Migrate From-Origin to Cross-Origin-Resource-Policy
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 26 May 2018 00:06:08 +0000 (00:06 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 26 May 2018 00:06:08 +0000 (00:06 +0000)
https://bugs.webkit.org/show_bug.cgi?id=185840

Reviewed by Chris Dumez.

Source/WebCore:

Tests: http/wpt/cross-origin-resource-policy/fetch-in-iframe.html
       http/wpt/cross-origin-resource-policy/fetch.html
       http/wpt/cross-origin-resource-policy/iframe-loads.html
       http/wpt/cross-origin-resource-policy/image-loads.html
       http/wpt/cross-origin-resource-policy/script-loads.html

* platform/network/HTTPHeaderNames.in:
* platform/network/HTTPParsers.cpp:
(WebCore::parseCrossOriginResourcePolicyHeader):
* platform/network/HTTPParsers.h:

Source/WebKit:

Do Cross-Origin-Resource-Policy (CORP) checks in NetworkLoadChecker instead of NetworkResourceLoader directly.
Make sure CORP only applies to no-cors loads.
Remove ancestor checks and only consider the document origin making the load.
This means that in case of cross-origin redirection to same-origin, the redirection will be CORP-checked,
the final response will not be CORP-checked but will be opaque.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::validateCrossOriginResourcePolicyPolicy):
(WebKit::NetworkLoadChecker::validateResponse):
* NetworkProcess/NetworkLoadChecker.h:
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
(WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):
* NetworkProcess/NetworkResourceLoader.h:
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
Send ancestor information for navigation loads only.

LayoutTests:

Migrating From-Origin tests to Cross-Origin-Resource-Policy tests.
Given the scope of the header is reduced to no-cors and no ancestor checks,
We cover the new header with fetch/image/script loads.

* TestExpectations:
* http/tests/from-origin: Removed.
* http/wpt/cross-origin-resource-policy/fetch-expected.txt: Added.
* http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt: Added.
* http/wpt/cross-origin-resource-policy/fetch-in-iframe.html: Added.
* http/wpt/cross-origin-resource-policy/fetch.html: Added.
* http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt: Added.
* http/wpt/cross-origin-resource-policy/iframe-loads.html: Added.
* http/wpt/cross-origin-resource-policy/image-loads-expected.txt: Added.
* http/wpt/cross-origin-resource-policy/image-loads.html: Added.
* http/wpt/cross-origin-resource-policy/resources/green.png: Added.
* http/wpt/cross-origin-resource-policy/resources/hello.py: Added.
* http/wpt/cross-origin-resource-policy/resources/iframe.py: Added.
* http/wpt/cross-origin-resource-policy/resources/iframeFetch.html: Added.
* http/wpt/cross-origin-resource-policy/resources/image.py: Added.
* http/wpt/cross-origin-resource-policy/resources/redirect.py: Added.
* http/wpt/cross-origin-resource-policy/resources/script.py: Added.
* http/wpt/cross-origin-resource-policy/script-loads-expected.txt: Added.
* http/wpt/cross-origin-resource-policy/script-loads.html: Added.
* platform/wk2/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@232217 268f45cc-cd09-0410-ab3c-d52691b4dbfc

110 files changed:
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/from-origin/document-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/document-from-origin-same-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/document-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/document-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/resources/fetch.php [deleted file]
LayoutTests/http/tests/from-origin/resources/iframe.php [deleted file]
LayoutTests/http/tests/from-origin/resources/iframeIPAddressFetch.html [deleted file]
LayoutTests/http/tests/from-origin/resources/iframeLocalhostFetch.html [deleted file]
LayoutTests/http/tests/from-origin/resources/image.php [deleted file]
LayoutTests/http/tests/from-origin/resources/nestedIPAddressIframe.html [deleted file]
LayoutTests/http/tests/from-origin/resources/nestedLocalhostIframe.html [deleted file]
LayoutTests/http/tests/from-origin/resources/redirect.php [deleted file]
LayoutTests/http/tests/from-origin/resources/script.php [deleted file]
LayoutTests/http/tests/from-origin/resources/xhr.php [deleted file]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted.php [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked.html [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted.html [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt [deleted file]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked.html [deleted file]
LayoutTests/http/wpt/cross-origin-resource-policy/fetch-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe.html [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/fetch.html [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads.html [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/image-loads-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/image-loads.html [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/resources/green.png [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/resources/hello.py [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframe.py [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeFetch.html [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/resources/image.py [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/resources/redirect.py [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/resources/script.py [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/script-loads-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-resource-policy/script-loads.html [new file with mode: 0644]
LayoutTests/platform/wk2/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/platform/network/HTTPHeaderNames.in
Source/WebCore/platform/network/HTTPParsers.cpp
Source/WebCore/platform/network/HTTPParsers.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
Source/WebKit/NetworkProcess/NetworkLoadChecker.h
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp

index 5cff3de..77571f4 100644 (file)
@@ -1,3 +1,35 @@
+2018-05-25  Youenn Fablet  <youenn@apple.com>
+
+        Migrate From-Origin to Cross-Origin-Resource-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=185840
+
+        Reviewed by Chris Dumez.
+
+        Migrating From-Origin tests to Cross-Origin-Resource-Policy tests.
+        Given the scope of the header is reduced to no-cors and no ancestor checks,
+        We cover the new header with fetch/image/script loads.
+
+        * TestExpectations:
+        * http/tests/from-origin: Removed.
+        * http/wpt/cross-origin-resource-policy/fetch-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/fetch-in-iframe.html: Added.
+        * http/wpt/cross-origin-resource-policy/fetch.html: Added.
+        * http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/iframe-loads.html: Added.
+        * http/wpt/cross-origin-resource-policy/image-loads-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/image-loads.html: Added.
+        * http/wpt/cross-origin-resource-policy/resources/green.png: Added.
+        * http/wpt/cross-origin-resource-policy/resources/hello.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/iframe.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/iframeFetch.html: Added.
+        * http/wpt/cross-origin-resource-policy/resources/image.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/redirect.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/script.py: Added.
+        * http/wpt/cross-origin-resource-policy/script-loads-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/script-loads.html: Added.
+        * platform/wk2/TestExpectations:
+
 2018-05-25  David Fenton  <david_fenton@apple.com>
 
         fast/text/user-installed-fonts/shadow-family.html and fast/text/user-installed-fonts/shadow-postscript-family.html are flaky
index a8b8377..3f58276 100644 (file)
@@ -369,7 +369,7 @@ http/tests/cache/disk-cache/redirect-chain-limits.html [ DumpJSConsoleLogInStdEr
 http/tests/xmlhttprequest/gzip-content-type-no-content-encoding.html [ Skip ]
 
 # Only supported in WebKit2.
-http/tests/from-origin/ [ Skip ]
+http/wpt/cross-origin-resource-policy/ [ Skip ]
 
 #//////////////////////////////////////////////////////////////////////////////////////////
 # End platform-specific tests.
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index 1387d56..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The iframe
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-accepted.html
deleted file mode 100644 (file)
index 4e6c966..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 221bfdb..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-blocked.html
deleted file mode 100644 (file)
index d173ef7..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt
deleted file mode 100644 (file)
index bec0fef..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The iframe
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted.html
deleted file mode 100644 (file)
index 2b182b3..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/iframe.php?fromOrigin=same-site"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt
deleted file mode 100644 (file)
index e1dbf6d..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-
diff --git a/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked.html
deleted file mode 100644 (file)
index a0b8467..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same-site"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index b049c41..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-Tests that a nested same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The outer iframe, loading a nested 127.0.0.1 iframe.
-
-
-
---------
-Frame: '<!--frame2-->'
---------
-The iframe
diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted.html
deleted file mode 100644 (file)
index fd10aed..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a nested same-origin document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedIPAddressIframe.html"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index f9663b4..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The outer iframe, loading a nested localhost iframe.
-
-
-
---------
-Frame: '<!--frame2-->'
---------
-
diff --git a/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 53d77a1..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedLocalhostIframe.html"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 6cb9d39..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks.
-Tests that a cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS 127.0.0.1 fetch in data: iframe blocked.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The iframe making a 127.0.0.1 fetch call.
diff --git a/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 25b4281..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-        testRunner.dumpChildFramesAsText();
-
-        function receiveMessage(event) {
-            if (event.origin === "null") {
-                if (event.data.indexOf("fetchSuccess") !== -1)
-                    testFailed("127.0.0.1 fetch in data: iframe succeeded.");
-                else if (event.data.indexOf("fetchError") !== -1)
-                    testPassed("127.0.0.1 fetch in data: iframe blocked.");
-                else
-                    testFailed("Received an unrecognized message. " + event.data);
-            } else {
-                testFailed("Received a message from an unexpected origin: " + event.origin);
-            }
-            finishJSTest();
-        }
-
-        window.addEventListener("message", receiveMessage, false);
-    </script>
-</head>
-<body>
-<!-- data url equivalent to from-origin/resources/iframeIPAddressFetch.html -->
-<iframe src="data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ+CiAgICAgICAgZnVuY3Rpb24gZmV0Y2hFcnJvcigpIHsKICAgICAgICAgICAgdG9wLnBvc3RNZXNzYWdlKCJmZXRjaEVycm9yIiwgImh0dHA6Ly8xMjcuMC4wLjE6ODAwMCIpOwogICAgICAgIH0KCiAgICAgICAgZnVuY3Rpb24gZmV0Y2hTdWNjZXNzKCkgewogICAgICAgICAgICB0b3AucG9zdE1lc3NhZ2UoImZldGNoU3VjY2VzcyIsICJodHRwOi8vMTI3LjAuMC4xOjgwMDAiKTsKICAgICAgICB9CgogICAgICAgIGZldGNoKCJodHRwOi8vMTI3LjAuMC4xOjgwMDAvZnJvbS1vcmlnaW4vcmVzb3VyY2VzL2ZldGNoLnBocD9mcm9tT3JpZ2luPXNhbWUiKS50aGVuKGZ1bmN0aW9uKHJlc3BvbnNlKSB7CiAgICAgICAgICAgIHJldHVybiByZXNwb25zZS5qc29uKCk7CiAgICAgICAgfSkudGhlbihmdW5jdGlvbihkYXRhKSB7CiAgICAgICAgICAgIGNvbnN0IHBhcnNlZERhdGEgPSBKU09OLnBhcnNlKGRhdGEpOwogICAgICAgICAgICBpZiAocGFyc2VkRGF0YS5GZXRjaCkKICAgICAgICAgICAgICAgIGZldGNoU3VjY2VzcygpOwogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICBmZXRjaEVycm9yKCk7CiAgICAgICAgfSkuY2F0Y2goZnVuY3Rpb24oZXJyb3IpIHsKICAgICAgICAgICAgZmV0Y2hFcnJvcigpOwogICAgICAgIH0pOwogICAgPC9zY3JpcHQ+CjwvaGVhZD4KPGJvZHk+CiAgICA8aDM+VGhlIGlmcmFtZSBtYWtpbmcgYSAxMjcuMC4wLjEgZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk+CjwvaHRtbD4K"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index a757130..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Fetch succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted.html
deleted file mode 100644 (file)
index e0d8059..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        fetch("http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) {
-            return response.json();
-        }).then(function(data) {
-            const parsedData = JSON.parse(data);
-            if (parsedData.Fetch)
-                testPassed("Fetch succeeded.");
-            else
-                testFailed("Unknown fetch response.");
-            finishJSTest();
-        }).catch(function(error) {
-            testFailed("Fetch blocked. " + error);
-            finishJSTest();
-        });
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 24e5ed8..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks.
-Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Fetch blocked. TypeError: Cancelled load because it violates the resource's From-Origin response header.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 18632f8..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.");
-        jsTestIsAsync = true;
-
-        fetch("http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) {
-            return response.json();
-        }).then(function(data) {
-            const parsedData = JSON.parse(data);
-            if (parsedData.Fetch)
-                testFailed("Fetch succeeded.");
-            else
-                testFailed("Unknown fetch response.");
-            finishJSTest();
-        }).catch(function(error) {
-            testPassed("Fetch blocked. " + error);
-            finishJSTest();
-        });
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt
deleted file mode 100644 (file)
index e6a79c6..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Fetch succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted.html
deleted file mode 100644 (file)
index 0107469..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin fetch load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.");
-        jsTestIsAsync = true;
-
-        fetch("http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same-site").then(function(response) {
-            return response.json();
-        }).then(function(data) {
-            const parsedData = JSON.parse(data);
-            if (parsedData.Fetch)
-                testPassed("Fetch succeeded.");
-            else
-                testFailed("Unknown fetch response.");
-            finishJSTest();
-        }).catch(function(error) {
-            testFailed("Fetch blocked. " + error);
-            finishJSTest();
-        });
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt
deleted file mode 100644 (file)
index 7b3be6e..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same-site due to access control checks.
-Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Fetch blocked. TypeError: Cancelled load because it violates the resource's From-Origin response header.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked.html
deleted file mode 100644 (file)
index f27df8f..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin fetch load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header.");
-        jsTestIsAsync = true;
-
-        fetch("http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same-site").then(function(response) {
-            return response.json();
-        }).then(function(data) {
-            const parsedData = JSON.parse(data);
-            if (parsedData.Fetch)
-                testFailed("Fetch succeeded.");
-            else
-                testFailed("Unknown fetch response.");
-            finishJSTest();
-        }).catch(function(error) {
-            testPassed("Fetch blocked. " + error);
-            finishJSTest();
-        });
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index 7861961..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-Tests that a same-origin fetch in an iframe succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS 127.0.0.1 fetch in 127.0.0.1 iframe succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The iframe making a 127.0.0.1 fetch call.
diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html
deleted file mode 100644 (file)
index d9da6f3..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin fetch in an iframe succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-        testRunner.dumpChildFramesAsText();
-
-        function receiveMessage(event) {
-            if (event.origin === "http://127.0.0.1:8000") {
-                if (event.data.indexOf("fetchSuccess") !== -1)
-                    testPassed("127.0.0.1 fetch in 127.0.0.1 iframe succeeded.");
-                else if (event.data.indexOf("fetchError") !== -1)
-                    testFailed("127.0.0.1 fetch in 127.0.0.1 iframe blocked.");
-                else
-                    testFailed("Received an unrecognized message. " + event.data);
-            } else {
-                testFailed("Received a message from an unexpected origin: " + event.origin);
-            }
-
-            finishJSTest();
-        }
-
-        window.addEventListener("message", receiveMessage, false);
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/iframeIPAddressFetch.html"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 952a90d..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks.
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks.
-Tests that a cross-origin fetch in an iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Localhost fetch in 127.0.0.1 iframe blocked and 127.0.0.1 fetch in localhost iframe blocked.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The iframe making a localhost fetch call.
-
---------
-Frame: '<!--frame2-->'
---------
-The iframe making a 127.0.0.1 fetch call.
diff --git a/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 7d2beef..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin fetch in an iframe load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-        testRunner.dumpChildFramesAsText();
-
-        function addIframe (url) {
-            iframeElement = document.createElement("iframe");
-            iframeElement.src = url;
-            document.body.appendChild(iframeElement);
-        }
-
-        var ipAddressIframeDone = false;
-        var localhostIframeDone = false;
-        function receiveMessage(event) {
-            if (event.origin === "http://127.0.0.1:8000") {
-                ipAddressIframeDone = true;
-                if (event.data.indexOf("fetchSuccess") !== -1)
-                    testFailed("Localhost fetch in 127.0.0.1 iframe succeeded.");
-                else if (event.data.indexOf("fetchError") === -1)
-                    testFailed("Received an unrecognized message. " + event.data);
-                addIframe("http://localhost:8000/from-origin/resources/iframeIPAddressFetch.html");
-            } else if (event.origin === "http://localhost:8000") {
-                localhostIframeDone = true;
-                if (event.data.indexOf("fetchSuccess") !== -1)
-                    testFailed("127.0.0.1 fetch in localhost iframe succeeded.");
-                else if (event.data.indexOf("fetchError") === -1)
-                    testFailed("Received an unrecognized message. " + event.data);
-            } else {
-                testFailed("Received a message from an unexpected origin: " + event.origin);
-                finishJSTest();
-            }
-
-            if (ipAddressIframeDone && localhostIframeDone) {
-                testPassed("Localhost fetch in 127.0.0.1 iframe blocked and 127.0.0.1 fetch in localhost iframe blocked.");
-                finishJSTest();
-            }
-        }
-
-        window.addEventListener("message", receiveMessage, false);
-
-        function run() {
-            addIframe("http://127.0.0.1:8000/from-origin/resources/iframeLocalhostFetch.html");
-        }
-    </script>
-</head>
-<body onload="run()">
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index b9bd4b7..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Cannot load image http://localhost:8000/from-origin/resources/image.php?fromOrigin=same due to access control checks.
-Tests that a cross-origin image load inside an about:blank iframe fails if the server blocks it with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Image load blocked.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked.html
deleted file mode 100644 (file)
index f8be3cc..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin image load inside an about:blank iframe fails if the server blocks it with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function imageLoadError() {
-            testPassed("Image load blocked.");
-            finishJSTest();
-        }
-
-        function imageLoadSuccess() {
-            testFailed("Image load succeeded.");
-            finishJSTest();
-        }
-
-        function injectImageIntoIframe() {
-            var imgElement = new Image();
-            imgElement.src = "http://localhost:8000/from-origin/resources/image.php?fromOrigin=same";
-            imgElement.onload = imageLoadSuccess;
-            imgElement.onerror = imageLoadError;
-            document.getElementById("theIframe").contentDocument.body.appendChild(imgElement);
-        }
-    </script>
-</head>
-<body onload="injectImageIntoIframe()">
-<iframe src="about:blank" id="theIframe"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index 73a4a36..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Image load succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-accepted.html
deleted file mode 100644 (file)
index 4cb6214..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function imageLoadError() {
-            testFailed("Image load blocked.");
-            finishJSTest();
-        }
-
-        function imageLoadSuccess() {
-            testPassed("Image load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<img src="http://127.0.0.1:8000/from-origin/resources/image.php?fromOrigin=same" onerror="imageLoadError()" onload="imageLoadSuccess()">
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index ff0c2b8..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Cannot load image http://localhost:8000/from-origin/resources/image.php?fromOrigin=same due to access control checks.
-Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Image load blocked.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-blocked.html
deleted file mode 100644 (file)
index cb0e07b..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function imageLoadError() {
-            testPassed("Image load blocked.");
-            finishJSTest();
-        }
-
-        function imageLoadSuccess() {
-            testFailed("Image load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<img src="http://localhost:8000/from-origin/resources/image.php?fromOrigin=same" onerror="imageLoadError()" onload="imageLoadSuccess()">
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt
deleted file mode 100644 (file)
index 3d077b2..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Image load succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted.html
deleted file mode 100644 (file)
index ef82351..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin image load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.");
-        jsTestIsAsync = true;
-
-        function imageLoadError() {
-            testFailed("Image load blocked.");
-            finishJSTest();
-        }
-
-        function imageLoadSuccess() {
-            testPassed("Image load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<img src="http://127.0.0.1:8000/from-origin/resources/image.php?fromOrigin=same-site" onerror="imageLoadError()" onload="imageLoadSuccess()">
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt
deleted file mode 100644 (file)
index 23e19e9..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Cannot load image http://localhost:8000/from-origin/resources/image.php?fromOrigin=same-site due to access control checks.
-Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Image load blocked.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked.html
deleted file mode 100644 (file)
index ceaf19e..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin image load fails if the server blocks it with a 'From-Origin: same-site' response header.");
-        jsTestIsAsync = true;
-
-        function imageLoadError() {
-            testPassed("Image load blocked.");
-            finishJSTest();
-        }
-
-        function imageLoadSuccess() {
-            testFailed("Image load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<img src="http://localhost:8000/from-origin/resources/image.php?fromOrigin=same-site" onerror="imageLoadError()" onload="imageLoadSuccess()">
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index a47453b..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-Tests that a redirected cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-
diff --git a/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 32b4c2a..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a redirected cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 16802a5..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same due to access control checks.
-Tests that a redirected cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Fetch blocked. TypeError: Cancelled load because it violates the resource's From-Origin response header.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html
deleted file mode 100644 (file)
index d3371d9..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a redirected cross-origin fetch load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.");
-        jsTestIsAsync = true;
-
-        fetch("http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) {
-            return response.json();
-        }).then(function(data) {
-            const parsedData = JSON.parse(data);
-            if (parsedData.Fetch)
-                testFailed("Fetch succeeded.");
-            else
-                testFailed("Unknown fetch response.");
-            finishJSTest();
-        }).catch(function(error) {
-            testPassed("Fetch blocked. " + error);
-            finishJSTest();
-        });
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 8cb0917..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/image.php?fromOrigin=same due to access control checks.
-Tests that a redirected cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Image load blocked.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 1e0c4e3..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a redirected cross-origin image load fails if the server blocks it with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function imageLoadError() {
-            testPassed("Image load blocked.");
-            finishJSTest();
-        }
-
-        function imageLoadSuccess() {
-            testFailed("Image load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<img src="http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/image.php?fromOrigin=same" onerror="imageLoadError()" onload="imageLoadSuccess()">
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 47ab9b1..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-Tests that a redirected cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Script load blocked.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 134464f..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a redirected cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function scriptLoadError() {
-            testPassed("Script load blocked.");
-            finishJSTest();
-        }
-
-        function scriptLoadSuccess() {
-            testFailed("Script load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<script src="http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/script.php?fromOrigin=same" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 2c51451..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same due to access control checks.
-Tests that a redirected cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Xhr blocked. 
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html
deleted file mode 100644 (file)
index dcc4742..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a redirected cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.");
-        jsTestIsAsync = true;
-
-        function transferComplete() {
-            if (xhr.responseText === "xhr")
-                testFailed("Xhr succeeded.");
-            else
-                testFailed("Unknown xhr response: " + xhr.responseText);
-            finishJSTest();
-        }
-
-        function transferFailed() {
-            testPassed("Xhr blocked. " + xhr.statusText);
-            finishJSTest();
-        }
-
-        var xhr = new XMLHttpRequest();
-        xhr.addEventListener("load", transferComplete);
-        xhr.addEventListener("error", transferFailed);
-        xhr.open("GET", "http://127.0.0.1:8000/from-origin/resources/redirect.php?redirectTo=http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same");
-        xhr.send();
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/resources/fetch.php b/LayoutTests/http/tests/from-origin/resources/fetch.php
deleted file mode 100644 (file)
index 12829cb..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-if($_GET["fromOrigin"] == "same") {
-    header("From-Origin: Same");
-} elseif($_GET["fromOrigin"] == "same-site") {
-    header("From-Origin: Same-Site");
-}
-
-if (isset($_SERVER['HTTP_ORIGIN'])) {
-    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
-}
-$data = '{
-       "Fetch": true
-}';
-echo json_encode($data);
-?>
diff --git a/LayoutTests/http/tests/from-origin/resources/iframe.php b/LayoutTests/http/tests/from-origin/resources/iframe.php
deleted file mode 100644 (file)
index dde4f0f..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-if($_GET["fromOrigin"] == "same") {
-    header("From-Origin: Same");
-} elseif($_GET["fromOrigin"] == "same-site") {
-    header("From-Origin: Same-Site");
-}
-?>
-<h3>The iframe</h3>
diff --git a/LayoutTests/http/tests/from-origin/resources/iframeIPAddressFetch.html b/LayoutTests/http/tests/from-origin/resources/iframeIPAddressFetch.html
deleted file mode 100644 (file)
index 5478c7f..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script>
-        function fetchError() {
-            top.postMessage("fetchError", "http://127.0.0.1:8000");
-        }
-
-        function fetchSuccess() {
-            top.postMessage("fetchSuccess", "http://127.0.0.1:8000");
-        }
-
-        fetch("http://127.0.0.1:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) {
-            return response.json();
-        }).then(function(data) {
-            const parsedData = JSON.parse(data);
-            if (parsedData.Fetch)
-                fetchSuccess();
-            else
-                fetchError();
-        }).catch(function(error) {
-            fetchError();
-        });
-    </script>
-</head>
-<body>
-    <h3>The iframe making a 127.0.0.1 fetch call.</h3>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/resources/iframeLocalhostFetch.html b/LayoutTests/http/tests/from-origin/resources/iframeLocalhostFetch.html
deleted file mode 100644 (file)
index 9124439..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script>
-        function fetchError() {
-            top.postMessage("fetchError", "http://127.0.0.1:8000");
-        }
-
-        function fetchSuccess() {
-            top.postMessage("fetchSuccess", "http://127.0.0.1:8000");
-        }
-
-        fetch("http://localhost:8000/from-origin/resources/fetch.php?fromOrigin=same").then(function(response) {
-            return response.json();
-        }).then(function(data) {
-            const parsedData = JSON.parse(data);
-            if (parsedData.Fetch)
-                fetchSuccess();
-            else
-                fetchError();
-        }).catch(function(error) {
-            fetchError();
-        });
-</script>
-</head>
-<body>
-    <h3>The iframe making a localhost fetch call.</h3>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/resources/image.php b/LayoutTests/http/tests/from-origin/resources/image.php
deleted file mode 100644 (file)
index ccfe249..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-if($_GET["fromOrigin"] == "same") {
-    header("From-Origin: Same");
-} elseif($_GET["fromOrigin"] == "same-site") {
-    header("From-Origin: Same-Site");
-}
-$fp = fopen("../../resources/square20.jpg", "rb");
-header("Content-Type: image/jpeg");
-header("Content-Length: " . filesize($name));
-fpassthru($fp);
-exit;
-?>
\ No newline at end of file
diff --git a/LayoutTests/http/tests/from-origin/resources/nestedIPAddressIframe.html b/LayoutTests/http/tests/from-origin/resources/nestedIPAddressIframe.html
deleted file mode 100644 (file)
index 203c14a..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-</head>
-<body>
-    <h3>The outer iframe, loading a nested 127.0.0.1 iframe.</h3>
-    <iframe src="http://127.0.0.1:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/resources/nestedLocalhostIframe.html b/LayoutTests/http/tests/from-origin/resources/nestedLocalhostIframe.html
deleted file mode 100644 (file)
index b8e0530..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-</head>
-<body>
-    <h3>The outer iframe, loading a nested localhost iframe.</h3>
-    <iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/resources/redirect.php b/LayoutTests/http/tests/from-origin/resources/redirect.php
deleted file mode 100644 (file)
index 17abfd9..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-<?php
-$redirectURL = $_GET["redirectTo"];
-header('Location: ' . $redirectURL);
-die();
-?>
diff --git a/LayoutTests/http/tests/from-origin/resources/script.php b/LayoutTests/http/tests/from-origin/resources/script.php
deleted file mode 100644 (file)
index 9c81bb8..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-if($_GET["fromOrigin"] == "same") {
-    header("From-Origin: Same");
-} elseif($_GET["fromOrigin"] == "same-site") {
-    header("From-Origin: Same-Site");
-}
-?>
-var divElement = document.createElement("div");
-divElement.textContent = "Created by JavaScript.";
-document.body.appendChild(divElement);
diff --git a/LayoutTests/http/tests/from-origin/resources/xhr.php b/LayoutTests/http/tests/from-origin/resources/xhr.php
deleted file mode 100644 (file)
index 997f07a..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-if($_GET["fromOrigin"] == "same") {
-    header("From-Origin: Same");
-} elseif($_GET["fromOrigin"] == "same-site") {
-    header("From-Origin: Same-Site");
-}
-
-if (isset($_SERVER['HTTP_ORIGIN'])) {
-    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
-}
-?>
-xhr
\ No newline at end of file
diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 6e7d9da..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Timeout fired without iframe onload event fired.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-
diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html
deleted file mode 100644 (file)
index f9e125e..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed.");
-        jsTestIsAsync = true;
-        testRunner.dumpChildFramesAsText();
-
-        function iframeLoadError() {
-            testPassed("Timeout fired without iframe onload event fired.");
-            finishJSTest();
-        }
-
-        function iframeLoadSuccess() {
-            testFailed("Document load succeeded.");
-            finishJSTest();
-        }
-
-        setTimeout("iframeLoadError()", 500);
-    </script>
-</head>
-<body>
-<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same" sandbox="" onload="iframeLoadSuccess()"></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 1d432ae..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The outer iframe, loading a nested localhost iframe.
-
-
-
---------
-Frame: '<!--frame2-->'
---------
-
diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html
deleted file mode 100644 (file)
index c1cfc24..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a nested cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedLocalhostIframe.html" sandbox=""></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 5b0746e..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-Tests that a nested same-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--frame1-->'
---------
-The outer iframe, loading a nested 127.0.0.1 iframe.
-
-
-
---------
-Frame: '<!--frame2-->'
---------
-
diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html
deleted file mode 100644 (file)
index acc9eae..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a nested same-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed.");
-        testRunner.dumpChildFramesAsText();
-    </script>
-</head>
-<body>
-<iframe src="http://127.0.0.1:8000/from-origin/resources/nestedIPAddressIframe.html" sandbox=""></iframe>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index 8edf611..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Script load succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-Created by JavaScript.
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-accepted.html
deleted file mode 100644 (file)
index 932fe40..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function scriptLoadError() {
-            testFailed("Timeout fired without script onload event fired.");
-            finishJSTest();
-        }
-
-        function scriptLoadSuccess() {
-            testPassed("Script load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<script src="http://127.0.0.1:8000/from-origin/resources/script.php?fromOrigin=same" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index f4a46e3..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Script load blocked
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-blocked.html
deleted file mode 100644 (file)
index 65f4385..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function scriptLoadError() {
-            testPassed("Script load blocked");
-            finishJSTest();
-        }
-
-        function scriptLoadSuccess() {
-            testFailed("Script load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<script src="http://localhost:8000/from-origin/resources/script.php?fromOrigin=same" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt
deleted file mode 100644 (file)
index 4d5ed52..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Script load succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-Created by JavaScript.
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted.html
deleted file mode 100644 (file)
index 7b02f4f..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin script load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.");
-        jsTestIsAsync = true;
-
-        function scriptLoadError() {
-            testFailed("Timeout fired without script onload event fired.");
-            finishJSTest();
-        }
-
-        function scriptLoadSuccess() {
-            testPassed("Script load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<script src="http://127.0.0.1:8000/from-origin/resources/script.php?fromOrigin=same-site" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt
deleted file mode 100644 (file)
index 11e22a7..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Script load blocked
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked.html
deleted file mode 100644 (file)
index d8d7e31..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin script load fails if the server blocks it with a 'From-Origin: same-site' response header.");
-        jsTestIsAsync = true;
-
-        function scriptLoadError() {
-            testPassed("Script load blocked");
-            finishJSTest();
-        }
-
-        function scriptLoadSuccess() {
-            testFailed("Script load succeeded.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body>
-<script src="http://localhost:8000/from-origin/resources/script.php?fromOrigin=same-site" onload="scriptLoadSuccess()" onerror="scriptLoadError()"></script>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index 6c235c3..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin top frame document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Onload event fired.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-The Document
diff --git a/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted.php b/LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted.php
deleted file mode 100644 (file)
index bfbcac4..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-header("From-Origin: Same");
-?>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin top frame document load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-        testRunner.dumpChildFramesAsText();
-
-        function onloadFired() {
-            testPassed("Onload event fired.");
-            finishJSTest();
-        }
-    </script>
-</head>
-<body onload="onloadFired()">
-<h3>The Document</h3>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt
deleted file mode 100644 (file)
index 703d74c..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Xhr succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted.html
deleted file mode 100644 (file)
index 74ad7ba..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same' response header.");
-        jsTestIsAsync = true;
-
-        function transferComplete() {
-            if (xhr.responseText === "xhr")
-                testPassed("Xhr succeeded.");
-            else
-                testFailed("Unknown xhr response: " + xhr.responseText);
-            finishJSTest();
-        }
-
-        function transferFailed() {
-            testFailed("Xhr blocked. " + xhr.statusText);
-            finishJSTest();
-        }
-
-        var xhr = new XMLHttpRequest();
-        xhr.addEventListener("load", transferComplete);
-        xhr.addEventListener("error", transferFailed);
-        xhr.open("GET", "http://127.0.0.1:8000/from-origin/resources/xhr.php?fromOrigin=same");
-        xhr.send();
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt
deleted file mode 100644 (file)
index 624cc4c..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same due to access control checks.
-Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Xhr blocked. 
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked.html
deleted file mode 100644 (file)
index e02e2ed..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same' response header, even though the server includes an Access-Control-Allow-Origin response header.");
-        jsTestIsAsync = true;
-
-        function transferComplete() {
-            if (xhr.responseText === "xhr")
-                testFailed("Xhr succeeded.");
-            else
-                testFailed("Unknown xhr response: " + xhr.responseText);
-            finishJSTest();
-        }
-
-        function transferFailed() {
-            testPassed("Xhr blocked. " + xhr.statusText);
-            finishJSTest();
-        }
-
-        var xhr = new XMLHttpRequest();
-        xhr.addEventListener("load", transferComplete);
-        xhr.addEventListener("error", transferFailed);
-        xhr.open("GET", "http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same");
-        xhr.send();
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt
deleted file mode 100644 (file)
index 0961b17..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Xhr succeeded.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted.html
deleted file mode 100644 (file)
index 2adc562..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a same-origin xhr load succeeds if the server blocks cross-origin loads with a 'From-Origin: same-site' response header.");
-        jsTestIsAsync = true;
-
-        function transferComplete() {
-            if (xhr.responseText === "xhr")
-                testPassed("Xhr succeeded.");
-            else
-                testFailed("Unknown xhr response: " + xhr.responseText);
-            finishJSTest();
-        }
-
-        function transferFailed() {
-            testFailed("Xhr blocked. " + xhr.statusText);
-            finishJSTest();
-        }
-
-        var xhr = new XMLHttpRequest();
-        xhr.addEventListener("load", transferComplete);
-        xhr.addEventListener("error", transferFailed);
-        xhr.open("GET", "http://127.0.0.1:8000/from-origin/resources/xhr.php?fromOrigin=same-site");
-        xhr.send();
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt
deleted file mode 100644 (file)
index c7beabb..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same-site due to access control checks.
-Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Xhr blocked. 
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked.html b/LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked.html
deleted file mode 100644 (file)
index 7287187..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <script src="/js-test-resources/js-test.js"></script>
-    <script>
-        description("Tests that a cross-origin xhr load fails if the server blocks it with a 'From-Origin: same-site' response header, even though the server includes an Access-Control-Allow-Origin response header.");
-        jsTestIsAsync = true;
-
-        function transferComplete() {
-            if (xhr.responseText === "xhr")
-                testFailed("Xhr succeeded.");
-            else
-                testFailed("Unknown xhr response: " + xhr.responseText);
-            finishJSTest();
-        }
-
-        function transferFailed() {
-            testPassed("Xhr blocked. " + xhr.statusText);
-            finishJSTest();
-        }
-
-        var xhr = new XMLHttpRequest();
-        xhr.addEventListener("load", transferComplete);
-        xhr.addEventListener("error", transferFailed);
-        xhr.open("GET", "http://localhost:8000/from-origin/resources/xhr.php?fromOrigin=same-site");
-        xhr.send();
-    </script>
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-expected.txt b/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-expected.txt
new file mode 100644 (file)
index 0000000..3233498
--- /dev/null
@@ -0,0 +1,26 @@
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same due to access control checks.
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://localhost:9443/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same due to access control checks.
+CONSOLE MESSAGE: Cancelled load to http://localhost:8801/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8801/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same due to access control checks.
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same due to access control checks.
+CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same denied by Cross-Origin Resource Sharing policy: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/redirect.py?corp=same&redirectTo=http%3A%2F%2Flocalhost%3A8800%2FWebKit%2Fcross-origin-resource-policy%2Fresources%2Fhello.py%3Fcorp%3Dsame because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/redirect.py?corp=same&redirectTo=http%3A%2F%2Flocalhost%3A8800%2FWebKit%2Fcross-origin-resource-policy%2Fresources%2Fhello.py%3Fcorp%3Dsame due to access control checks.
+
+PASS Same-origin fetch with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a redirection. 
+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a cross-origin redirection. 
+PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' redirect response header. 
+
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt b/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..bec578c
--- /dev/null
@@ -0,0 +1,12 @@
+CONSOLE MESSAGE: Cancelled load to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same due to access control checks.
+CONSOLE MESSAGE: Cancelled load to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks.
+CONSOLE MESSAGE: Cancelled load to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same due to access control checks.
+
+PASS Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header. 
+
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe.html b/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe.html
new file mode 100644 (file)
index 0000000..99fe4ed
--- /dev/null
@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+</head>
+<body>
+    <script>
+const host = get_host_info();
+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+
+function with_iframe(url)
+{
+  return new Promise(function(resolve) {
+      var frame = document.createElement('iframe');
+      frame.src = url;
+      frame.onload = function() { resolve(frame); };
+      document.body.appendChild(frame);
+    });
+}
+
+function loadIFrameAndFetch(iframeURL, fetchURL, expectedFetchResult)
+{
+    promise_test(async () => {
+        const frame = await with_iframe(iframeURL);
+        let receiveMessage;
+        const promise = new Promise((resolve, reject) => {
+            receiveMessage = (event) => {
+                if (event.data !== expectedFetchResult) {
+                    reject("Received unexpected message " + event.data);
+                    return;
+                }
+                resolve();
+            }
+            window.addEventListener("message", receiveMessage, false);
+        });
+        frame.contentWindow.postMessage(fetchURL, "*");
+        return promise.finally(() => {
+            frame.remove();
+            window.removeEventListener("message", receiveMessage, false);
+        });
+    }, title);
+}
+
+// This above data URL should be equivalent to resources/iframeFetch.html
+var dataIFrameURL = "data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ+CiAgICAgICAgZnVuY3Rpb24gcHJvY2Vzc01lc3NhZ2UoZXZlbnQpCiAgICAgICAgewogICAgICAgICAgICBmZXRjaChldmVudC5kYXRhLCB7IG1vZGU6ICJuby1jb3JzIiB9KS50aGVuKCgpID0+IHsKICAgICAgICAgICAgICAgIHBhcmVudC5wb3N0TWVzc2FnZSgib2siLCAiKiIpOwogICAgICAgICAgICB9LCAoKSA9PiB7CiAgICAgICAgICAgICAgICBwYXJlbnQucG9zdE1lc3NhZ2UoImtvIiwgIioiKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgcHJvY2Vzc01lc3NhZ2UsIGZhbHNlKTsKICAgIDwvc2NyaXB0Pgo8L2hlYWQ+Cjxib2R5PgogICAgPGgzPlRoZSBpZnJhbWUgbWFraW5nIGEgc2FtZSBvcmlnaW4gZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk+CjwvaHRtbD4K";
+
+title = "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same", "ko");
+
+title = "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header.";
+loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same-site", "ko");
+
+title = "Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", localBaseURL + "resources/hello.py?corp=same", "ko");
+
+title = "Same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", remoteBaseURL + "resources/hello.py?corp=same", "ok");
+    </script>
+</body>
+</html>
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/fetch.html b/LayoutTests/http/wpt/cross-origin-resource-policy/fetch.html
new file mode 100644 (file)
index 0000000..e3f9c12
--- /dev/null
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+</head>
+<body>
+    <script>
+const host = get_host_info();
+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+const remoteSameSiteBaseURL = "http://" + host.ORIGINAL_HOST + ":" + host.HTTP_PORT2 + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+const httpsBaseURL = host.HTTPS_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+
+promise_test(async () => {
+    const response = await fetch("./resources/hello.py?corp=same");
+    assert_equals(await response.text(), "hello");
+}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same' response header.");
+
+promise_test(async () => {
+    const response = await fetch("./resources/hello.py?corp=same-site");
+    assert_equals(await response.text(), "hello");
+}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
+
+promise_test(async (test) => {
+    const response = await fetch(remoteBaseURL + "resources/hello.py?corp=same");
+    assert_equals(await response.text(), "hello");
+}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same' response header.");
+
+promise_test(async (test) => {
+    const response = await fetch(remoteBaseURL + "resources/hello.py?corp=same-site");
+    assert_equals(await response.text(), "hello");
+}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
+
+promise_test((test) => {
+    const remoteURL = remoteBaseURL + "resources/hello.py?corp=same";
+    return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" }));
+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header.");
+
+promise_test((test) => {
+    const remoteURL = remoteBaseURL + "resources/hello.py?corp=same-site";
+    return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" }));
+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
+
+promise_test((test) => {
+    const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site";
+    return fetch(remoteURL, { mode: "no-cors" });
+}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.");
+
+promise_test((test) => {
+    const remoteURL = httpsBaseURL + "resources/hello.py?corp=same";
+    return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" }));
+}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same' response header.");
+
+promise_test(async (test) => {
+    const remoteSameSiteURL = remoteSameSiteBaseURL + "resources/hello.py?corp=same-site";
+
+    await fetch(remoteSameSiteURL, { mode: "no-cors" });
+
+    return promise_rejects(test, new TypeError, fetch(remoteSameSiteBaseURL + "resources/hello.py?corp=same", { mode: "no-cors" }));
+}, "Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
+
+promise_test((test) => {
+    const finalURL = remoteBaseURL + "resources/hello.py?corp=same";
+    return promise_rejects(test, new TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a redirection.");
+
+promise_test((test) => {
+    const finalURL = localBaseURL + "resources/hello.py?corp=same";
+    return fetch(remoteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" });
+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' response header after a cross-origin redirection.");
+
+promise_test(async (test) => {
+    const finalURL = localBaseURL + "resources/hello.py?corp=same";
+
+    await fetch(finalURL, { mode: "no-cors" });
+
+    return promise_rejects(test, new TypeError, fetch(remoteBaseURL + "resources/redirect.py?corp=same&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
+}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same' redirect response header.");
+    </script>
+</body>
+</html>
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt b/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt
new file mode 100644 (file)
index 0000000..21c1e2f
--- /dev/null
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/iframe.py?corp=same because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/iframe.py?corp=same due to access control checks.
+
+PASS Load an iframe that has Cross-Origin-Resource-Policy header 
+
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads.html b/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads.html
new file mode 100644 (file)
index 0000000..6e2da39
--- /dev/null
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+</head>
+<body>
+    <script>
+const host = get_host_info();
+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+
+function with_iframe(url) {
+  return new Promise(function(resolve) {
+      var frame = document.createElement('iframe');
+      frame.src = url;
+      frame.onload = function() { resolve(frame); };
+      document.body.appendChild(frame);
+    });
+}
+
+promise_test(async() => {
+    const url = remoteBaseURL + "resources/iframe.py?corp=same";
+
+    await new Promise((resolve, reject) => {
+        return fetch(url, { mode: "no-cors" }).then(reject, resolve);
+    });
+
+    const iframe = await with_iframe(url);
+    return new Promise((resolve, reject) => {
+        window.addEventListener("message", (event) => {
+            if (event.data !== "pong") {
+                reject(event.data);
+                return;
+            }
+            resolve();
+        }, false);
+        iframe.contentWindow.postMessage("ping", "*");
+    }).finally(() => {
+        iframe.remove();
+    });
+}, "Load an iframe that has Cross-Origin-Resource-Policy header");
+    </script>
+</body>
+</html>
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads-expected.txt b/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads-expected.txt
new file mode 100644 (file)
index 0000000..6b8655c
--- /dev/null
@@ -0,0 +1,12 @@
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same&acao=* due to access control checks.
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same-site&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same-site&acao=* due to access control checks.
+
+PASS Same-origin image load with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads.html b/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads.html
new file mode 100644 (file)
index 0000000..751a9ac
--- /dev/null
@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+</head>
+<body>
+    <div id="testDiv"></div>
+    <script>
+const host = get_host_info();
+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+const ok = true;
+const ko = false;
+
+function loadImage(url, shoudLoad, corsMode)
+{
+    promise_test(() => {
+        const img = new Image();
+        if (corsMode)
+            img.crossOrigin = corsMode;
+        img.src = url;
+        return new Promise((resolve, reject) => {
+            img.onload = shoudLoad ? resolve : reject;
+            img.onerror = shoudLoad ? reject : resolve;
+            testDiv.appendChild(img);
+        }).finally(() => {
+            testDiv.innerHTML = "";
+        });
+    }, title)
+}
+
+title = "Same-origin image load with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadImage("./resources/image.py?corp=same", ok);
+
+title = "Same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
+loadImage("./resources/image.py?corp=same-site", ok);
+
+title = "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadImage(remoteBaseURL + "resources/image.py?corp=same&acao=*", ok, "anonymous");
+
+title = "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
+loadImage(remoteBaseURL + "resources/image.py?corp=same-site&acao=*", ok, "anonymous");
+
+title = "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadImage(remoteBaseURL + "resources/image.py?corp=same&acao=*", ko);
+
+title = "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
+loadImage(remoteBaseURL + "resources/image.py?corp=same-site&acao=*", ko);
+    </script>
+</body>
+</html>
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/resources/green.png b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/green.png
new file mode 100644 (file)
index 0000000..28a1faa
Binary files /dev/null and b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/green.png differ
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/resources/hello.py b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/hello.py
new file mode 100644 (file)
index 0000000..2b7cb6c
--- /dev/null
@@ -0,0 +1,6 @@
+def main(request, response):
+    headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])]
+    if 'origin' in request.headers:
+        headers.append(('Access-Control-Allow-Origin', request.headers['origin']))
+
+    return 200, headers, "hello"
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframe.py b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframe.py
new file mode 100644 (file)
index 0000000..5872842
--- /dev/null
@@ -0,0 +1,5 @@
+def main(request, response):
+    headers = [("Content-Type", "text/html"),
+               ("Cross-Origin-Resource-Policy", request.GET['corp'])]
+    return 200, headers, "<body><h3>The iframe</h3><script>window.onmessage = () => { parent.postMessage('pong', '*'); }</script></body>"
+
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeFetch.html b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeFetch.html
new file mode 100644 (file)
index 0000000..2571858
--- /dev/null
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script>
+        function processMessage(event)
+        {
+            fetch(event.data, { mode: "no-cors" }).then(() => {
+                parent.postMessage("ok", "*");
+            }, () => {
+                parent.postMessage("ko", "*");
+            });
+        }
+        window.addEventListener("message", processMessage, false);
+    </script>
+</head>
+<body>
+    <h3>The iframe making a same origin fetch call.</h3>
+</body>
+</html>
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/resources/image.py b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/image.py
new file mode 100644 (file)
index 0000000..ba61981
--- /dev/null
@@ -0,0 +1,21 @@
+import os.path
+
+def main(request, response):
+    type = request.GET.first("type", None)
+
+    body = open(os.path.join(os.path.dirname(__file__), "green.png"), "rb").read()
+
+    response.add_required_headers = False
+    response.writer.write_status(200)
+
+    if 'corp' in request.GET:
+        response.writer.write_header("cross-origin-resource-policy", request.GET['corp'])
+    if 'acao' in request.GET:
+        response.writer.write_header("access-control-allow-origin", request.GET['acao'])
+    response.writer.write_header("content-length", len(body))
+    if(type != None):
+      response.writer.write_header("content-type", type)
+    response.writer.end_headers()
+
+    response.writer.write(body)
+
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/resources/redirect.py b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/redirect.py
new file mode 100644 (file)
index 0000000..73793b0
--- /dev/null
@@ -0,0 +1,6 @@
+def main(request, response):
+    headers = [("Location", request.GET['redirectTo'])]
+    if 'corp' in request.GET:
+        headers.append(('Cross-Origin-Resource-Policy', request.GET['corp']))
+
+    return 302, headers, ""
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/resources/script.py b/LayoutTests/http/wpt/cross-origin-resource-policy/resources/script.py
new file mode 100644 (file)
index 0000000..c9bd6b9
--- /dev/null
@@ -0,0 +1,6 @@
+def main(request, response):
+    headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])]
+    if 'origin' in request.headers:
+        headers.append(('Access-Control-Allow-Origin', request.headers['origin']))
+
+    return 200, headers, ""
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads-expected.txt b/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads-expected.txt
new file mode 100644 (file)
index 0000000..cc29d89
--- /dev/null
@@ -0,0 +1,12 @@
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/script.py?corp=same&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/script.py?corp=same-site&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+
+PASS Same-origin script load with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same' response header. 
+PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header. 
+
diff --git a/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads.html b/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads.html
new file mode 100644 (file)
index 0000000..11a5c20
--- /dev/null
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+</head>
+<body>
+    <div id="testDiv"></div>
+    <script>
+const host = get_host_info();
+const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
+const ok = true;
+const ko = false;
+
+function loadScript(url, shoudLoad, corsMode)
+{
+    promise_test(() => {
+        const script = document.createElement("script");
+        if (corsMode)
+            script.crossOrigin = corsMode;
+        script.src = url;
+        return new Promise((resolve, reject) => {
+            script.onload = shoudLoad ? resolve : reject;
+            script.onerror = shoudLoad ? reject : resolve;
+            testDiv.appendChild(script);
+        });
+    }, title);
+}
+
+title = "Same-origin script load with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadScript("./resources/script.py?corp=same", ok);
+
+title = "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
+loadScript("./resources/script.py?corp=same-site", ok);
+
+title = "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadScript(remoteBaseURL + "resources/script.py?corp=same&acao=*", ok, "anonymous");
+
+title = "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
+loadScript(remoteBaseURL + "resources/script.py?corp=same-site&acao=*", ok, "anonymous");
+
+title = "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same' response header.";
+loadScript(remoteBaseURL + "resources/script.py?corp=same&acao=*", ko);
+
+title = "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
+loadScript(remoteBaseURL + "resources/script.py?corp=same-site&acao=*", ko);
+    </script>
+</body>
+</html>
index 6565033..5a5614f 100644 (file)
@@ -710,8 +710,8 @@ http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subreso
 # Process swapping is only implemented on WebKit2.
 http/tests/navigation/process-swap-window-open.html [ Pass ]
 
-# From-Origin response header is only implemented in WebKit2.
-http/tests/from-origin/ [ Pass ]
+# Cross-Origin-Resource-Policy response header is only implemented in WebKit2.
+http/wpt/cross-origin-resource-policy/ [ Pass ]
 
 ### END OF (5) Progressions, expected successes that are expected failures in WebKit1.
 ########################################
index 1a9071e..9300199 100644 (file)
@@ -1,3 +1,21 @@
+2018-05-25  Youenn Fablet  <youenn@apple.com>
+
+        Migrate From-Origin to Cross-Origin-Resource-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=185840
+
+        Reviewed by Chris Dumez.
+
+        Tests: http/wpt/cross-origin-resource-policy/fetch-in-iframe.html
+               http/wpt/cross-origin-resource-policy/fetch.html
+               http/wpt/cross-origin-resource-policy/iframe-loads.html
+               http/wpt/cross-origin-resource-policy/image-loads.html
+               http/wpt/cross-origin-resource-policy/script-loads.html
+
+        * platform/network/HTTPHeaderNames.in:
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::parseCrossOriginResourcePolicyHeader):
+        * platform/network/HTTPParsers.h:
+
 2018-05-25  Daniel Bates  <dabates@apple.com>
 
         NavigationAction should not hold a strong reference to a Document
index 96ccb79..69a20e2 100644 (file)
@@ -51,13 +51,13 @@ Content-Range
 Cookie
 Cookie2
 Cross-Origin-Options
+Cross-Origin-Resource-Policy
 Date
 DNT
 Default-Style
 ETag
 Expect
 Expires
-From-Origin
 Host
 If-Match
 If-Modified-Since
index 893905f..004d76e 100644 (file)
@@ -897,20 +897,20 @@ String normalizeHTTPMethod(const String& method)
     return method;
 }
 
-FromOriginDisposition parseFromOriginHeader(const String& header)
+CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView header)
 {
     auto strippedHeader = stripLeadingAndTrailingHTTPSpaces(header);
 
     if (strippedHeader.isEmpty())
-        return FromOriginDisposition::None;
+        return CrossOriginResourcePolicy::None;
 
     if (equalLettersIgnoringASCIICase(strippedHeader, "same"))
-        return FromOriginDisposition::Same;
+        return CrossOriginResourcePolicy::Same;
 
     if (equalLettersIgnoringASCIICase(strippedHeader, "same-site"))
-        return FromOriginDisposition::SameSite;
+        return CrossOriginResourcePolicy::SameSite;
 
-    return FromOriginDisposition::Invalid;
+    return CrossOriginResourcePolicy::Invalid;
 }
 
 CrossOriginOptions parseCrossOriginOptionsHeader(StringView header)
index 4bb4a73..bdb1d17 100644 (file)
@@ -64,7 +64,7 @@ enum XFrameOptionsDisposition {
     XFrameOptionsConflict
 };
 
-enum class FromOriginDisposition {
+enum class CrossOriginResourcePolicy {
     None,
     Same,
     SameSite,
@@ -117,7 +117,7 @@ bool isCrossOriginSafeRequestHeader(HTTPHeaderName, const String&);
 
 String normalizeHTTPMethod(const String&);
 
-WEBCORE_EXPORT FromOriginDisposition parseFromOriginHeader(const String&);
+WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView);
 CrossOriginOptions parseCrossOriginOptionsHeader(StringView);
 
 inline bool isHTTPSpace(UChar character)
index 2eeb205..9e8f77f 100644 (file)
@@ -1,3 +1,31 @@
+2018-05-25  Youenn Fablet  <youenn@apple.com>
+
+        Migrate From-Origin to Cross-Origin-Resource-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=185840
+
+        Reviewed by Chris Dumez.
+
+        Do Cross-Origin-Resource-Policy (CORP) checks in NetworkLoadChecker instead of NetworkResourceLoader directly.
+        Make sure CORP only applies to no-cors loads.
+        Remove ancestor checks and only consider the document origin making the load.
+        This means that in case of cross-origin redirection to same-origin, the redirection will be CORP-checked,
+        the final response will not be CORP-checked but will be opaque.
+
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::validateCrossOriginResourcePolicyPolicy):
+        (WebKit::NetworkLoadChecker::validateResponse):
+        * NetworkProcess/NetworkLoadChecker.h:
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::retrieveCacheEntry):
+        (WebKit::NetworkResourceLoader::didReceiveResponse):
+        (WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):
+        (WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
+        (WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):
+        * NetworkProcess/NetworkResourceLoader.h:
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+        Send ancestor information for navigation loads only.
+
 2018-05-25  Daniel Bates  <dabates@apple.com>
 
         NavigationAction should not hold a strong reference to a Document
index fdcf7fe..516e0c7 100644 (file)
@@ -131,6 +131,29 @@ void NetworkLoadChecker::checkRedirection(ResourceResponse& redirectResponse, Re
     checkRequest(WTFMove(request), WTFMove(handler));
 }
 
+bool NetworkLoadChecker::shouldCrossOriginResourcePolicyPolicyCancelLoad(const ResourceResponse& response)
+{
+    if (m_origin->canRequest(response.url()))
+        return false;
+
+    auto policy = parseCrossOriginResourcePolicyHeader(response.httpHeaderField(HTTPHeaderName::CrossOriginResourcePolicy));
+    switch (policy) {
+    case CrossOriginResourcePolicy::None:
+    case CrossOriginResourcePolicy::Invalid:
+        return false;
+    case CrossOriginResourcePolicy::Same:
+        return true;
+    case CrossOriginResourcePolicy::SameSite: {
+#if ENABLE(PUBLIC_SUFFIX_LIST)
+        return m_origin->isUnique() || !registrableDomainsAreEqual(response.url(), ResourceRequest::partitionName(m_origin->host()));
+#else
+        return true;
+#endif
+    }}
+
+    RELEASE_ASSERT_NOT_REACHED();
+}
+
 ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response)
 {
     if (m_redirectCount)
@@ -147,6 +170,8 @@ ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response)
     }
 
     if (m_options.mode == FetchOptions::Mode::NoCors) {
+        if (shouldCrossOriginResourcePolicyPolicyCancelLoad(response))
+            return ResourceError { errorDomainWebKitInternal, 0, m_url, makeString("Cancelled load to ", response.url().stringCenterEllipsizedToLength(), " because it violates the resource's Cross-Origin-Resource-Policy response header."), ResourceError::Type::AccessControl };
         response.setTainting(ResourceResponse::Tainting::Opaque);
         return { };
     }
index 62047d3..ec74892 100644 (file)
@@ -110,6 +110,8 @@ private:
     uint64_t m_webFrameID;
     ResourceLoadIdentifier m_loadIdentifier;
 
+    bool shouldCrossOriginResourcePolicyPolicyCancelLoad(const WebCore::ResourceResponse&);
+
     WebCore::FetchOptions m_options;
     WebCore::StoredCredentialsPolicy m_storedCredentialsPolicy;
     PAL::SessionID m_sessionID;
index e64e7ff..4a9880a 100644 (file)
@@ -361,48 +361,6 @@ void NetworkResourceLoader::abort()
     cleanup(LoadResult::Cancel);
 }
 
-static bool areFrameAncestorsSameSite(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins)
-{
-#if ENABLE(PUBLIC_SUFFIX_LIST)
-    auto responsePartition = ResourceRequest::partitionName(response.url().host().toString());
-    return frameAncestorOrigins.findMatching([&](const auto& item) {
-        return item->isUnique() || ResourceRequest::partitionName(item->host()) != responsePartition;
-    }) == notFound;
-#else
-    UNUSED_PARAM(response);
-    UNUSED_PARAM(frameAncestorOrigins);
-    return false;
-#endif
-}
-
-static bool areFrameAncestorsSameOrigin(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins)
-{
-    return frameAncestorOrigins.findMatching([responseOrigin = SecurityOrigin::create(response.url())](const auto& item) {
-        return !item->isSameOriginAs(responseOrigin);
-    }) == notFound;
-}
-
-static bool shouldCancelCrossOriginLoad(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins)
-{
-    auto fromOriginDirective = WebCore::parseFromOriginHeader(response.httpHeaderField(WebCore::HTTPHeaderName::FromOrigin));
-    switch (fromOriginDirective) {
-    case WebCore::FromOriginDisposition::None:
-    case WebCore::FromOriginDisposition::Invalid:
-        return false;
-    case WebCore::FromOriginDisposition::Same:
-        return !areFrameAncestorsSameOrigin(response, frameAncestorOrigins);
-    case WebCore::FromOriginDisposition::SameSite:
-        return !areFrameAncestorsSameSite(response, frameAncestorOrigins);
-    }
-
-    RELEASE_ASSERT_NOT_REACHED();
-}
-
-static ResourceError fromOriginResourceError(const URL& url)
-{
-    return { errorDomainWebKitInternal, 0, url, ASCIILiteral { "Cancelled load because it violates the resource's From-Origin response header." }, ResourceError::Type::AccessControl };
-}
-
 bool NetworkResourceLoader::shouldInterruptLoadForXFrameOptions(const String& xFrameOptions, const URL& url)
 {
     if (isMainFrameLoad())
@@ -491,21 +449,20 @@ auto NetworkResourceLoader::didReceiveResponse(ResourceResponse&& receivedRespon
     if (m_cacheEntryForValidation)
         return ShouldContinueDidReceiveResponse::Yes;
 
-    ResourceError error;
-    if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(m_response, m_parameters.frameAncestorOrigins))
-        error = fromOriginResourceError(m_response.url());
-    if (error.isNull() && isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(m_response)) {
+    if (isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(m_response)) {
         send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied { });
         return ShouldContinueDidReceiveResponse::No;
     }
-    if (error.isNull() && m_networkLoadChecker)
-        error = m_networkLoadChecker->validateResponse(m_response);
-    if (!error.isNull()) {
-        RunLoop::main().dispatch([protectedThis = makeRef(*this), error = WTFMove(error)] {
-            if (protectedThis->m_networkLoad)
-                protectedThis->didFailLoading(error);
-        });
-        return ShouldContinueDidReceiveResponse::No;
+
+    if (m_networkLoadChecker) {
+        auto error = m_networkLoadChecker->validateResponse(m_response);
+        if (!error.isNull()) {
+            RunLoop::main().dispatch([protectedThis = makeRef(*this), error = WTFMove(error)] {
+                if (protectedThis->m_networkLoad)
+                    protectedThis->didFailLoading(error);
+            });
+            return ShouldContinueDidReceiveResponse::No;
+        }
     }
 
     auto response = sanitizeResponseIfPossible(ResourceResponse { m_response }, ResourceResponse::SanitizationType::CrossOriginSafe);
@@ -662,11 +619,6 @@ void NetworkResourceLoader::continueWillSendRedirectedRequest(ResourceRequest&&
 {
     ASSERT(!isSynchronous());
 
-    if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(redirectResponse, m_parameters.frameAncestorOrigins) && m_networkLoad) {
-        didFailLoading(fromOriginResourceError(redirectResponse.url()));
-        return;
-    }
-
     send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection)));
 }
 
@@ -804,19 +756,16 @@ void NetworkResourceLoader::didRetrieveCacheEntry(std::unique_ptr<NetworkCache::
 {
     auto response = entry->response();
 
-    ResourceError error;
-    if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(response, m_parameters.frameAncestorOrigins))
-        error = fromOriginResourceError(response.url());
-    if (error.isNull() && isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(response)) {
+    if (isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(response)) {
         send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied { });
         return;
     }
-    if (error.isNull() && m_networkLoadChecker)
-        error = m_networkLoadChecker->validateResponse(response);
-
-    if (!error.isNull()) {
-        didFailLoading(error);
-        return;
+    if (m_networkLoadChecker) {
+        auto error = m_networkLoadChecker->validateResponse(response);
+        if (!error.isNull()) {
+            didFailLoading(error);
+            return;
+        }
     }
 
     response = sanitizeResponseIfPossible(WTFMove(response), ResourceResponse::SanitizationType::CrossOriginSafe);
index dd1deea..7ea9604 100644 (file)
@@ -329,10 +329,12 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL
 
     loadParameters.shouldEnableFromOriginResponseHeader = RuntimeEnabledFeatures::sharedFeatures().fromOriginResponseHeaderEnabled() && !loadParameters.isMainFrameNavigation;
 
-    Vector<RefPtr<SecurityOrigin>> frameAncestorOrigins;
-    for (auto* frame = resourceLoader.frame(); frame; frame = frame->tree().parent())
-        frameAncestorOrigins.append(makeRefPtr(frame->document()->securityOrigin()));
-    loadParameters.frameAncestorOrigins = WTFMove(frameAncestorOrigins);
+    if (resourceLoader.options().mode == FetchOptions::Mode::Navigate) {
+        Vector<RefPtr<SecurityOrigin>> frameAncestorOrigins;
+        for (auto* frame = resourceLoader.frame(); frame; frame = frame->tree().parent())
+            frameAncestorOrigins.append(makeRefPtr(frame->document()->securityOrigin()));
+        loadParameters.frameAncestorOrigins = WTFMove(frameAncestorOrigins);
+    }
 
     ASSERT((loadParameters.webPageID && loadParameters.webFrameID) || loadParameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials);
 
index 9454e58..c40b565 100644 (file)
@@ -32,27 +32,27 @@ using namespace WebCore;
 
 namespace TestWebKitAPI {
 
-TEST(HTTPParsers, ParseFromOriginHeader)
+TEST(HTTPParsers, ParseCrossOriginResourcePolicyHeader)
 {
-    EXPECT_TRUE(parseFromOriginHeader("") == FromOriginDisposition::None);
-    EXPECT_TRUE(parseFromOriginHeader(" ") == FromOriginDisposition::None);
-
-    EXPECT_TRUE(parseFromOriginHeader("same") == FromOriginDisposition::Same);
-    EXPECT_TRUE(parseFromOriginHeader("Same") == FromOriginDisposition::Same);
-    EXPECT_TRUE(parseFromOriginHeader("SAME") == FromOriginDisposition::Same);
-    EXPECT_TRUE(parseFromOriginHeader(" same ") == FromOriginDisposition::Same);
-
-    EXPECT_TRUE(parseFromOriginHeader("same-site") == FromOriginDisposition::SameSite);
-    EXPECT_TRUE(parseFromOriginHeader("Same-Site") == FromOriginDisposition::SameSite);
-    EXPECT_TRUE(parseFromOriginHeader("SAME-SITE") == FromOriginDisposition::SameSite);
-    EXPECT_TRUE(parseFromOriginHeader(" same-site ") == FromOriginDisposition::SameSite);
-
-    EXPECT_TRUE(parseFromOriginHeader("zame") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("samesite") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("same site") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("same–site") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("SAMESITE") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("") == FromOriginDisposition::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("") == CrossOriginResourcePolicy::None);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" ") == CrossOriginResourcePolicy::None);
+
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same") == CrossOriginResourcePolicy::Same);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same") == CrossOriginResourcePolicy::Same);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME") == CrossOriginResourcePolicy::Same);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same ") == CrossOriginResourcePolicy::Same);
+
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same-site") == CrossOriginResourcePolicy::SameSite);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Site") == CrossOriginResourcePolicy::SameSite);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-SITE") == CrossOriginResourcePolicy::SameSite);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-site ") == CrossOriginResourcePolicy::SameSite);
+
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("zame") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("samesite") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same site") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same–site") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAMESITE") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("") == CrossOriginResourcePolicy::Invalid);
 }
 
 } // namespace TestWebKitAPI