From 31083cb05acf22224900d25679028a120225f0de Mon Sep 17 00:00:00 2001
From: Valentin Gosu <valentin.gosu@gmail.com>
Date: Wed, 14 Nov 2018 19:11:02 +0000
Subject: [PATCH] Bug 1495313 - Fix xhr/fetch tests to allow passwords with no
 username in URLs r=baku

Differential Revision: https://phabricator.services.mozilla.com/D11255

--HG--
extra : moz-landing-system : lando
---
 dom/security/test/cors/file_CrossSiteXHR_inner.html | 2 +-
 dom/security/test/cors/test_CrossSiteXHR.html       | 6 ++----
 dom/tests/mochitest/fetch/test_fetch_cors.js        | 4 +---
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/dom/security/test/cors/file_CrossSiteXHR_inner.html b/dom/security/test/cors/file_CrossSiteXHR_inner.html
index e951e39c9fc1..ae3b58b04a0b 100644
--- a/dom/security/test/cors/file_CrossSiteXHR_inner.html
+++ b/dom/security/test/cors/file_CrossSiteXHR_inner.html
@@ -88,7 +88,7 @@ window.addEventListener("message", function(e) {
   try {
     xhr.open(req.method, req.url, true,
              ("username" in req) ? req.username : "",
-             ("password" in req) ? req.password : "aa");
+             ("password" in req) ? req.password : "");
   } catch (ex) {
     res.didFail = true;
     post(e, res);
diff --git a/dom/security/test/cors/test_CrossSiteXHR.html b/dom/security/test/cors/test_CrossSiteXHR.html
index 6d5da04365b8..04de9983de29 100644
--- a/dom/security/test/cors/test_CrossSiteXHR.html
+++ b/dom/security/test/cors/test_CrossSiteXHR.html
@@ -83,9 +83,7 @@ function* runTest() {
                },
 
                // nonempty password
-               // XXXbz this passes for now, because we ignore passwords
-               // without usernames in most cases.
-               { pass: 1,
+               { pass: 0,
                  method: "GET",
                  noAllowPreflight: 1,
                  password: "password",
@@ -762,7 +760,7 @@ function* runTest() {
       is(res.responseText, "",
          "wrong responseText in test for " + test.toSource());
       if (!res.sendThrew) {
-        if (test.username) {
+        if (test.username || test.password) {
           is(res.events.join(","),
              "opening,rs1,sending,loadstart,rs4,error,loadend",
              "wrong events in test for " + test.toSource());
diff --git a/dom/tests/mochitest/fetch/test_fetch_cors.js b/dom/tests/mochitest/fetch/test_fetch_cors.js
index 62f904a98046..a79f5dee97d5 100644
--- a/dom/tests/mochitest/fetch/test_fetch_cors.js
+++ b/dom/tests/mochitest/fetch/test_fetch_cors.js
@@ -180,9 +180,7 @@ function testModeCors() {
                },
 
                // nonempty password
-               // XXXbz this passes for now, because we ignore passwords
-               // without usernames in most cases.
-               { pass: 1,
+               { pass: 0,
                  method: "GET",
                  noAllowPreflight: 1,
                  password: "password",