Test insecure-xhr-sync-in-main-frame.html fails with CORS error if run before r203542
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Dec 2016 17:45:54 +0000 (17:45 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Dec 2016 17:45:54 +0000 (17:45 +0000)
commit2f0b62576229f26a1e547a18d317d0e5d0de3a12
tree0e8ca0e40300b33ff9f01e598368610fd82e4a0e
parentd20fa7f6f3562ba105630bd7ef24671904e76eb3
Test insecure-xhr-sync-in-main-frame.html fails with CORS error if run before r203542
https://bugs.webkit.org/show_bug.cgi?id=165407

Reviewed by Alexey Proskuryakov.

Make the test insecure-xhr-sync-in-main-frame.html demonstrate a mixed content failure
instead of a CORS failure when run before r203542.

In r203542 the test http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html
was added to ensure that we block loading insecure data via XHR from an HTTPS page. When
this test is run prior to r203542 it fails due to a CORS errors as opposed to showing
the intended JavaScript alert failure message. The CORS error is due to loading a
cross-origin resource that did not return an appropriate Access-Control-Allow-Origin header
to allow reading of the response.

* http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame-expected.txt: Update expected result
based on the change below.
* http/tests/security/mixedContent/resources/insecure-xhr-sync-in-main-frame-window.html:
Load a resource that returns "Access-Control-Allow-Origin: *" so that origin (http, 127.0.0.1, 8000)
can read the response returned from origin (https, 127.0.0.1, 8443).

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@209401 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame-expected.txt
LayoutTests/http/tests/security/mixedContent/resources/insecure-xhr-sync-in-main-frame-window.html