third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html

   1 <script src="../../resources/get-host-info.js"></script>
   2 <script src="test-helpers.js?pipe=sub"></script>
   3 <script>
   4 var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE';
   5 var host_info = get_host_info();
   6
   7 var NOT_TAINTED = 'NOT_TAINTED';
   8 var TAINTED = 'TAINTED';
   9 var LOAD_ERROR = 'LOAD_ERROR';
  10
  11 function create_test_case_promise(url, cross_origin) {
  12   return new Promise(function(resolve) {
  13       var img = new Image();
  14       if (cross_origin != '') {
  15         img.crossOrigin = cross_origin;
  16       }
  17       img.onload = function() {
  18         try {
  19           var canvas = document.createElement('canvas');
  20           canvas.width = 100;
  21           canvas.height = 100;
  22           var context = canvas.getContext('2d');
  23           context.drawImage(img, 0, 0);
  24           context.getImageData(0, 0, 100, 100);
  25           resolve(NOT_TAINTED);
  26         } catch (e) {
  27           resolve(TAINTED);
  28         }
  29       };
  30       img.onerror = function() {
  31         resolve(LOAD_ERROR);
  32       }
  33       img.src = url;
  34     });
  35 }
  36
  37 function create_test_promise(url, cross_origin, expected_result) {
  38   return new Promise(function(resolve, reject) {
  39       create_test_case_promise(url, cross_origin)
  40         .then(function(result) {
  41           if (result == expected_result) {
  42             resolve();
  43           } else {
  44             reject('Result of url:' + url + ' ' +
  45                    ' cross_origin: ' + cross_origin + ' must be ' +
  46                    expected_result + ' but ' + result);
  47           }
  48         })
  49     });
  50 }
  51
  52 window.addEventListener('message', function(evt) {
  53     var port = evt.ports[0];
  54     var image_url = host_info['HTTP_ORIGIN'] + image_path;
  55     var remote_image_url = host_info['HTTP_REMOTE_ORIGIN'] + image_path;
  56     Promise.all([
  57         // Reject tests
  58         create_test_promise(image_url + '&reject', '', LOAD_ERROR),
  59         create_test_promise(image_url + '&reject', 'anonymous', LOAD_ERROR),
  60         create_test_promise(
  61             image_url + '&reject', 'use-credentials', LOAD_ERROR),
  62         // Fallback tests
  63         create_test_promise(
  64             image_url + '&ignore',
  65             '',
  66             NOT_TAINTED),
  67         create_test_promise(
  68             remote_image_url + '&ignore',
  69             '',
  70             TAINTED),
  71         create_test_promise(
  72             remote_image_url + '&ignore',
  73             'anonymous',
  74             LOAD_ERROR),
  75         create_test_promise(
  76             remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
  77             '&ignore',
  78             'anonymous',
  79             NOT_TAINTED),
  80         create_test_promise(
  81             remote_image_url + '&ignore',
  82             'use-credentials',
  83             LOAD_ERROR),
  84         create_test_promise(
  85             remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
  86             '&ignore',
  87             'use-credentials',
  88             LOAD_ERROR),
  89         create_test_promise(
  90             remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
  91             '&ACACredentials=true&ignore',
  92             'use-credentials',
  93             NOT_TAINTED),
  94
  95         // Credential test (fallback)
  96         create_test_promise(
  97             image_url + '&Auth&ignore',
  98             '',
  99             NOT_TAINTED),
 100         create_test_promise(
 101             remote_image_url + '&Auth&ignore',
 102             '',
 103             TAINTED),
 104         create_test_promise(
 105             remote_image_url + '&Auth&ignore',
 106             'anonymous',
 107             LOAD_ERROR),
 108         create_test_promise(
 109             remote_image_url + '&Auth&ignore',
 110             'use-credentials',
 111             LOAD_ERROR),
 112         create_test_promise(
 113             remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
 114             '&ignore',
 115             'use-credentials',
 116             LOAD_ERROR),
 117         create_test_promise(
 118             remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
 119             '&ACACredentials=true&ignore',
 120             'use-credentials',
 121             NOT_TAINTED),
 122
 123         // Basic response
 124         create_test_promise(
 125             image_url +
 126             '&mode=same-origin&url=' + encodeURIComponent(image_url),
 127             '',
 128             NOT_TAINTED),
 129         create_test_promise(
 130             image_url +
 131             '&mode=same-origin&url=' + encodeURIComponent(image_url),
 132             'anonymous',
 133             NOT_TAINTED),
 134         create_test_promise(
 135             image_url +
 136             '&mode=same-origin&url=' + encodeURIComponent(image_url),
 137             'use-credentials',
 138             NOT_TAINTED),
 139         create_test_promise(
 140             remote_image_url +
 141             '&mode=same-origin&url=' + encodeURIComponent(image_url),
 142             '',
 143             NOT_TAINTED),
 144         create_test_promise(
 145             remote_image_url +
 146             '&mode=same-origin&url=' + encodeURIComponent(image_url),
 147             'anonymous',
 148             NOT_TAINTED),
 149         create_test_promise(
 150             remote_image_url +
 151             '&mode=same-origin&url=' + encodeURIComponent(image_url),
 152             'use-credentials',
 153             NOT_TAINTED),
 154
 155         // Opaque response
 156         create_test_promise(
 157             image_url +
 158             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
 159             '',
 160             TAINTED),
 161         create_test_promise(
 162             image_url +
 163             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
 164             'anonymous',
 165             LOAD_ERROR),
 166         create_test_promise(
 167             image_url +
 168             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
 169             'use-credentials',
 170             LOAD_ERROR),
 171         create_test_promise(
 172             remote_image_url +
 173             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
 174             '',
 175             TAINTED),
 176         create_test_promise(
 177             remote_image_url +
 178             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
 179             'anonymous',
 180             LOAD_ERROR),
 181         create_test_promise(
 182             remote_image_url +
 183             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
 184             'use-credentials',
 185             LOAD_ERROR),
 186
 187         // CORS response
 188         create_test_promise(
 189             image_url +
 190             '&mode=cors&url=' +
 191             encodeURIComponent(remote_image_url +
 192                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 193             '',
 194             NOT_TAINTED),
 195         create_test_promise(
 196             image_url +
 197             '&mode=cors&url=' +
 198             encodeURIComponent(remote_image_url +
 199                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 200             'anonymous',
 201             NOT_TAINTED),
 202         create_test_promise(
 203             image_url +
 204             '&mode=cors&url=' +
 205             encodeURIComponent(remote_image_url +
 206                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 207             'use-credentials',
 208             NOT_TAINTED),
 209         create_test_promise(
 210             image_url +
 211             '&mode=cors&url=' +
 212             encodeURIComponent(
 213                 remote_image_url +
 214                 '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 215             'use-credentials',
 216             NOT_TAINTED),
 217         create_test_promise(
 218             remote_image_url +
 219             '&mode=cors&url=' +
 220             encodeURIComponent(remote_image_url +
 221                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 222             '',
 223             NOT_TAINTED),
 224         create_test_promise(
 225             remote_image_url +
 226             '&mode=cors&url=' +
 227             encodeURIComponent(remote_image_url +
 228                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 229             'anonymous',
 230             NOT_TAINTED),
 231         create_test_promise(
 232             remote_image_url +
 233             '&mode=cors&url=' +
 234             encodeURIComponent(remote_image_url +
 235                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 236             'use-credentials',
 237             NOT_TAINTED),
 238         create_test_promise(
 239             remote_image_url +
 240             '&mode=cors&url=' +
 241             encodeURIComponent(
 242                 remote_image_url +
 243                 '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']),
 244             'use-credentials',
 245             NOT_TAINTED)
 246       ])
 247       .then(function() {
 248           port.postMessage({results: 'finish'});
 249         })
 250       .catch(function(e) {
 251           port.postMessage({results: 'failure:' + e});
 252         });
 253   }, false);
 254 </script>