Skip to content

Commit 8eacbf5

Browse files
committed
Test the Origin header
1 parent ba4daff commit 8eacbf5

File tree

3 files changed

+84
-0
lines changed

3 files changed

+84
-0
lines changed
Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
<!DOCTYPE html>
2+
<meta charset="utf-8">
3+
<title>Multi-globals: which one is the initiator?</title>
4+
<script src="/resources/testharness.js"></script>
5+
<script src="/resources/testharnessreport.js"></script>
6+
7+
<body>
8+
<script>
9+
"use strict";
10+
document.domain = "{{hosts[][]}}";
11+
12+
promise_test(async t => {
13+
const iframe = await insertIframe(t);
14+
15+
// https://github.com/whatwg/html/issues/6514
16+
// What gets set as the request's origin? The "incumbent" (this page)
17+
// or the page containing the <form> (on the www subdomain)?
18+
//
19+
// The spec currently fails to pass a source browsing context for form navigation
20+
// (https://html.spec.whatwg.org/#plan-to-navigate step 4.2), and the navigate + Fetch spec ultimately
21+
// derive the request's origin from the source browsing context. So who knows.
22+
23+
iframe.contentDocument.querySelector("form").submit();
24+
25+
const data = await waitForMessage();
26+
assert_equals(data, "https://{{hosts[][]}}:{{ports[https][0]}}");
27+
}, "Using location.href");
28+
29+
function insertIframe(t) {
30+
return new Promise((resolve, reject) => {
31+
const iframe = document.createElement("iframe");
32+
iframe.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/origin/resources/multi-globals-subframe-1.sub.html";
33+
iframe.onload = () => resolve(iframe);
34+
iframe.onerror = () => reject(new Error("Failed to load iframe"));
35+
36+
t.add_cleanup(() => iframe.remove());
37+
38+
document.body.append(iframe);
39+
});
40+
}
41+
42+
function waitForMessage() {
43+
return new Promise(resolve => {
44+
window.addEventListener("message", e => {
45+
resolve(e.data);
46+
}, { once: true });
47+
});
48+
}
49+
</script>
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
import json
2+
3+
from wptserve.utils import isomorphic_decode
4+
5+
def main(request, response):
6+
headers = [
7+
(b"Content-Type", b"text/html"),
8+
(b"Cache-Control", b"no-cache, no-store, must-revalidate")
9+
]
10+
origin = request.headers.get(b"Origin", b"")
11+
12+
body = u"""
13+
<!DOCTYPE html>
14+
<meta charset="utf-8">
15+
<title>Destination</title>
16+
<h1>Destination</h1>
17+
<script>
18+
"use strict";
19+
window.top.postMessage("%s", "*");
20+
</script>
21+
""" % isomorphic_decode(origin)
22+
23+
return headers, body
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<!DOCTYPE html>
2+
<meta charset="utf-8">
3+
<title>Multi-globals test outer subframe</title>
4+
5+
<script>
6+
"use strict";
7+
document.domain = "{{hosts[][]}}";
8+
</script>
9+
10+
<form target="frame" method="POST" action="multi-globals-post-origin-header.py"></form>
11+
12+
<iframe name="frame"></iframe>

0 commit comments

Comments
 (0)