| <!DOCTYPE html> |
| <meta charset=utf-8> |
| <title>CSS Style Sheet Origin Clean Flag test</title> |
| |
| <script src=/resources/testharness.js></script> |
| <script src=/resources/testharnessreport.js></script> |
| <script src=support.js?pipe=sub></script> |
| |
| <h1>CSS Style Sheet Origin Clean Flag test</h1> |
| |
| <div id=log></div> |
| |
| <script> |
| // This test is for Cobalt's Same Origin Policy and corresponding CORS protocol in |
| // HTML Link Element and CSS Style Sheet. WPT's infrastructure enables us to test |
| // this network-related feature without relying on real online resources. It is a |
| // Cobalt owned test. |
| |
| var origin = location.protocol+"//"+location.host; |
| var different_origin = "http://" + "www1." + location.hostname+":"+location.port; |
| var css_location = "old-tests/submission/Opera/script_scheduling/css/background.css" |
| |
| var linkelement = document.createElement("link"); |
| linkelement.rel = "stylesheet" |
| linkelement.href = origin+"/"+css_location |
| document.appendChild(linkelement) |
| |
| var linkelement2 = document.createElement("link"); |
| linkelement2.rel = "stylesheet" |
| linkelement2.href = different_origin+"/"+css_location |
| document.appendChild(linkelement2) |
| |
| var linkelement3 = document.createElement("link"); |
| linkelement3.rel = "stylesheet" |
| linkelement3.href = origin+"/cors/resources/cors-makeheader.py?location="+different_origin+"/"+css_location; |
| document.appendChild(linkelement3) |
| |
| var linkelement4 = document.createElement("link"); |
| linkelement4.rel = "stylesheet" |
| linkelement4.href = different_origin+"/"+css_location |
| linkelement4.crossOrigin = "anonymous" |
| document.appendChild(linkelement4) |
| |
| document.onload = function() { |
| test(function(){ |
| // Same-Origin resource, should be accessible |
| assert_equals(document.styleSheets[0].cssRules.length, 1) |
| document.styleSheets[0].insertRule("#test {position:fixed}", 1) |
| assert_equals(document.styleSheets[0].cssRules.length, 2) |
| |
| // Cross-Origin resource, should be blocked |
| assert_throws("SecurityError",function(){document.styleSheets[1].cssRules}) |
| assert_throws("SecurityError",function(){document.styleSheets[1].insertRule("#test {position:fixed}", 1)}) |
| |
| // Cross-Origin CSS Style Sheet fetched after redirects should be caught |
| assert_throws("SecurityError",function(){document.styleSheets[2].cssRules}) |
| assert_throws("SecurityError",function(){document.styleSheets[2].insertRule("#test {position:fixed}", 1)}) |
| |
| // Specify crossOrigin - "anonymous" demand browser to fetch resource with |
| // CORS protocol. If server does not allow that, resource should not load. |
| assert_throws(new TypeError(), function(){document.styleSheets[3].cssRules}) |
| assert_throws(new TypeError(),function(){document.styleSheets[3].insertRule("#test {position:fixed}", 1)}) |
| }) |
| } |
| |
| </script> |