DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (2aa33873a0c7)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Resource Timing TAO - "Null" and opaque origin</title>
<link rel="author" title="Google" href="http://www.google.com/" />
<link rel="help" href="https://www.w3.org/TR/resource-timing-2/#timing-allow-origin"/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>

const t = async_test("Test case-insensitive null TAO value with opaque origins");
window.addEventListener("message", t.step_func_done(e=>{
    assert_equals(e.data, "PASS");
}));
</script>
</head>
<body>
<h1>Description</h1>
<p>This test validates that for a cross origin resource, the timing allow check algorithm will fail when the value of Timing-Allow-Origin is a case-insensitive match to null and the origin is an opaque origin.</p>
<div id="log"></div>
<iframe id="frameContext"></iframe>
<script>
let frame_content = "data:text/html;utf8,<body>" +
                    "<script>" +
                    "const url = '{{location[scheme]}}://{{host}}:{{ports[http][1]}}/resource-timing/resources/TAOResponse.py?tao=Null';" +
                    "const observe = (list, observer) => {" +
                    "  const entry = list.getEntries()[0];" +
                    "  const sum = entry.redirectStart + entry.redirectEnd + entry.domainLookupStart + entry.domainLookupEnd + entry.connectStart +" +
                    "              entry.connectEnd + entry.secureConnectionStart + entry.requestStart + entry.responseStart + entry.transferSize +" +
                    "              entry.encodedBodySize + entry.decodedBodySize;" +
                    "  const result = sum == 0 ? 'PASS' : 'FAIL';" +
                    "  window.parent.postMessage(result, '*');" +
                    "};" +
                    "let observer = new PerformanceObserver(observe);" +
                    "observer.observe({ entryTypes: ['resource'] });" +
                    "fetch(url).then(r => r.text());" +
                    "</" + "script></body>";
document.getElementById("frameContext").src = frame_content;
</script>
</body>
</html>