Allow accessing data URL resource using CORS. This is required

to allow XMLHttpRequest to access data URL based on CORS so that
the resource is still handled as cross-origin.

See also Chromium side change
https://codereview.chromium.org/54233002/ which adds a CORS header
to responses to data URL loading request.

Also add layout tests to check that XMLHttpRequest can load data URLs

BUG=308768

Review URL: https://codereview.chromium.org/54173002

git-svn-id: svn://svn.chromium.org/blink/trunk@175037 bbb929c8-8fbe-4397-9dbb-9b2b20218538

third_party/WebKit/LayoutTests/TestExpectations

@@ -1266,3 +1266,10 @@ crbug.com/239722 http/tests/websocket/connection-throttling.html [ Failure ]
 
 crbug.com/376194 inspector/console/console-format-es6.html [ Skip ]
 crbug.com/376194 inspector/console/console-format-es6-symbols-error.html [ Skip ]
+
+# Temporarily skipped until Chromium side change lands.
+crbug.com/308768 http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html [ Skip ]
+crbug.com/308768 http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html [ Skip ]
+crbug.com/308768 http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html [ Skip ]
+crbug.com/308768 http/tests/xmlhttprequest/xmlhttprequest-data-url.html [ Skip ]
+crbug.com/308768 inspector/network/network-status-non-http.html [ Skip ]

third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt

@@ -3,7 +3,7 @@ http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - didFinishLoading
 CONSOLE ERROR: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html' in a frame because it set 'X-Frame-Options' to 'deny'.
 data:, - willSendRequest <NSURLRequest URL data:,, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag.html, http method GET> redirectResponse (null)
-data:, - didReceiveResponse <NSURLResponse data:,, http status code 0>
+data:, - didReceiveResponse <NSURLResponse data:,, http status code 200>
 data:, - didFinishLoading
 CONSOLE MESSAGE: line 14: PASS: Access to contentWindow.location.href threw an exception.
 There should be no content in the iframe below

third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt

@@ -3,7 +3,7 @@ http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - didFinishLoading
 CONSOLE ERROR: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html' in a frame because it set 'X-Frame-Options' to 'deny'.
 data:, - willSendRequest <NSURLRequest URL data:,, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html, http method GET> redirectResponse (null)
-data:, - didReceiveResponse <NSURLResponse data:,, http status code 0>
+data:, - didReceiveResponse <NSURLResponse data:,, http status code 200>
 data:, - didFinishLoading
 CONSOLE MESSAGE: line 14: PASS: Access to contentWindow.location.href threw an exception.
 There should be no content in the iframe below

third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt

@@ -3,7 +3,7 @@ http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - didFinishLoading
 CONSOLE ERROR: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
 data:, - willSendRequest <NSURLRequest URL data:,, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html, http method GET> redirectResponse (null)
-data:, - didReceiveResponse <NSURLResponse data:,, http status code 0>
+data:, - didReceiveResponse <NSURLResponse data:,, http status code 200>
 data:, - didFinishLoading
 CONSOLE MESSAGE: line 14: PASS: Access to contentWindow.location.href threw an exception.
 There should be no content in the iframe below

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-data-url-expected.txt

+
+PASS Test parsing a data URL. US-ASCII into DOMString 
+PASS Test parsing a data URL. Binary into ArrayBuffer 
+PASS Test parsing a data URL. UTF-8 data into DOMString. 
+PASS Test parsing a data URL. UTF-8 data into Blob. 
+PASS Test parsing a data URL. Invalid Base64 data. 
+

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-data-url.html

+<html>
+<body>
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
+<script>
+// This test must be run over HTTP. Otherwise, content_shell runs it with file:
+// scheme and then the access to data: resources are handled as same origin
+// access.
+
+var test = async_test("Test parsing a data URL. US-ASCII into DOMString");
+test.step(function() {
+    var xhr = new XMLHttpRequest;
+    xhr.responseType = 'text';
+    xhr.open('GET', 'data:text/html,Foobar', true);
+    xhr.onreadystatechange = test.step_func(function() {
+        if (xhr.readyState != xhr.DONE)
+            return;
+
+        assert_equals(xhr.status, 200, 'status');
+        assert_equals(xhr.statusText, 'OK', 'statusText');
+        assert_equals(xhr.getAllResponseHeaders(), 'Content-Type: text/html;charset=US-ASCII\r\n', 'getAllResponseheaders()');
+        assert_equals(xhr.response, 'Foobar', 'response');
+
+        test.done();
+    });
+    xhr.send();
+});
+
+var testArrayBuffer = async_test("Test parsing a data URL. Binary into ArrayBuffer");
+testArrayBuffer.step(function() {
+    var xhr = new XMLHttpRequest;
+    xhr.responseType = 'arraybuffer';
+    xhr.open('GET', 'data:text/html;base64,AAEC/w%3D%3D', true);
+    xhr.onreadystatechange = testArrayBuffer.step_func(function() {
+        if (xhr.readyState != xhr.DONE)
+            return;
+
+        assert_equals(xhr.status, 200, 'status');
+        assert_equals(xhr.response.byteLength, 4, 'byteLength');
+        var view = new Uint8Array(xhr.response);
+        assert_equals(view[0], 0x00, 'view[0]')
+        assert_equals(view[1], 0x01, 'view[1]')
+        assert_equals(view[2], 0x02, 'view[2]')
+        assert_equals(view[3], 0xff, 'view[3]')
+
+        testArrayBuffer.done();
+    });
+    xhr.send();
+});
+
+var testUtf8 = async_test("Test parsing a data URL. UTF-8 data into DOMString.");
+testUtf8.step(function() {
+    var xhr = new XMLHttpRequest;
+    xhr.responseType = 'text';
+    xhr.open('GET', 'data:text/html;charset=utf-8;base64,5paH5a2X', true);
+    xhr.onreadystatechange = testUtf8.step_func(function() {
+        if (xhr.readyState != xhr.DONE)
+            return;
+
+        assert_equals(xhr.status, 200, 'status');
+        assert_equals(xhr.getAllResponseHeaders(), 'Content-Type: text/html;charset=utf-8\r\n', 'getAllResponseheaders()');
+        assert_equals(xhr.response, '\u6587\u5b57', 'response');
+
+        testUtf8.done();
+    });
+    xhr.send();
+});
+
+var testUtf8Blob = async_test("Test parsing a data URL. UTF-8 data into Blob.");
+testUtf8Blob.step(function() {
+    var xhr = new XMLHttpRequest;
+    xhr.responseType = 'blob';
+    xhr.open('GET', 'data:text/html;charset=utf-8;base64,5paH5a2X', true);
+    xhr.onreadystatechange = testUtf8Blob.step_func(function() {
+        if (xhr.readyState != xhr.DONE)
+            return;
+
+        assert_equals(xhr.status, 200, 'status');
+        assert_not_equals(xhr.response, null, 'response');
+        assert_equals(xhr.response.type, 'text/html', 'response.type');
+        var reader = new FileReader();
+        reader.onabort = testUtf8Blob.step_func(function() { assert_unreached('onabort'); });
+        reader.onerror = testUtf8Blob.step_func(function() { assert_unreached('onerror'); });
+        reader.onload = testUtf8Blob.step_func(function() {
+            assert_equals(reader.result, '\u6587\u5b57', 'result');
+            testUtf8Blob.done();
+        });
+        reader.readAsText(xhr.response);
+    });
+    xhr.send();
+});
+
+var testBad = async_test("Test parsing a data URL. Invalid Base64 data.");
+testBad.step(function() {
+    var xhr = new XMLHttpRequest;
+    xhr.responseType = 'text';
+    xhr.open('GET', 'data:text/html;base64,***', true);
+    xhr.onreadystatechange = testBad.step_func(function() {
+        if (xhr.readyState != xhr.DONE)
+            return;
+
+        assert_not_equals(xhr.status, 200, 'status');
+
+        testBad.done();
+    });
+    xhr.send();
+});
+
+</script>
+</body>
+</html>

third_party/WebKit/LayoutTests/inspector/network/network-status-non-http-expected.txt

 {
-    0 : "data:application/javascript: (data)"
+    0 : "data:application/javascript: 200OK"
     1 : "network-test.js: Finished"
     2 : "non-existent-file.js: (failed)"
 }

third_party/WebKit/Source/platform/weborigin/SchemeRegistry.cpp

@@ -135,6 +135,7 @@ static URLSchemesMap& CORSEnabledSchemes()
     if (CORSEnabledSchemes.isEmpty()) {
         CORSEnabledSchemes.add("http");
         CORSEnabledSchemes.add("https");
+        CORSEnabledSchemes.add("data");
     }
 
     return CORSEnabledSchemes;