Bug 1495313 - Fix xhr/fetch tests to allow passwords with no username in URLs r=baku

Differential Revision: https://phabricator.services.mozilla.com/D11255

--HG--
extra : moz-landing-system : lando

dom/security/test/cors/file_CrossSiteXHR_inner.html

@@ -88,7 +88,7 @@ window.addEventListener("message", function(e) {
   try {
     xhr.open(req.method, req.url, true,
              ("username" in req) ? req.username : "",
-             ("password" in req) ? req.password : "aa");
+             ("password" in req) ? req.password : "");
   } catch (ex) {
     res.didFail = true;
     post(e, res);

dom/security/test/cors/test_CrossSiteXHR.html

@@ -83,9 +83,7 @@ function* runTest() {
                },
 
                // nonempty password
-               // XXXbz this passes for now, because we ignore passwords
-               // without usernames in most cases.
-               { pass: 1,
+               { pass: 0,
                  method: "GET",
                  noAllowPreflight: 1,
                  password: "password",
@@ -762,7 +760,7 @@ function* runTest() {
       is(res.responseText, "",
          "wrong responseText in test for " + test.toSource());
       if (!res.sendThrew) {
-        if (test.username) {
+        if (test.username || test.password) {
           is(res.events.join(","),
              "opening,rs1,sending,loadstart,rs4,error,loadend",
              "wrong events in test for " + test.toSource());

dom/tests/mochitest/fetch/test_fetch_cors.js

@@ -180,9 +180,7 @@ function testModeCors() {
                },
 
                // nonempty password
-               // XXXbz this passes for now, because we ignore passwords
-               // without usernames in most cases.
-               { pass: 1,
+               { pass: 0,
                  method: "GET",
                  noAllowPreflight: 1,
                  password: "password",