blob: 1b269ecd68f41679637c891c641430d82221f6ec [file] [log] [blame]
<!DOCTYPE html>
<meta charset=utf-8>
<title>CSS Style Sheet Origin Clean Flag test</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>
<h1>CSS Style Sheet Origin Clean Flag test</h1>
<div id=log></div>
<script>
// This test is for Cobalt's Same Origin Policy and corresponding CORS protocol in
// HTML Link Element and CSS Style Sheet. WPT's infrastructure enables us to test
// this network-related feature without relying on real online resources. It is a
// Cobalt owned test.
var origin = location.protocol+"//"+location.host;
var different_origin = "http://" + "www1." + location.hostname+":"+location.port;
var css_location = "old-tests/submission/Opera/script_scheduling/css/background.css"
var linkelement = document.createElement("link");
linkelement.rel = "stylesheet"
linkelement.href = origin+"/"+css_location
document.appendChild(linkelement)
var linkelement2 = document.createElement("link");
linkelement2.rel = "stylesheet"
linkelement2.href = different_origin+"/"+css_location
document.appendChild(linkelement2)
var linkelement3 = document.createElement("link");
linkelement3.rel = "stylesheet"
linkelement3.href = origin+"/cors/resources/cors-makeheader.py?location="+different_origin+"/"+css_location;
document.appendChild(linkelement3)
var linkelement4 = document.createElement("link");
linkelement4.rel = "stylesheet"
linkelement4.href = different_origin+"/"+css_location
linkelement4.crossOrigin = "anonymous"
document.appendChild(linkelement4)
document.onload = function() {
test(function(){
// Same-Origin resource, should be accessible
assert_equals(document.styleSheets[0].cssRules.length, 1)
document.styleSheets[0].insertRule("#test {position:fixed}", 1)
assert_equals(document.styleSheets[0].cssRules.length, 2)
// Cross-Origin resource, should be blocked
assert_throws("SecurityError",function(){document.styleSheets[1].cssRules})
assert_throws("SecurityError",function(){document.styleSheets[1].insertRule("#test {position:fixed}", 1)})
// Cross-Origin CSS Style Sheet fetched after redirects should be caught
assert_throws("SecurityError",function(){document.styleSheets[2].cssRules})
assert_throws("SecurityError",function(){document.styleSheets[2].insertRule("#test {position:fixed}", 1)})
// Specify crossOrigin - "anonymous" demand browser to fetch resource with
// CORS protocol. If server does not allow that, resource should not load.
assert_throws(new TypeError(), function(){document.styleSheets[3].cssRules})
assert_throws(new TypeError(),function(){document.styleSheets[3].insertRule("#test {position:fixed}", 1)})
})
}
</script>