1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
content / test / data / cross_site_document_blocking / request.html [blame]
<html>
<head>
</head>
<body>
<p>This test does cross-site XHR fetches of documents with the Same Origin
Policy turned off in the renderer. The Same Origin Policy can be circumvented
when the renderer is compromised, but site isolation ought to block cross-site
documents at the IPC layer.</p>
<p>We only block cross-site documents with a blocklisted mime type (text/html,
text/xml, application/json), that are correctly sniffed as the content type that
they claim to be. We also block text/plain documents when their body looks like
one of the blocklisted content types.</p>
<script>
// To be called from the browsertest via EvalJs().
// |rangeHeader| is an optional parameter for specifying a range request header
// value (e.g., "bytes=10-20").
function sendRequest(resourceUrl, rangeHeader) {
var xhr = new XMLHttpRequest();
return new Promise(resolve => {
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
// When a document is blocked, it will appear as the empty string.
var wasBlocked = xhr.responseText == "";
document.getElementById("response_body").value +=
("\n" + "response to " + resourceUrl + "(" +
xhr.getResponseHeader("content-type") + ") " +
(wasBlocked ? "blocked" : "not-blocked"));
resolve(wasBlocked);
}
}
xhr.open('GET', resourceUrl);
if (rangeHeader) {
xhr.setRequestHeader("Range", rangeHeader);
}
xhr.send();
});
}
</script>
<textarea rows=20 cols=50 id='response_body'></textarea>
</body>
</html>