Porting access-control-preflight-sync-not-supported to WPT

Bug: 745385 Change-Id: Ic2f7c192a9899e21816de675fa19ac33fa5eb5e5 Reviewed-on: https://chromium-review.googlesource.com/642639Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org> Commit-Queue: Austin James Ahlstrom <aahlstrom@google.com> Cr-Commit-Position: refs/heads/master@{#501576}

Porting access-control-preflight-sync-not-supported to WPT
Bug: 745385 Change-Id: Ic2f7c192a9899e21816de675fa19ac33fa5eb5e5 Reviewed-on: https://chromium-review.googlesource.com/642639Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org> Commit-Queue: Austin James Ahlstrom <aahlstrom@google.com> Cr-Commit-Position: refs/heads/master@{#501576}
db53015a · Austin James Ahlstrom · Commit Bot · f373188e · db53015a · f373188e
Commit db53015a authored Sep 13, 2017 by Austin James Ahlstrom Committed by Commit Bot Sep 13, 2017
4 changed files
--- a/third_party/WebKit/LayoutTests/external/wpt/XMLHttpRequest/access-control-preflight-sync-not-supported.htm
+++ b/third_party/WebKit/LayoutTests/external/wpt/XMLHttpRequest/access-control-preflight-sync-not-supported.htm
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Sync PUT request denied at preflight</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/common/utils.js"></script>
+  </head>
+  <body>
+    <script type="text/javascript">
+const uuid = token();
+const url = get_host_info().HTTP_REMOTE_ORIGIN +
+      "/XMLHttpRequest/resources/access-control-preflight-denied.py?token=" + uuid;
+test(() => {
+  let xhr = new XMLHttpRequest;
+  xhr.open("GET", url + "&command=reset", false);
+  xhr.send();
+  xhr = new XMLHttpRequest;
+  xhr.open("PUT", url, false);
+  try {
+    xhr.send("");
+  } catch(e) {
+    xhr = new XMLHttpRequest;
+    xhr.open("GET", url + "&command=complete", false);
+    xhr.send();
+    assert_equals(xhr.responseText, "Request successfully blocked.");
+    return;
+  }
+  assert_unreached("Cross-domain access allowed without throwing exception");
+});
+    </script>
+  </body>
+</html>
--- a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-not-supported-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-not-supported-expected.txt
-CONSOLE WARNING: line 17: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
-CONSOLE ERROR: line 34: Failed to load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-PASS: Request successfully blocked.
--- a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-not-supported.html
+++ b/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-not-supported.html
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-if (window.testRunner)
-    testRunner.dumpAsText();
-(function() {
-    var xhr = new XMLHttpRequest();
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Unable to reset server state: [" + e.message + "].");
-        return;
-    }
-    xhr = new XMLHttpRequest();
-    try {
-        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
-        return;
-    }
-    try {
-        xhr.send(null);
-        log("FAIL: Cross-domain access allowed in first send without throwing an exception");
-        return;
-    } catch(e) {
-        // Eat the exception.
-    }
-    xhr = new XMLHttpRequest();
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
-        return;
-    }
-    try {
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
-        return;
-    }
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php
+++ b/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php
-<?php
-require_once '../../resources/portabilityLayer.php';
-$tmpFile = sys_get_temp_dir() . "/xsrf.txt";
-function fail($state)
-{
-    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-    header("Access-Control-Allow-Credentials: true");
-    header("Access-Control-Allow-Methods: GET");
-    header("Access-Control-Max-Age: 1");
-    echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n";
-    exit();
-}
-function setState($newState, $file)
-{
-    file_put_contents($file, $newState);
-}
-function getState($file)
-{
-    $state = NULL;
-    if (file_exists($file))
-        $state = file_get_contents($file);
-    return $state ? $state : "Uninitialized";
-}
-$state = getState($tmpFile);
-if ($_SERVER['REQUEST_METHOD'] == "GET" 
-    && $_GET['state'] == "reset") {
-    if (file_exists($tmpFile)) unlink($tmpFile);
-    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-    header("Access-Control-Max-Age: 1");
-    echo "Server state reset.\n";
-} else if ($state == "Uninitialized") {
-    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        if ($_GET['state'] == "method" || $_GET['state'] == "header") {
-            header("Access-Control-Allow-Methods: GET");
-            header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-            header("Access-Control-Max-Age: 1");
-        }
-        echo("FAIL: This request should not be displayed.\n");
-        setState("Denied", $tmpFile);
-    } else {
-        fail($state);
-    }
-} else if ($state == "Denied") {
-    if ($_SERVER['REQUEST_METHOD'] == "GET" 
-        && $_GET['state'] == "complete") {
-        unlink($tmpFile);
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Max-Age: 1");
-        echo "PASS: Request successfully blocked.\n";
-    } else {
-        setState("Deny Ignored", $tmpFile);
-        fail($state);
-    }
-} else if ($state == "Deny Ignored") {
-    unlink($tmpFile);
-    fail($state);
-} else {
-    if (file_exists($tmpFile)) unlink($tmpFile);
-    fail("Unknown");
-}
-?>