[OOR-CORS] Fix messages for CORS-disabled schemes

With this CL, CORSURLLoader only allows "http", "https" and "data"
schemes for CORS enabled requests. This CL adds a new error code,
kCORSDisabledScheme, for the error. As noted in the design doc[1],
no one updates the scheme list in Chromium, so it's safe to
assume url::GetCORSEnabledSchemes is equivalent to the
counterpart in blink::SchemeRegistry. We are planning to remove
blink::SchemeRegistry::RegisterURLSchemeAsSecure.

The existing xmlhttprequest/resources/cross-origin-unsupported-url.js
output relies heavily on the error output timing. This CL fixes the
test.

Because the error is reported asynchronously, console messages change
a bit (i.e., the line number doesn't show up). We accept that change.

1: https://docs.google.com/document/d/1JNmUcvbw2UcjfdI2uyUpveHXCbae-DQ1n8d_sVs5fLg/edit#heading=h.r9hjqrw3gn9e

Bug: 736308
Cq-Include-Trybots: luci.chromium.try:linux_mojo
Change-Id: Id49ad02e1413353e96c9fed1d0a84d34f0262fab
Reviewed-on: https://chromium-review.googlesource.com/1144903Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#577120}

services/network/cors/cors_url_loader.cc

@@ -352,6 +352,13 @@ void CORSURLLoader::OnComplete(const URLLoaderCompletionStatus& status) {
 }
 
 void CORSURLLoader::StartRequest() {
+  if (fetch_cors_flag_ && !base::ContainsValue(url::GetCORSEnabledSchemes(),
+                                               request_.url.scheme())) {
+    HandleComplete(URLLoaderCompletionStatus(
+        CORSErrorStatus(mojom::CORSError::kCORSDisabledScheme)));
+    return;
+  }
+
   // If the CORS flag is set, |httpRequest|’s method is neither `GET` nor
   // `HEAD`, or |httpRequest|’s mode is "websocket", then append
   // `Origin`/the result of serializing a request origin with |httpRequest|, to

services/network/public/mojom/cors.mojom

@@ -37,6 +37,9 @@ enum CORSError {
   // header.
   kInvalidAllowCredentials,
 
+  // The scheme is not for CORS.
+  kCORSDisabledScheme,
+
   // Preflight:
   // Failed to check HTTP response ok status in a CORS-preflight response.
   kPreflightInvalidStatus,

third_party/WebKit/LayoutTests/TestExpectations

@@ -1690,23 +1690,19 @@ crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-wo
 crbug.com/736308 virtual/outofblink-cors/external/wpt/service-workers/service-worker/navigation-timing.https.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/http/tests/fetch/chromium/error-messages.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/cross-origin-no-credential-prompt.html [ Failure ]
-crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/cross-origin-unsupported-url.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/origin-whitelisting-all.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/origin-whitelisting-exact-match.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/origin-whitelisting-removal.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/origin-whitelisting-subdomains.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html [ Failure ]
-crbug.com/736308 virtual/outofblink-cors/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/external/wpt/service-workers/service-worker/navigation-timing.https.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/http/tests/fetch/chromium/error-messages.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/cross-origin-no-credential-prompt.html [ Failure ]
-crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/cross-origin-unsupported-url.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-whitelisting-all.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-whitelisting-exact-match.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-whitelisting-removal.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-whitelisting-subdomains.html [ Failure ]
 crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html [ Failure ]
-crbug.com/736308 virtual/outofblink-cors-ns/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url.html [ Failure ]
 
 # ====== Out of Blink CORS related tests END ======
 

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/cross-origin-unsupported-url-expected.txt

-CONSOLE WARNING: line 14: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
-CONSOLE ERROR: line 20: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-Test cross-origin XHRs to CORS-unsupported protocol schemes in the URL.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS errorEvent.name is "NetworkError"
-PASS errorEvent.type is "error"
-PASS xhr.send() did not throw exception.
-PASS errorEvent.name is "NetworkError"
-PASS errorEvent.type is "error"
-PASS xhr.send() did not throw exception.
-PASS errorEvent.name is "NetworkError"
-PASS errorEvent.type is "error"
-PASS xhr.send() did not throw exception.
-PASS errorEvent.name is "NetworkError"
-PASS errorEvent.type is "error"
-PASS xhr.send() did not throw exception.
-PASS errorEvent.name is "NetworkError"
-PASS errorEvent.type is "error"
-PASS xhr.send() did not throw exception.
-PASS errorEvent.name is "NetworkError"
-PASS errorEvent.type is "error"
-PASS xhr.send() did not throw exception.
-PASS successfullyParsed is true
-
-TEST COMPLETE
+CONSOLE WARNING: line 8: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+This is a testharness.js-based test.
+PASS sync test for url=mailto:foo@bar.com, contentType=undefined
+PASS sync test for url=mailto:foo@bar.com, contentType=application/json
+PASS async test for url=mailto:foo@bar.com, contentType=undefined
+PASS async test for url=mailto:foo@bar.com, contentType=application/json
+PASS sync test for url=localhost:8080/, contentType=undefined
+PASS sync test for url=localhost:8080/, contentType=application/json
+PASS async test for url=localhost:8080/, contentType=undefined
+PASS async test for url=localhost:8080/, contentType=application/json
+PASS sync test for url=tel:1234, contentType=undefined
+PASS sync test for url=tel:1234, contentType=application/json
+PASS async test for url=tel:1234, contentType=undefined
+PASS async test for url=tel:1234, contentType=application/json
+Harness: the test ran to completion.
 

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/cross-origin-unsupported-url.html

 <!DOCTYPE HTML>
-<script src="/js-test-resources/js-test.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 <script src="resources/cross-origin-unsupported-url.js"></script>

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js

-if (self.importScripts)
-    importScripts("/js-test-resources/js-test.js");
-
-self.jsTestIsAsync = true;
-
-description("Test cross-origin XHRs to CORS-unsupported protocol schemes in the URL.");
+if (self.importScripts) {
+    importScripts('/resources/testharness.js');
+}
 
-var xhr;
-var errorEvent;
-function issueRequest(url, contentType)
-{
-    xhr = new XMLHttpRequest();
-    // async = false
+function testSync(url, contentType) {
+  test((t) => {
+    const xhr = new XMLHttpRequest();
     xhr.open('POST', url, false);
-    xhr.onerror = () => testFailed("onerror callback should not be called.");
-    // Assumed a Content-Type that turns it into a non-simple CORS request.
-    if (contentType)
-        xhr.setRequestHeader('Content-Type', contentType);
-    try {
-        xhr.send();
-    } catch(e) {
-        errorEvent = e;
-        shouldBeEqualToString("errorEvent.name", "NetworkError");
+    xhr.onerror = t.unreached_func('onerror');
+    if (contentType) {
+      xhr.setRequestHeader('Content-Type', contentType);
     }
+    assert_throws('NetworkError', () => xhr.send());
+  }, `sync test for url=${url}, contentType=${contentType}`);
+}
 
-    xhr = new XMLHttpRequest();
-    // async = true
-    xhr.open('POST', url, true);
-    xhr.onerror = function (a) {
-        errorEvent = a;
-        shouldBeEqualToString("errorEvent.type", "error");
-        setTimeout(runTest, 0);
-    };
-    // Assumed a Content-Type that turns it into a non-simple CORS request.
-    if (contentType)
+function testAsync(url, contentType) {
+  promise_test((t) => {
+    return new Promise(resolve => {
+      const xhr = new XMLHttpRequest();
+      xhr.open('POST', url, true);
+      xhr.onerror = t.step_func((e) => {
+        assert_equals(e.type, 'error');
+        resolve();
+      });
+      if (contentType) {
         xhr.setRequestHeader('Content-Type', contentType);
-
-    shouldNotThrow('xhr.send()');
+      }
+      xhr.send();
+    });
+  }, `async test for url=${url}, contentType=${contentType}`);
 }
 
-var withContentType = true;
-var tests = [ 'ftp://127.0.0.1',
-              'localhost:8080/',
-              'tel:1234' ];
+const urls = [
+  'mailto:foo@bar.com',
+  'localhost:8080/',
+  'tel:1234',
+];
 
-function runTest()
-{
-    if (!tests.length && withContentType) {
-        finishJSTest();
-        return;
-    }
-    withContentType = !withContentType;
-    if (!withContentType)
-        issueRequest(tests[0]);
-    else
-        issueRequest(tests.shift(), 'application/json');
+for (const url of urls) {
+  testSync(url);
+  testSync(url, 'application/json');
+  testAsync(url);
+  testAsync(url, 'application/json');
 }
-runTest();
+
+done();

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url-expected.txt

-CONSOLE ERROR: line 20: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load ftp://127.0.0.1/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 20: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-CONSOLE ERROR: line 1: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
-[Worker] Test cross-origin XHRs to CORS-unsupported protocol schemes in the URL.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-Starting worker: ../resources/cross-origin-unsupported-url.js
-PASS [Worker] errorEvent.name is "NetworkError"
-PASS [Worker] errorEvent.type is "error"
-PASS [Worker] xhr.send() did not throw exception.
-PASS [Worker] errorEvent.name is "NetworkError"
-PASS [Worker] errorEvent.type is "error"
-PASS [Worker] xhr.send() did not throw exception.
-PASS [Worker] errorEvent.name is "NetworkError"
-PASS [Worker] errorEvent.type is "error"
-PASS [Worker] xhr.send() did not throw exception.
-PASS [Worker] errorEvent.name is "NetworkError"
-PASS [Worker] errorEvent.type is "error"
-PASS [Worker] xhr.send() did not throw exception.
-PASS [Worker] errorEvent.name is "NetworkError"
-PASS [Worker] errorEvent.type is "error"
-PASS [Worker] xhr.send() did not throw exception.
-PASS [Worker] errorEvent.name is "NetworkError"
-PASS [Worker] errorEvent.type is "error"
-PASS [Worker] xhr.send() did not throw exception.
-PASS successfullyParsed is true
-
-TEST COMPLETE
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 29: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+This is a testharness.js-based test.
+PASS sync test for url=mailto:foo@bar.com, contentType=undefined
+PASS sync test for url=mailto:foo@bar.com, contentType=application/json
+PASS async test for url=mailto:foo@bar.com, contentType=undefined
+PASS async test for url=mailto:foo@bar.com, contentType=application/json
+PASS sync test for url=localhost:8080/, contentType=undefined
+PASS sync test for url=localhost:8080/, contentType=application/json
+PASS async test for url=localhost:8080/, contentType=undefined
+PASS async test for url=localhost:8080/, contentType=application/json
+PASS sync test for url=tel:1234, contentType=undefined
+PASS sync test for url=tel:1234, contentType=application/json
+PASS async test for url=tel:1234, contentType=undefined
+PASS async test for url=tel:1234, contentType=application/json
+Harness: the test ran to completion.
 

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url.html

 <!DOCTYPE html>
 <html>
 <head>
-<script src="/js-test-resources/js-test.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
-startWorker("../resources/cross-origin-unsupported-url.js");
+const worker = new Worker('../resources/cross-origin-unsupported-url.js');
+fetch_tests_from_worker(worker);
 </script>
 </body>
 </html>

third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/cross-origin-unsupported-url-expected.txt

+CONSOLE WARNING: line 8: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+This is a testharness.js-based test.
+PASS sync test for url=mailto:foo@bar.com, contentType=undefined
+PASS sync test for url=mailto:foo@bar.com, contentType=application/json
+PASS async test for url=mailto:foo@bar.com, contentType=undefined
+PASS async test for url=mailto:foo@bar.com, contentType=application/json
+PASS sync test for url=localhost:8080/, contentType=undefined
+PASS sync test for url=localhost:8080/, contentType=application/json
+PASS async test for url=localhost:8080/, contentType=undefined
+PASS async test for url=localhost:8080/, contentType=application/json
+PASS sync test for url=tel:1234, contentType=undefined
+PASS sync test for url=tel:1234, contentType=application/json
+PASS async test for url=tel:1234, contentType=undefined
+PASS async test for url=tel:1234, contentType=application/json
+Harness: the test ran to completion.
+

third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url-expected.txt

+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+This is a testharness.js-based test.
+PASS sync test for url=mailto:foo@bar.com, contentType=undefined
+PASS sync test for url=mailto:foo@bar.com, contentType=application/json
+PASS async test for url=mailto:foo@bar.com, contentType=undefined
+PASS async test for url=mailto:foo@bar.com, contentType=application/json
+PASS sync test for url=localhost:8080/, contentType=undefined
+PASS sync test for url=localhost:8080/, contentType=application/json
+PASS async test for url=localhost:8080/, contentType=undefined
+PASS async test for url=localhost:8080/, contentType=application/json
+PASS sync test for url=tel:1234, contentType=undefined
+PASS sync test for url=tel:1234, contentType=application/json
+PASS async test for url=tel:1234, contentType=undefined
+PASS async test for url=tel:1234, contentType=application/json
+Harness: the test ran to completion.
+

third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/cross-origin-unsupported-url-expected.txt

+CONSOLE WARNING: line 8: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+This is a testharness.js-based test.
+PASS sync test for url=mailto:foo@bar.com, contentType=undefined
+PASS sync test for url=mailto:foo@bar.com, contentType=application/json
+PASS async test for url=mailto:foo@bar.com, contentType=undefined
+PASS async test for url=mailto:foo@bar.com, contentType=application/json
+PASS sync test for url=localhost:8080/, contentType=undefined
+PASS sync test for url=localhost:8080/, contentType=application/json
+PASS async test for url=localhost:8080/, contentType=undefined
+PASS async test for url=localhost:8080/, contentType=application/json
+PASS sync test for url=tel:1234, contentType=undefined
+PASS sync test for url=tel:1234, contentType=application/json
+PASS async test for url=tel:1234, contentType=undefined
+PASS async test for url=tel:1234, contentType=application/json
+Harness: the test ran to completion.
+

third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url-expected.txt

+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: line 13: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load mailto:foo@bar.com: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load localhost:8080/: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+CONSOLE ERROR: Failed to load tel:1234: Cross origin requests are only supported for protocol schemes: http, data, chrome, https.
+This is a testharness.js-based test.
+PASS sync test for url=mailto:foo@bar.com, contentType=undefined
+PASS sync test for url=mailto:foo@bar.com, contentType=application/json
+PASS async test for url=mailto:foo@bar.com, contentType=undefined
+PASS async test for url=mailto:foo@bar.com, contentType=application/json
+PASS sync test for url=localhost:8080/, contentType=undefined
+PASS sync test for url=localhost:8080/, contentType=application/json
+PASS async test for url=localhost:8080/, contentType=undefined
+PASS async test for url=localhost:8080/, contentType=application/json
+PASS sync test for url=tel:1234, contentType=undefined
+PASS sync test for url=tel:1234, contentType=application/json
+PASS async test for url=tel:1234, contentType=undefined
+PASS async test for url=tel:1234, contentType=application/json
+Harness: the test ran to completion.
+

third_party/blink/renderer/platform/loader/cors/cors_error_string.cc

@@ -4,6 +4,7 @@
 
 #include "third_party/blink/renderer/platform/loader/cors/cors_error_string.h"
 
+#include "third_party/blink/renderer/platform/weborigin/scheme_registry.h"
 #include "third_party/blink/renderer/platform/weborigin/security_origin.h"
 #include "third_party/blink/renderer/platform/wtf/std_lib_extras.h"
 
@@ -82,6 +83,7 @@ ErrorParameter ErrorParameter::CreateForAccessCheck(
     case network::mojom::CORSError::kInvalidAllowOriginValue:
     case network::mojom::CORSError::kAllowOriginMismatch:
     case network::mojom::CORSError::kInvalidAllowCredentials:
+    case network::mojom::CORSError::kCORSDisabledScheme:
     case network::mojom::CORSError::kPreflightWildcardOriginNotAllowed:
     case network::mojom::CORSError::kPreflightMissingAllowOriginHeader:
     case network::mojom::CORSError::kPreflightMultipleAllowOriginValues:
@@ -312,6 +314,10 @@ String GetErrorString(const ErrorParameter& param) {
                  "XMLHttpRequest is controlled by the withCredentials "
                  "attribute."
                : ""));
+    case CORSError::kCORSDisabledScheme:
+      return String::Format(
+          "Cross origin requests are only supported for protocol schemes: %s.",
+          SchemeRegistry::ListOfCORSEnabledURLSchemes().Ascii().data());
     case CORSError::kPreflightInvalidStatus:
       return String("Response for preflight does not have HTTP ok status.");
     case CORSError::kPreflightDisallowedRedirect:

third_party/blink/renderer/platform/loader/fetch/resource_error.cc

@@ -92,6 +92,10 @@ ResourceError::ResourceError(
   InitializeDescription();
 }
 
+ResourceError::ResourceError(const KURL& url,
+                             const network::CORSErrorStatus& cors_error_status)
+    : ResourceError(net::ERR_FAILED, url, cors_error_status) {}
+
 ResourceError::ResourceError(const WebURLError& error)
     : error_code_(error.reason()),
       extended_error_code_(error.extended_reason()),

third_party/blink/renderer/platform/loader/fetch/resource_error.h

@@ -64,6 +64,8 @@ class PLATFORM_EXPORT ResourceError final {
   ResourceError(int error_code,
                 const KURL& failing_url,
                 base::Optional<network::CORSErrorStatus>);
+  ResourceError(const KURL& failing_url,
+                const network::CORSErrorStatus& status);
   ResourceError(const WebURLError&);
 
   // Makes a deep copy. Useful for when you need to use a ResourceError on