"></div>
-The child iframe cannot paste its textual results into this iframe because it
-is considered a different domain - that's the point of this test!
-Therefore, success is denoted by the child iframe calling notifyDone.
-The test will hang if something goes amiss with the access control checks.
 </body>
 </html>