chromium/third_party/blink/web_tests/external/wpt/html/semantics/scripting-1/the-script-element/script-crossorigin-network.sub.html

<!doctype html>
<meta charset="utf-8">
<title>HTMLScriptElement: crossorigin attribute network test</title>
<link rel="author" title="KiChjang" href="mailto:[email protected]">
<link rel="help" href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>

<body>
  <script type="text/javascript">
  var test1 = async_test("same-origin use-credentials");
  var test2 = async_test("same-origin invalid");
  var test3 = async_test("same-origin missing");
  var test4 = async_test("cross-origin use-credentials");
  var test5 = async_test("cross-origin invalid");
  var test6 = async_test("cross-origin missing");
  var test7 = async_test("cross-origin use-credentials mixed case");
  var test8 = async_test("cross-origin use-credentials non-ASCII");

  var same = "resources/cross-origin.py";
  var cross = new URL(same, location);
  cross.port = {{ports[http][1]}};

  var script1 = document.createElement("script");
  script1.src = same;
  script1.crossOrigin = "use-credentials";

  var script2 = document.createElement("script");
  script2.src = same;
  script2.crossOrigin = "gibberish";

  var script3 = document.createElement("script");
  script3.src = same;

  var script4 = document.createElement("script");
  script4.src = cross;
  script4.crossOrigin = "use-credentials";

  var script5 = document.createElement("script");
  script5.src = cross;
  script5.crossOrigin = "gibberish";

  var script6 = document.createElement("script");
  script6.src = cross;

  var script7 = document.createElement("script");
  script7.src = cross;
  script7.crossOrigin = "UsE-cReDenTiAlS";

  var script8 = document.createElement("script");
  script8.src = cross;
  script8.crossOrigin = "uſe-credentialſ";

  document.cookie = "milk=yes";

  document.body.appendChild(script1);
  script1.onload = function() {
    test1.step(function() {
      assert_true(included, "credentials included (credentialsMode include)");
      test1.done();
    });
  };

  document.body.appendChild(script2);
  script2.onload = function() {
    test2.step(function() {
      assert_true(included, "credentials included (credentialsMode same-origin)");
      test2.done();
    });
  };

  document.body.appendChild(script3);
  script3.onload = function() {
    test3.step(function() {
      assert_true(included, "credentials included (credentialsMode include)");
      test3.done();
    });
  };

  document.body.appendChild(script4);
  script4.onload = function() {
    test4.step(function() {
      assert_true(included, "credentials included (credentialsMode include)");
      test4.done();
    });
  };

  document.body.appendChild(script5);
  script5.onload = function() {
    test5.step(function() {
      assert_false(included, "credentials excluded (credentialsMode same-origin)");
      test5.done();
    });
  };

  document.body.appendChild(script6);
  script6.onload = function() {
    test6.step(function() {
      assert_true(included, "credentials included (credentialsMode include)");
      test6.done();
    });
  };

  document.body.appendChild(script7);
  script7.onload = function() {
    test7.step(function() {
      assert_true(included, "credentials included (credentialsMode include)");
      test7.done();
    });
  };

  document.body.appendChild(script8);
  script8.onload = function() {
    test8.step(function() {
      assert_false(included, "credentials excluded (credentialsMode same-origin)");
      test8.done();
    });
  };
  </script>
</body>