chromium/src/third_party/blink/web_tests/external/wpt/web-bundle/subresource-loading/subresource-loading-cors-error.https.tentative.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <title>Cross origin WebBundle subresource loading (error case)</title>
 <link
   rel="help"
   href="https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md"
 />
 <link
   rel="help"
   href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute"
 />
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="../resources/test-helpers.js"></script>
 <body>
   <!--
        This wpt should run on an origin different from https://www1.web-platform.test:8444/,
        from where cross-orign WebBundles are served.

        This test uses a cross-origin WebBundle,
        https://www1.web-platform.test:8444/web-bundle/resources/wbn/no-cors/cross-origin.wbn,
        which is served *without* an Access-Control-Allow-Origin response header.

        `cross-origin.wbn` includes two subresources:
        a. `resource.cors.js`, which includes an Access-Control-Allow-Origin response header.
        b. `resource.no-cors.js`, which doesn't include an Access-Control-Allow-Origin response header.
   -->
   <script>
     promise_test(async () => {
       const prefix =
         "https://www1.web-platform.test:8444/web-bundle/resources/wbn/no-cors/";
       const resources = [
         prefix + "resource.cors.js",
         prefix + "resource.no-cors.js",
       ];
       for (const crossorigin_attribute_value of [
         undefined,   // crossorigin attribute is not set
         "anonymous",
         "use-credential",
       ]) {
         const link = await addLinkAndWaitForError(
           prefix + "cross-origin.wbn",
           resources,
           crossorigin_attribute_value
         );

         // A subresource in the bundle can not be used in any case.
         for (const resource of resources) {
           await fetchAndWaitForReject(resource);
           await addScriptAndWaitForError(resource);
         }
         link.remove();
       }
     }, "Use CORS if crossorigin=anonymous or crossorigin=use-credential is specified. A cross origin bundle must not be loaded unless a server returns a valid Access-Control-Allow-Origin header.");
   </script>
 </body>
	<!DOCTYPE html>
	<title>Cross origin WebBundle subresource loading (error case)</title>
	<link
	rel="help"
	href="https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md"
	/>
	<link
	rel="help"
	href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute"
	/>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="../resources/test-helpers.js"></script>
	<body>
	<!--
	This wpt should run on an origin different from https://www1.web-platform.test:8444/,
	from where cross-orign WebBundles are served.

	This test uses a cross-origin WebBundle,
	https://www1.web-platform.test:8444/web-bundle/resources/wbn/no-cors/cross-origin.wbn,
	which is served without an Access-Control-Allow-Origin response header.

	`cross-origin.wbn` includes two subresources:
	a. `resource.cors.js`, which includes an Access-Control-Allow-Origin response header.
	b. `resource.no-cors.js`, which doesn't include an Access-Control-Allow-Origin response header.
	-->
	<script>
	promise_test(async () => {
	const prefix =
	"https://www1.web-platform.test:8444/web-bundle/resources/wbn/no-cors/";
	const resources = [
	prefix + "resource.cors.js",
	prefix + "resource.no-cors.js",
	];
	for (const crossorigin_attribute_value of [
	undefined, // crossorigin attribute is not set
	"anonymous",
	"use-credential",
	]) {
	const link = await addLinkAndWaitForError(
	prefix + "cross-origin.wbn",
	resources,
	crossorigin_attribute_value
	);

	// A subresource in the bundle can not be used in any case.
	for (const resource of resources) {
	await fetchAndWaitForReject(resource);
	await addScriptAndWaitForError(resource);
	}
	link.remove();
	}
	}, "Use CORS if crossorigin=anonymous or crossorigin=use-credential is specified. A cross origin bundle must not be loaded unless a server returns a valid Access-Control-Allow-Origin header.");
	</script>
	</body>