49 lines
1.8 KiB
JavaScript
49 lines
1.8 KiB
JavaScript
// META: script=resources/util.js
|
|
|
|
async_test((t) => {
|
|
// This test requires a navigation with a non-safe (i.e. non-GET) HTTP
|
|
// response, which the Critical-CH spec says to ignore. The most
|
|
// "straight-forward" way to do this in JS is by making a form with an
|
|
// unsafe method (e.g. POST) method and submit it.
|
|
|
|
// Build the form DOM element
|
|
var form = document.createElement("form");
|
|
form.setAttribute("method", "post");
|
|
form.setAttribute("action", ECHO_URL);
|
|
form.setAttribute("target", "popup"); //don't navigate away from the page running the test...
|
|
document.body.appendChild(form);
|
|
|
|
window.addEventListener('message', (e) => {
|
|
t.step(()=>{assert_equals(e.data, "FAIL")});
|
|
t.done();
|
|
});
|
|
|
|
var popup_window = window.open("/common/blank.html", "popup");
|
|
assert_not_equals(popup_window, null, "Popup windows not allowed?");
|
|
|
|
form.submit();
|
|
}, "Critical-CH unsafe method")
|
|
|
|
async_test((t) => {
|
|
// This test requires a navigation with a non-safe (i.e. non-GET) HTTP
|
|
// response, which the Critical-CH spec says to ignore. The most
|
|
// "straight-forward" way to do this in JS is by making a form with an
|
|
// unsafe method (e.g. POST) method and submit it.
|
|
|
|
// Build the form DOM element
|
|
var form = document.createElement("form");
|
|
form.setAttribute("method", "post");
|
|
form.setAttribute("action", ECHO_URL+"?multiple=true");
|
|
form.setAttribute("target", "popup"); //don't navigate away from the page running the test...
|
|
document.body.appendChild(form);
|
|
|
|
window.addEventListener('message', (e) => {
|
|
t.step(()=>{assert_equals(e.data, "FAIL")});
|
|
t.done();
|
|
});
|
|
|
|
var popup_window = window.open("/common/blank.html", "popup");
|
|
assert_not_equals(popup_window, null, "Popup windows not allowed?");
|
|
|
|
form.submit();
|
|
}, "Critical-CH w/ multiple headers and unsafe method")
|