Revision 03b7db51f21ce2a157454020bb46301b825152a5 authored by Alex Moshchuk on 13 April 2018, 23:12:06 UTC, committed by Chromium WPT Sync on 13 April 2018, 23:12:06 UTC
Changes from first reland attempt at https://crrev.com/c/1011287:
- fix an additional source of flakiness in ChromeOS login tests

Changes from original attempt at https://crrev.com/c/999182:
- fix flakiness in two additional ChromeOS login tests
- fix CSP WPT tests to not depend on ordering between iframe's onload
  and postMessage - see https://crbug.com/832319.

Previously, we sent the IPC to forward a cross-process postMessage
immediately.  This caused a behavioral difference from the
same-process case where the postMessage is always scheduled.  Namely,
in a scenario like this:

  frame.postMessage(...);
  doSomethingThatSendsIPCsToFrame(frame);

the IPCs from JS following the postMessage would've been ordered
incorrectly, causing |frame| to see their side effects after the
postMessage dispatch in the cross-process case, whereas they would be
seen before the postMessage dispatch in the same-process case.  One
example of this is frame.focus(), and another is a frame element
onload event (dispatched via FrameHostMsg_DispatchLoad) arriving after
a postMessage dispatched from an inline script while the frame was
still loading.

To resolve these ordering concerns, this CL changes cross-process
postMessage to do a PostTask on the sender side before sending the
message to the browser process.  This improves the current state of
the world, but does not yet achieve a perfect match for the IPC
ordering in the same-process case - see discussion on the bug.

Bug: 828529
Tbr: dcheng@chromium.org
Change-Id: If2cc6591db31471adff0d84ec0b689905e21cdf1
Reviewed-on: https://chromium-review.googlesource.com/999182
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#550284}
Reviewed-on: https://chromium-review.googlesource.com/1011287
Cr-Original-Commit-Position: refs/heads/master@{#550621}
Reviewed-on: https://chromium-review.googlesource.com/1012472
Cr-Commit-Position: refs/heads/master@{#550769}
1 parent ae86013
Raw File
304.htm
<!DOCTYPE html>
<meta charset=utf-8>
<title>CORS - 304 Responses</title>
<meta name=author title="Mark Nottingham" href="mailto:mnot@mnot.net">

<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>

<h1>CORS - 304 Responses</h1>
<div id=log></div>
<script>


/*
 * 304 Responses
 */

// A header used to correlate requests and responses
var state_header = "content-language"

/* Make a request; call ready(client) when done */
function req(url, id, t, ready) {
  var client = new XMLHttpRequest()
  client.open('GET', url, true)
  client.setRequestHeader(state_header, id)
  client.send()
  client.onreadystatechange = function() {
    if (client.readyState == client.DONE) {
      t.step(function() {
        assert_true(client.status != 299, "req " + id + " server says: " + client.responseText)
      })
      ready(client)
    }
  }
  return client
}

/*
 * Make two requests to test cache behaviour.
 * The second is made after the first is done and a delay, to make sure it gets into cache.
 */
function two_reqs(id1, id2, should_have_same_body, t, done) {
  var rand = Date.now()
  var url = CROSSDOMAIN + 'resources/304.py?id=' + id1 + '&r=%s' + rand

  var client1 = req(url, id1, t, function(client1) {
    t.step(function() {
      assert_equals(client1.response, "Success", "didn't get successful 1st response;")
      assert_equals(client1.getResponseHeader(state_header), id1, "1st response didn't come from server;")
    })

    t.step_timeout(function() {
      req(url, id2, t, function(client2) {
        t.step(function() {
          if (should_have_same_body) {
            assert_equals(client1.response, client2.response, "response bodies were different;")
//            var res_id2 = client2.getResponseHeader(state_header)
//            assert_not_equals(res_id2, id1, "2nd response doesn't appear to have updated cached headers;")
//            assert_not_equals(res_id2, null, "2nd response didn't expose request identifier;")
//            assert_equals(res_id2, id2, "2nd response is associated with a different request (!);")
          }
          done(client1, client2)
        })
        t.done()
      })
    }, 5000)
  })
}

async_test(function(t) {
  two_reqs('1', '2', true, t, function(client1, client2) {
    assert_equals(client1.getResponseHeader("A"), null, "'A' header exposed without permission;")
  })
}, "A 304 response with no CORS headers inherits from the stored response")

async_test(function(t) {
  two_reqs('3', '4', true, t, function(client1, client2) {
    assert_equals(client2.getResponseHeader("A"), "4", "304 didn't expose 'A' header, even though allowed;")
    assert_equals(client2.getResponseHeader("B"), "4", "304 didn't expose 'B' header even though allowed;")
  })
}, "A 304 can expand Access-Control-Expose-Headers")

async_test(function(t) {
  two_reqs('5', '6', true, t, function(client1, client2) {
    assert_equals(client2.getResponseHeader("B"), null, "2nd 304 exposed 'B' header;")
  })
}, "A 304 can contract Access-Control-Expose-Headers")

async_test(function(t) {
  two_reqs('7', '8', false, t, function(client1, client2) {
    assert_not_equals(client1.response, client2.response, "Access granted even though 304 updated it to disallow;")
  })
}, "A 304 can change Access-Control-Allow-Origin")


</script>
back to top