Revision 03b7db51f21ce2a157454020bb46301b825152a5 authored by Alex Moshchuk on 13 April 2018, 23:12:06 UTC, committed by Chromium WPT Sync on 13 April 2018, 23:12:06 UTC
Changes from first reland attempt at https://crrev.com/c/1011287:
- fix an additional source of flakiness in ChromeOS login tests
Changes from original attempt at https://crrev.com/c/999182:
- fix flakiness in two additional ChromeOS login tests
- fix CSP WPT tests to not depend on ordering between iframe's onload
and postMessage - see https://crbug.com/832319.
Previously, we sent the IPC to forward a cross-process postMessage
immediately. This caused a behavioral difference from the
same-process case where the postMessage is always scheduled. Namely,
in a scenario like this:
frame.postMessage(...);
doSomethingThatSendsIPCsToFrame(frame);
the IPCs from JS following the postMessage would've been ordered
incorrectly, causing |frame| to see their side effects after the
postMessage dispatch in the cross-process case, whereas they would be
seen before the postMessage dispatch in the same-process case. One
example of this is frame.focus(), and another is a frame element
onload event (dispatched via FrameHostMsg_DispatchLoad) arriving after
a postMessage dispatched from an inline script while the frame was
still loading.
To resolve these ordering concerns, this CL changes cross-process
postMessage to do a PostTask on the sender side before sending the
message to the browser process. This improves the current state of
the world, but does not yet achieve a perfect match for the IPC
ordering in the same-process case - see discussion on the bug.
Bug: 828529
Tbr: dcheng@chromium.org
Change-Id: If2cc6591db31471adff0d84ec0b689905e21cdf1
Reviewed-on: https://chromium-review.googlesource.com/999182
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#550284}
Reviewed-on: https://chromium-review.googlesource.com/1011287
Cr-Original-Commit-Position: refs/heads/master@{#550621}
Reviewed-on: https://chromium-review.googlesource.com/1012472
Cr-Commit-Position: refs/heads/master@{#550769}
1 parent ae86013
credentials-flag.htm
<!DOCTYPE html>
<title>CORS - Access-Control-Allow-Credentials</title>
<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>
<h1>CORS - Access-Control-Allow-Credentials</h1>
<div id=log></div>
<script>
var url = CROSSDOMAIN + 'resources/cors-cookie.py?ident='
/*
* widthCredentials
*/
// XXX Do some https tests here as well
test(function () {
var client = new XMLHttpRequest()
client.open('GET', CROSSDOMAIN, false)
client.withCredentials = true;
}, 'Setting withCredentials on a sync XHR object should not throw')
async_test(function () {
var id = new Date().getTime() + '_1',
client = new XMLHttpRequest()
client.open("GET", url + id, true)
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE")
client.open("GET", url + id, true)
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE")
this.done()
})
client.send(null)
})
client.send(null)
}, "Don't send cookie by default");
async_test(function () {
var id = new Date().getTime() + '_2',
client = new XMLHttpRequest()
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "No cookie in initial request");
/* We have cookie, but the browser shouldn't send */
client.open("GET", url + id, true)
client.withCredentials = false
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "No cookie after withCredentials=false sync request")
/* Reads and deletes the cookie */
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "COOKIE", "Cookie sent in withCredentials=true sync request")
this.done()
})
client.send(null)
})
client.send(null)
})
client.send(null)
}, "Don't send cookie part 2");
async_test(function () {
var id = new Date().getTime() + '_3',
client = new XMLHttpRequest()
/* Shouldn't set the response cookie */
client.open("GET", url + id, true)
client.withCredentials = false
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "first");
/* Sets the cookie */
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "second")
/* Reads and deletes the cookie */
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "COOKIE", "third")
this.done()
})
client.send(null)
})
client.send(null)
})
client.send(null)
}, "Don't obey Set-Cookie when withCredentials=false");
function test_response_header(allow) {
var resp_test = async_test('Access-Control-Allow-Credentials: ' + allow + ' should be disallowed (async)')
resp_test.step(function() {
var client = new XMLHttpRequest()
client.open('GET',
CROSSDOMAIN + 'resources/cors-makeheader.py?credentials=' + allow,
true)
client.withCredentials = true;
client.onload = resp_test.step_func(function() {
assert_unreached("onload")
})
client.onerror = resp_test.step_func(function () {
assert_equals(client.readyState, client.DONE, 'readyState')
resp_test.done()
})
client.send()
})
}
test_response_header('TRUE')
test_response_header('True')
test_response_header('"true"')
test_response_header('false')
test_response_header('1')
test_response_header('0')
</script>
Computing file changes ...
