| commit | bd76acd420a2ca0c1850f3ad7b72d010b7be8cc5 | |
| author | Maciek Trzos <mtrzos@google.com> | |
| Tue, 4 Sep 2018 18:32:34 +0000 (4 18:32 +0000) | ||
| committer | moz-wptsync-bot <wptsync@mozilla.com> | |
| Wed, 5 Sep 2018 13:09:05 +0000 (5 13:09 +0000) | ||
| tree | c5f84990fe61e4b0a3f4f6bc538474c3752bb032 | treesnapshot (tar.gz zip) |
| parent | b51b35a327281bf60979f7e242ddf01b1a2e7f00 | commitdiff |
Bug 1487339 [wpt PR 12754] - Refactored usage of XHR, added error handling., a=testonly
Automatic update from web-platform-testsRefactored usage of XHR, added error handling.
- Added error handling as suggested in https://github.com/web-platform-tests/wpt/pull/12162
- changed XHR calls to FetchAPI
- changed async tests to Promise tests
- corrected the existing redirect tests and reported bug: crbug/872285
- removed Same-Site and Cross-Origin XSLT tests as they seemed to fail because loading
cross origin xslt is not supported "Unsafe attempt to load URL from frame"
(No idea why they passed before)
- added two test cases for multiple redirects. The idea is that the Sec-Metadata header
should be "downgraded" to less secure and should carry the value to the end.
If a cross-origin domain controls a redirect at any point of the redirect chain,
then the final requests are potentially influenced by the attacker.
- (Same-Origin -> Cross-Site -> Same-Origin -> Same-Origin) -> site=cross-site
- (Same-Origin -> Same-Site -> Same-Origin -> Same-Origin) -> site=same-site
Change-Id: I591af1948cc1f16e3b5c44f51020149e43fc2746
Reviewed-on: https://chromium-review.googlesource.com/1193953
Commit-Queue: Maciek Trzos <mtrzos@google.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#587556}
--
wpt-commits: 241cb914b6eae52ce48ad26df7d5b8c2e7088613
wpt-pr: 12754
Automatic update from web-platform-testsRefactored usage of XHR, added error handling.
- Added error handling as suggested in https://github.com/web-platform-tests/wpt/pull/12162
- changed XHR calls to FetchAPI
- changed async tests to Promise tests
- corrected the existing redirect tests and reported bug: crbug/872285
- removed Same-Site and Cross-Origin XSLT tests as they seemed to fail because loading
cross origin xslt is not supported "Unsafe attempt to load URL from frame"
(No idea why they passed before)
- added two test cases for multiple redirects. The idea is that the Sec-Metadata header
should be "downgraded" to less secure and should carry the value to the end.
If a cross-origin domain controls a redirect at any point of the redirect chain,
then the final requests are potentially influenced by the attacker.
- (Same-Origin -> Cross-Site -> Same-Origin -> Same-Origin) -> site=cross-site
- (Same-Origin -> Same-Site -> Same-Origin -> Same-Origin) -> site=same-site
Change-Id: I591af1948cc1f16e3b5c44f51020149e43fc2746
Reviewed-on: https://chromium-review.googlesource.com/1193953
Commit-Queue: Maciek Trzos <mtrzos@google.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#587556}
--
wpt-commits: 241cb914b6eae52ce48ad26df7d5b8c2e7088613
wpt-pr: 12754
22 files changed: