chromium/src/third_party/blink/web_tests/external/wpt/fetch/api/cors/data-url-iframe.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <body></body>
 <script>

 const createDataUrlIframe = (url, cors) => {
   const iframe = document.createElement("iframe");
   const fetchURL = new URL(url, location.href) +
       `${cors === 'null-origin'
            ? '?pipe=header(Access-Control-Allow-Origin, null)' : ''}`;
   const tag_name = 'script';
   iframe.src =
       `data:text/html, <${tag_name}>` +
       `async function test() {` +
       `  let allowed = true;` +
       `  try {` +
       `    await fetch('${fetchURL}');` +
       `  } catch (e) {` +
       `    allowed = false;` +
       `  }` +
       `  parent.postMessage({allowed}, '*');` +
       `}` +
       `test(); </${tag_name}>`;
   return iframe;
 };

 const fetch_from_data_url_iframe_test =
     (url, cors, expectation, description) => {
   promise_test(async () => {
     const iframe = createDataUrlIframe(url, cors);
     document.body.appendChild(iframe);
     const msgEvent = await new Promise(resolve => window.onmessage = resolve);
     assert_equals(msgEvent.data.allowed ? 'allowed' : 'rejected', expectation);
   }, description);
 };

 fetch_from_data_url_iframe_test(
   '../resources/top.txt',
   'acao-omitted',
   'rejected',
   'fetching "top.txt" without ACAO should be rejected.'
 );
 fetch_from_data_url_iframe_test(
   '../resources/top.txt',
   'null-origin',
   'allowed',
   'fetching "top.txt" with CORS allowing null origin should be allowed.'
 );
 fetch_from_data_url_iframe_test(
   'data:text/plain, top',
   'acao-omitted',
   'allowed',
   'fetching data url script should be allowed.'
 );

 </script>
	<!DOCTYPE html>
	<html>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<body></body>
	<script>

	const createDataUrlIframe = (url, cors) => {
	const iframe = document.createElement("iframe");
	const fetchURL = new URL(url, location.href) +
	`${cors === 'null-origin'
	? '?pipe=header(Access-Control-Allow-Origin, null)' : ''}`;
	const tag_name = 'script';
	iframe.src =
	`data:text/html, <${tag_name}>` +
	`async function test() {` +
	` let allowed = true;` +
	` try {` +
	` await fetch('${fetchURL}');` +
	` } catch (e) {` +
	` allowed = false;` +
	` }` +
	` parent.postMessage({allowed}, '*');` +
	`}` +
	`test(); </${tag_name}>`;
	return iframe;
	};

	const fetch_from_data_url_iframe_test =
	(url, cors, expectation, description) => {
	promise_test(async () => {
	const iframe = createDataUrlIframe(url, cors);
	document.body.appendChild(iframe);
	const msgEvent = await new Promise(resolve => window.onmessage = resolve);
	assert_equals(msgEvent.data.allowed ? 'allowed' : 'rejected', expectation);
	}, description);
	};

	fetch_from_data_url_iframe_test(
	'../resources/top.txt',
	'acao-omitted',
	'rejected',
	'fetching "top.txt" without ACAO should be rejected.'
	);
	fetch_from_data_url_iframe_test(
	'../resources/top.txt',
	'null-origin',
	'allowed',
	'fetching "top.txt" with CORS allowing null origin should be allowed.'
	);
	fetch_from_data_url_iframe_test(
	'data:text/plain, top',
	'acao-omitted',
	'allowed',
	'fetching data url script should be allowed.'
	);

	</script>