mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-19 08:15:31 +00:00
796be0697d
CLOSED TREE Backed out changeset 73d0f6b58639 (bug 1117650) Backed out changeset 646b7dddf7c5 (bug 1117650) Backed out changeset eed379ade07e (bug 1117650) --HG-- rename : dom/security/test/TestCSPParser.cpp => dom/base/test/TestCSPParser.cpp rename : dom/security/test/csp/chrome.ini => dom/base/test/csp/chrome.ini rename : dom/security/test/csp/file_CSP.css => dom/base/test/csp/file_CSP.css rename : dom/security/test/csp/file_CSP.sjs => dom/base/test/csp/file_CSP.sjs rename : dom/security/test/csp/file_bug663567.xsl => dom/base/test/csp/file_CSP_bug663567.xsl rename : dom/security/test/csp/file_bug663567_allows.xml => dom/base/test/csp/file_CSP_bug663567_allows.xml rename : dom/security/test/csp/file_bug663567_allows.xml^headers^ => dom/base/test/csp/file_CSP_bug663567_allows.xml^headers^ rename : dom/security/test/csp/file_bug663567_blocks.xml => dom/base/test/csp/file_CSP_bug663567_blocks.xml rename : dom/security/test/csp/file_bug663567_blocks.xml^headers^ => dom/base/test/csp/file_CSP_bug663567_blocks.xml^headers^ rename : dom/security/test/csp/file_bug802872.html => dom/base/test/csp/file_CSP_bug802872.html rename : dom/security/test/csp/file_bug802872.html^headers^ => dom/base/test/csp/file_CSP_bug802872.html^headers^ rename : dom/security/test/csp/file_bug802872.js => dom/base/test/csp/file_CSP_bug802872.js rename : dom/security/test/csp/file_bug802872.sjs => dom/base/test/csp/file_CSP_bug802872.sjs rename : dom/security/test/csp/file_bug885433_allows.html => dom/base/test/csp/file_CSP_bug885433_allows.html rename : dom/security/test/csp/file_bug885433_allows.html^headers^ => dom/base/test/csp/file_CSP_bug885433_allows.html^headers^ rename : dom/security/test/csp/file_bug885433_blocks.html => dom/base/test/csp/file_CSP_bug885433_blocks.html rename : dom/security/test/csp/file_bug885433_blocks.html^headers^ => dom/base/test/csp/file_CSP_bug885433_blocks.html^headers^ rename : dom/security/test/csp/file_bug888172.html => dom/base/test/csp/file_CSP_bug888172.html rename : dom/security/test/csp/file_bug888172.sjs => dom/base/test/csp/file_CSP_bug888172.sjs rename : dom/security/test/csp/file_bug909029_none.html => dom/base/test/csp/file_CSP_bug909029_none.html rename : dom/security/test/csp/file_bug909029_none.html^headers^ => dom/base/test/csp/file_CSP_bug909029_none.html^headers^ rename : dom/security/test/csp/file_bug909029_star.html => dom/base/test/csp/file_CSP_bug909029_star.html rename : dom/security/test/csp/file_bug909029_star.html^headers^ => dom/base/test/csp/file_CSP_bug909029_star.html^headers^ rename : dom/security/test/csp/file_bug910139.sjs => dom/base/test/csp/file_CSP_bug910139.sjs rename : dom/security/test/csp/file_bug910139.xml => dom/base/test/csp/file_CSP_bug910139.xml rename : dom/security/test/csp/file_bug910139.xsl => dom/base/test/csp/file_CSP_bug910139.xsl rename : dom/security/test/csp/file_bug941404.html => dom/base/test/csp/file_CSP_bug941404.html rename : dom/security/test/csp/file_bug941404_xhr.html => dom/base/test/csp/file_CSP_bug941404_xhr.html rename : dom/security/test/csp/file_bug941404_xhr.html^headers^ => dom/base/test/csp/file_CSP_bug941404_xhr.html^headers^ rename : dom/security/test/csp/file_evalscript_main.html => dom/base/test/csp/file_CSP_evalscript_main.html rename : dom/security/test/csp/file_evalscript_main.html^headers^ => dom/base/test/csp/file_CSP_evalscript_main.html^headers^ rename : dom/security/test/csp/file_evalscript_main.js => dom/base/test/csp/file_CSP_evalscript_main.js rename : dom/security/test/csp/file_evalscript_main_allowed.html => dom/base/test/csp/file_CSP_evalscript_main_allowed.html rename : dom/security/test/csp/file_evalscript_main_allowed.html^headers^ => dom/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^ rename : dom/security/test/csp/file_evalscript_main_allowed.js => dom/base/test/csp/file_CSP_evalscript_main_allowed.js rename : dom/security/test/csp/file_frameancestors.sjs => dom/base/test/csp/file_CSP_frameancestors.sjs rename : dom/security/test/csp/file_frameancestors_main.html => dom/base/test/csp/file_CSP_frameancestors_main.html rename : dom/security/test/csp/file_frameancestors_main.js => dom/base/test/csp/file_CSP_frameancestors_main.js rename : dom/security/test/csp/file_inlinescript_main.html => dom/base/test/csp/file_CSP_inlinescript_main.html rename : dom/security/test/csp/file_inlinescript_main.html^headers^ => dom/base/test/csp/file_CSP_inlinescript_main.html^headers^ rename : dom/security/test/csp/file_inlinescript_main_allowed.html => dom/base/test/csp/file_CSP_inlinescript_main_allowed.html rename : dom/security/test/csp/file_inlinescript_main_allowed.html^headers^ => dom/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^ rename : dom/security/test/csp/file_inlinestyle_main.html => dom/base/test/csp/file_CSP_inlinestyle_main.html rename : dom/security/test/csp/file_inlinestyle_main.html^headers^ => dom/base/test/csp/file_CSP_inlinestyle_main.html^headers^ rename : dom/security/test/csp/file_inlinestyle_main_allowed.html => dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html rename : dom/security/test/csp/file_inlinestyle_main_allowed.html^headers^ => dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^ rename : dom/security/test/csp/file_main.html => dom/base/test/csp/file_CSP_main.html rename : dom/security/test/csp/file_main.html^headers^ => dom/base/test/csp/file_CSP_main.html^headers^ rename : dom/security/test/csp/file_main.js => dom/base/test/csp/file_CSP_main.js rename : dom/security/test/csp/file_base-uri.html => dom/base/test/csp/file_base-uri.html rename : dom/security/test/csp/file_bug836922_npolicies.html => dom/base/test/csp/file_bug836922_npolicies.html rename : dom/security/test/csp/file_bug836922_npolicies.html^headers^ => dom/base/test/csp/file_bug836922_npolicies.html^headers^ rename : dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs => dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs rename : dom/security/test/csp/file_bug836922_npolicies_violation.sjs => dom/base/test/csp/file_bug836922_npolicies_violation.sjs rename : dom/security/test/csp/file_bug886164.html => dom/base/test/csp/file_bug886164.html rename : dom/security/test/csp/file_bug886164.html^headers^ => dom/base/test/csp/file_bug886164.html^headers^ rename : dom/security/test/csp/file_bug886164_2.html => dom/base/test/csp/file_bug886164_2.html rename : dom/security/test/csp/file_bug886164_2.html^headers^ => dom/base/test/csp/file_bug886164_2.html^headers^ rename : dom/security/test/csp/file_bug886164_3.html => dom/base/test/csp/file_bug886164_3.html rename : dom/security/test/csp/file_bug886164_3.html^headers^ => dom/base/test/csp/file_bug886164_3.html^headers^ rename : dom/security/test/csp/file_bug886164_4.html => dom/base/test/csp/file_bug886164_4.html rename : dom/security/test/csp/file_bug886164_4.html^headers^ => dom/base/test/csp/file_bug886164_4.html^headers^ rename : dom/security/test/csp/file_bug886164_5.html => dom/base/test/csp/file_bug886164_5.html rename : dom/security/test/csp/file_bug886164_5.html^headers^ => dom/base/test/csp/file_bug886164_5.html^headers^ rename : dom/security/test/csp/file_bug886164_6.html => dom/base/test/csp/file_bug886164_6.html rename : dom/security/test/csp/file_bug886164_6.html^headers^ => dom/base/test/csp/file_bug886164_6.html^headers^ rename : dom/security/test/csp/file_connect-src.html => dom/base/test/csp/file_connect-src.html rename : dom/security/test/csp/file_allow_https_schemes.html => dom/base/test/csp/file_csp_allow_https_schemes.html rename : dom/security/test/csp/file_bug768029.html => dom/base/test/csp/file_csp_bug768029.html rename : dom/security/test/csp/file_bug768029.sjs => dom/base/test/csp/file_csp_bug768029.sjs rename : dom/security/test/csp/file_bug773891.html => dom/base/test/csp/file_csp_bug773891.html rename : dom/security/test/csp/file_bug773891.sjs => dom/base/test/csp/file_csp_bug773891.sjs rename : dom/security/test/csp/file_invalid_source_expression.html => dom/base/test/csp/file_csp_invalid_source_expression.html rename : dom/security/test/csp/file_path_matching.html => dom/base/test/csp/file_csp_path_matching.html rename : dom/security/test/csp/file_path_matching.js => dom/base/test/csp/file_csp_path_matching.js rename : dom/security/test/csp/file_path_matching_redirect.html => dom/base/test/csp/file_csp_path_matching_redirect.html rename : dom/security/test/csp/file_path_matching_redirect_server.sjs => dom/base/test/csp/file_csp_path_matching_redirect_server.sjs rename : dom/security/test/csp/file_redirects_main.html => dom/base/test/csp/file_csp_redirects_main.html rename : dom/security/test/csp/file_redirects_page.sjs => dom/base/test/csp/file_csp_redirects_page.sjs rename : dom/security/test/csp/file_redirects_resource.sjs => dom/base/test/csp/file_csp_redirects_resource.sjs rename : dom/security/test/csp/file_referrerdirective.html => dom/base/test/csp/file_csp_referrerdirective.html rename : dom/security/test/csp/file_report.html => dom/base/test/csp/file_csp_report.html rename : dom/security/test/csp/file_testserver.sjs => dom/base/test/csp/file_csp_testserver.sjs rename : dom/security/test/csp/file_form-action.html => dom/base/test/csp/file_form-action.html rename : dom/security/test/csp/file_hash_source.html => dom/base/test/csp/file_hash_source.html rename : dom/security/test/csp/file_hash_source.html^headers^ => dom/base/test/csp/file_hash_source.html^headers^ rename : dom/security/test/csp/file_leading_wildcard.html => dom/base/test/csp/file_leading_wildcard.html rename : dom/security/test/csp/file_multi_policy_injection_bypass.html => dom/base/test/csp/file_multi_policy_injection_bypass.html rename : dom/security/test/csp/file_multi_policy_injection_bypass.html^headers^ => dom/base/test/csp/file_multi_policy_injection_bypass.html^headers^ rename : dom/security/test/csp/file_multi_policy_injection_bypass_2.html => dom/base/test/csp/file_multi_policy_injection_bypass_2.html rename : dom/security/test/csp/file_multi_policy_injection_bypass_2.html^headers^ => dom/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^ rename : dom/security/test/csp/file_nonce_source.html => dom/base/test/csp/file_nonce_source.html rename : dom/security/test/csp/file_nonce_source.html^headers^ => dom/base/test/csp/file_nonce_source.html^headers^ rename : dom/security/test/csp/file_policyuri_regression_from_multipolicy.html => dom/base/test/csp/file_policyuri_regression_from_multipolicy.html rename : dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ => dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ rename : dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy => dom/base/test/csp/file_policyuri_regression_from_multipolicy_policy rename : dom/security/test/csp/file_redirect_content.sjs => dom/base/test/csp/file_redirect_content.sjs rename : dom/security/test/csp/file_redirect_report.sjs => dom/base/test/csp/file_redirect_report.sjs rename : dom/security/test/csp/file_report_uri_missing_in_report_only_header.html => dom/base/test/csp/file_report_uri_missing_in_report_only_header.html rename : dom/security/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ => dom/base/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html => dom/base/test/csp/file_self_none_as_hostname_confusion.html rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/base/test/csp/file_self_none_as_hostname_confusion.html^headers^ rename : dom/security/test/csp/file_subframe_run_js_if_allowed.html => dom/base/test/csp/file_subframe_run_js_if_allowed.html rename : dom/security/test/csp/file_subframe_run_js_if_allowed.html^headers^ => dom/base/test/csp/file_subframe_run_js_if_allowed.html^headers^ rename : dom/security/test/csp/file_worker_redirect.html => dom/base/test/csp/file_worker_redirect.html rename : dom/security/test/csp/file_worker_redirect.sjs => dom/base/test/csp/file_worker_redirect.sjs rename : dom/security/test/csp/mochitest.ini => dom/base/test/csp/mochitest.ini rename : dom/security/test/csp/referrerdirective.sjs => dom/base/test/csp/referrerdirective.sjs rename : dom/security/test/csp/test_301_redirect.html => dom/base/test/csp/test_301_redirect.html rename : dom/security/test/csp/test_302_redirect.html => dom/base/test/csp/test_302_redirect.html rename : dom/security/test/csp/test_303_redirect.html => dom/base/test/csp/test_303_redirect.html rename : dom/security/test/csp/test_307_redirect.html => dom/base/test/csp/test_307_redirect.html rename : dom/security/test/csp/test_CSP.html => dom/base/test/csp/test_CSP.html rename : dom/security/test/csp/test_bug663567.html => dom/base/test/csp/test_CSP_bug663567.html rename : dom/security/test/csp/test_bug802872.html => dom/base/test/csp/test_CSP_bug802872.html rename : dom/security/test/csp/test_bug885433.html => dom/base/test/csp/test_CSP_bug885433.html rename : dom/security/test/csp/test_bug888172.html => dom/base/test/csp/test_CSP_bug888172.html rename : dom/security/test/csp/test_bug909029.html => dom/base/test/csp/test_CSP_bug909029.html rename : dom/security/test/csp/test_bug910139.html => dom/base/test/csp/test_CSP_bug910139.html rename : dom/security/test/csp/test_bug941404.html => dom/base/test/csp/test_CSP_bug941404.html rename : dom/security/test/csp/test_evalscript.html => dom/base/test/csp/test_CSP_evalscript.html rename : dom/security/test/csp/test_frameancestors.html => dom/base/test/csp/test_CSP_frameancestors.html rename : dom/security/test/csp/test_inlinescript.html => dom/base/test/csp/test_CSP_inlinescript.html rename : dom/security/test/csp/test_inlinestyle.html => dom/base/test/csp/test_CSP_inlinestyle.html rename : dom/security/test/csp/test_referrerdirective.html => dom/base/test/csp/test_CSP_referrerdirective.html rename : dom/security/test/csp/test_base-uri.html => dom/base/test/csp/test_base-uri.html rename : dom/security/test/csp/test_bug836922_npolicies.html => dom/base/test/csp/test_bug836922_npolicies.html rename : dom/security/test/csp/test_bug886164.html => dom/base/test/csp/test_bug886164.html rename : dom/security/test/csp/test_bug949549.html => dom/base/test/csp/test_bug949549.html rename : dom/security/test/csp/test_connect-src.html => dom/base/test/csp/test_connect-src.html rename : dom/security/test/csp/test_allow_https_schemes.html => dom/base/test/csp/test_csp_allow_https_schemes.html rename : dom/security/test/csp/test_bug768029.html => dom/base/test/csp/test_csp_bug768029.html rename : dom/security/test/csp/test_bug773891.html => dom/base/test/csp/test_csp_bug773891.html rename : dom/security/test/csp/test_invalid_source_expression.html => dom/base/test/csp/test_csp_invalid_source_expression.html rename : dom/security/test/csp/test_path_matching.html => dom/base/test/csp/test_csp_path_matching.html rename : dom/security/test/csp/test_path_matching_redirect.html => dom/base/test/csp/test_csp_path_matching_redirect.html rename : dom/security/test/csp/test_redirects.html => dom/base/test/csp/test_csp_redirects.html rename : dom/security/test/csp/test_report.html => dom/base/test/csp/test_csp_report.html rename : dom/security/test/csp/test_form-action.html => dom/base/test/csp/test_form-action.html rename : dom/security/test/csp/test_hash_source.html => dom/base/test/csp/test_hash_source.html rename : dom/security/test/csp/test_leading_wildcard.html => dom/base/test/csp/test_leading_wildcard.html rename : dom/security/test/csp/test_multi_policy_injection_bypass.html => dom/base/test/csp/test_multi_policy_injection_bypass.html rename : dom/security/test/csp/test_nonce_source.html => dom/base/test/csp/test_nonce_source.html rename : dom/security/test/csp/test_policyuri_regression_from_multipolicy.html => dom/base/test/csp/test_policyuri_regression_from_multipolicy.html rename : dom/security/test/csp/test_report_uri_missing_in_report_only_header.html => dom/base/test/csp/test_report_uri_missing_in_report_only_header.html rename : dom/security/test/csp/test_self_none_as_hostname_confusion.html => dom/base/test/csp/test_self_none_as_hostname_confusion.html rename : dom/security/test/csp/test_subframe_run_js_if_allowed.html => dom/base/test/csp/test_subframe_run_js_if_allowed.html rename : dom/security/test/csp/test_worker_redirect.html => dom/base/test/csp/test_worker_redirect.html rename : dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs => dom/base/test/file_CrossSiteXHR_cache_server.sjs rename : dom/security/test/cors/file_CrossSiteXHR_inner.html => dom/base/test/file_CrossSiteXHR_inner.html rename : dom/security/test/cors/file_CrossSiteXHR_inner.jar => dom/base/test/file_CrossSiteXHR_inner.jar rename : dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs => dom/base/test/file_CrossSiteXHR_inner_data.sjs rename : dom/security/test/cors/file_CrossSiteXHR_server.sjs => dom/base/test/file_CrossSiteXHR_server.sjs rename : dom/security/test/mixedcontentblocker/file_bug803225_test_mailto.html => dom/base/test/mixedcontentblocker/bug803225_test_mailto.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_blankTarget.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_blankTarget.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_grandchild.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_grandchild.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_innermost.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_secure.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_secure.html rename : dom/security/test/mixedcontentblocker/file_frameNavigation_secure_grandchild.html => dom/base/test/mixedcontentblocker/file_mixed_content_frameNavigation_secure_grandchild.html rename : dom/security/test/mixedcontentblocker/file_main.html => dom/base/test/mixedcontentblocker/file_mixed_content_main.html rename : dom/security/test/mixedcontentblocker/file_main_bug803225.html => dom/base/test/mixedcontentblocker/file_mixed_content_main_bug803225.html rename : dom/security/test/mixedcontentblocker/file_main_bug803225_websocket_wsh.py => dom/base/test/mixedcontentblocker/file_mixed_content_main_bug803225_websocket_wsh.py rename : dom/security/test/mixedcontentblocker/file_server.sjs => dom/base/test/mixedcontentblocker/file_mixed_content_server.sjs rename : dom/security/test/mixedcontentblocker/mochitest.ini => dom/base/test/mixedcontentblocker/mochitest.ini rename : dom/security/test/mixedcontentblocker/test_main.html => dom/base/test/mixedcontentblocker/test_mixed_content_blocker.html rename : dom/security/test/mixedcontentblocker/test_bug803225.html => dom/base/test/mixedcontentblocker/test_mixed_content_blocker_bug803225.html rename : dom/security/test/mixedcontentblocker/test_frameNavigation.html => dom/base/test/mixedcontentblocker/test_mixed_content_blocker_frameNavigation.html rename : dom/security/test/cors/test_CrossSiteXHR.html => dom/base/test/test_CrossSiteXHR.html rename : dom/security/test/cors/test_CrossSiteXHR_cache.html => dom/base/test/test_CrossSiteXHR_cache.html rename : dom/security/test/cors/test_CrossSiteXHR_origin.html => dom/base/test/test_CrossSiteXHR_origin.html rename : dom/security/test/unit/test_cspreports.js => dom/base/test/unit/test_cspreports.js
1197 lines
41 KiB
HTML
1197 lines
41 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
|
|
<title>Test for Cross Site XMLHttpRequest</title>
|
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body onload="initTest()">
|
|
<p id="display">
|
|
<iframe id=loader></iframe>
|
|
</p>
|
|
<div id="content" style="display: none">
|
|
|
|
</div>
|
|
<pre id="test">
|
|
<script class="testbody" type="application/javascript;version=1.8">
|
|
|
|
const runPreflightTests = 1;
|
|
const runCookieTests = 1;
|
|
const runRedirectTests = 1;
|
|
|
|
var gen;
|
|
|
|
function initTest() {
|
|
SimpleTest.waitForExplicitFinish();
|
|
// Allow all cookies, then do the actual test initialization
|
|
SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 0]]}, initTestCallback);
|
|
}
|
|
|
|
function initTestCallback() {
|
|
window.addEventListener("message", function(e) {
|
|
gen.send(e.data);
|
|
}, false);
|
|
|
|
gen = runTest();
|
|
|
|
gen.next()
|
|
}
|
|
|
|
function runTest() {
|
|
var loader = document.getElementById('loader');
|
|
var loaderWindow = loader.contentWindow;
|
|
loader.onload = function () { gen.next() };
|
|
|
|
// Test preflight-less requests
|
|
basePath = "/tests/dom/base/test/file_CrossSiteXHR_server.sjs?"
|
|
baseURL = "http://mochi.test:8888" + basePath;
|
|
|
|
// Test preflighted requests
|
|
loader.src = "http://example.org/tests/dom/base/test/file_CrossSiteXHR_inner.html";
|
|
origin = "http://example.org";
|
|
yield undefined;
|
|
|
|
tests = [// Plain request
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// undefined username
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
username: undefined
|
|
},
|
|
|
|
// undefined username and password
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
username: undefined,
|
|
password: undefined
|
|
},
|
|
|
|
// nonempty username
|
|
{ pass: 0,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
username: "user",
|
|
},
|
|
|
|
// nonempty password
|
|
// XXXbz this passes for now, because we ignore passwords
|
|
// without usernames in most cases.
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
password: "password",
|
|
},
|
|
|
|
// Default allowed headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "Content-Type": "text/plain",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// Custom headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "X-My-Header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header": "secondValue" },
|
|
allowHeaders: "x-my-header, long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my%-header": "myValue" },
|
|
allowHeaders: "x-my%-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "" },
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "y-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header y-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, y-my-header z",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, y-my-he(ader",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "myheader": "" },
|
|
allowMethods: "myheader",
|
|
},
|
|
|
|
// Multiple custom headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header, second-header, third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header,second-header,third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header ,second-header ,third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header , second-header , third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue" },
|
|
allowHeaders: ", x-my-header, , ,, second-header, , ",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue" },
|
|
allowHeaders: "x-my-header, second-header, unused-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"y-my-header": "secondValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "",
|
|
"y-my-header": "" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
|
|
// HEAD requests
|
|
{ pass: 1,
|
|
method: "HEAD",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// HEAD with safe headers
|
|
{ pass: 1,
|
|
method: "HEAD",
|
|
headers: { "Content-Type": "text/plain",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// HEAD with custom headers
|
|
{ pass: 1,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "",
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "y-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header y-my-header",
|
|
},
|
|
|
|
// POST tests
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// POST with standard headers
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "multipart/form-data" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// POST with custom headers
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
headers: { "Content-Type": "text/plain",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, content-type",
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, $_%",
|
|
},
|
|
|
|
// Other methods
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowHeaders: "DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST, PUT, DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST, DELETE, PUT",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE, POST, PUT",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST ,PUT ,DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST,PUT,DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST , PUT , DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: " ,, PUT ,, , , DELETE , ,",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PUT",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETEZ",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE PUT",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE, PUT Z",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE, PU(T",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PUT DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PUT Z, DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PU(T, DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "MYMETHOD",
|
|
allowMethods: "myMethod",
|
|
},
|
|
{ pass: 0,
|
|
method: "PUT",
|
|
allowMethods: "put",
|
|
},
|
|
|
|
// Progress events
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
uploadProgress: "progress",
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
uploadProgress: "progress",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// Status messages
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
status: 404,
|
|
statusMessage: "nothin' here",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
status: 401,
|
|
statusMessage: "no can do",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
allowHeaders: "content-type",
|
|
status: 500,
|
|
statusMessage: "server boo",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
status: 200,
|
|
statusMessage: "Yes!!",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "header value" },
|
|
allowHeaders: "x-my-header",
|
|
preflightStatus: 400
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "header value" },
|
|
allowHeaders: "x-my-header",
|
|
preflightStatus: 200
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "header value" },
|
|
allowHeaders: "x-my-header",
|
|
preflightStatus: 204
|
|
},
|
|
|
|
// exposed headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header",
|
|
expectedResponseHeaders: ["x-my-header"],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
origin: "http://invalid",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header y",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "y x-my-header",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header, y-my-header z",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header, y-my-hea(er",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header",
|
|
"y-my-header": "y header" },
|
|
exposeHeaders: " , ,,y-my-header,z-my-header, ",
|
|
expectedResponseHeaders: ["y-my-header"],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "Cache-Control": "cacheControl header",
|
|
"Content-Language": "contentLanguage header",
|
|
"Expires":"expires header",
|
|
"Last-Modified":"lastModified header",
|
|
"Pragma":"pragma header",
|
|
"Unexpected":"unexpected header" },
|
|
expectedResponseHeaders: ["Cache-Control","Content-Language","Content-Type","Expires","Last-Modified","Pragma"],
|
|
},
|
|
// Check that sending a body in the OPTIONS response works
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE",
|
|
preflightBody: "I'm a preflight response body",
|
|
},
|
|
];
|
|
|
|
if (!runPreflightTests) {
|
|
tests = [];
|
|
}
|
|
|
|
for (test of tests) {
|
|
var req = {
|
|
url: baseURL + "allowOrigin=" + escape(test.origin || origin),
|
|
method: test.method,
|
|
headers: test.headers,
|
|
uploadProgress: test.uploadProgress,
|
|
body: test.body,
|
|
responseHeaders: test.responseHeaders,
|
|
};
|
|
|
|
if (test.pass) {
|
|
req.url += "&origin=" + escape(origin) +
|
|
"&requestMethod=" + test.method;
|
|
}
|
|
|
|
if ("username" in test) {
|
|
req.username = test.username;
|
|
}
|
|
|
|
if ("password" in test) {
|
|
req.password = test.password;
|
|
}
|
|
|
|
if (test.noAllowPreflight)
|
|
req.url += "&noAllowPreflight";
|
|
|
|
if (test.pass && "headers" in test) {
|
|
function isUnsafeHeader(name) {
|
|
lName = name.toLowerCase();
|
|
return lName != "accept" &&
|
|
lName != "accept-language" &&
|
|
(lName != "content-type" ||
|
|
["text/plain",
|
|
"multipart/form-data",
|
|
"application/x-www-form-urlencoded"]
|
|
.indexOf(test.headers[name].toLowerCase()) == -1);
|
|
}
|
|
req.url += "&headers=" + escape(test.headers.toSource());
|
|
reqHeaders =
|
|
escape([name for (name in test.headers)]
|
|
.filter(isUnsafeHeader)
|
|
.map(String.toLowerCase)
|
|
.sort()
|
|
.join(","));
|
|
req.url += reqHeaders ? "&requestHeaders=" + reqHeaders : "";
|
|
}
|
|
if ("allowHeaders" in test)
|
|
req.url += "&allowHeaders=" + escape(test.allowHeaders);
|
|
if ("allowMethods" in test)
|
|
req.url += "&allowMethods=" + escape(test.allowMethods);
|
|
if (test.body)
|
|
req.url += "&body=" + escape(test.body);
|
|
if (test.status) {
|
|
req.url += "&status=" + test.status;
|
|
req.url += "&statusMessage=" + escape(test.statusMessage);
|
|
}
|
|
if (test.preflightStatus)
|
|
req.url += "&preflightStatus=" + test.preflightStatus;
|
|
if (test.responseHeaders)
|
|
req.url += "&responseHeaders=" + escape(test.responseHeaders.toSource());
|
|
if (test.exposeHeaders)
|
|
req.url += "&exposeHeaders=" + escape(test.exposeHeaders);
|
|
if (test.preflightBody)
|
|
req.url += "&preflightBody=" + escape(test.preflightBody);
|
|
|
|
loaderWindow.postMessage(req.toSource(), origin);
|
|
res = eval(yield);
|
|
|
|
if (test.pass) {
|
|
is(res.didFail, false,
|
|
"shouldn't have failed in test for " + test.toSource());
|
|
if (test.status) {
|
|
is(res.status, test.status, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, test.statusMessage, "wrong status text for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.status, 200, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "OK", "wrong status text for " + test.toSource());
|
|
}
|
|
if (test.method !== "HEAD") {
|
|
is(res.responseXML, "<res>hello pass</res>",
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "<res>hello pass</res>\n",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,loadstart,rs2,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
if (test.responseHeaders) {
|
|
for (header in test.responseHeaders) {
|
|
if (test.expectedResponseHeaders.indexOf(header) == -1) {
|
|
is(res.responseHeaders[header], null,
|
|
"|xhr.getResponseHeader()|wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
is(res.allResponseHeaders[header], null,
|
|
"|xhr.getAllResponseHeaderss()|wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
}
|
|
else {
|
|
is(res.responseHeaders[header], test.responseHeaders[header],
|
|
"|xhr.getResponseHeader()|wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
is(res.allResponseHeaders[header], test.responseHeaders[header],
|
|
"|xhr.getAllResponseHeaderss()|wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
is(res.didFail, true,
|
|
"should have failed in test for " + test.toSource());
|
|
is(res.status, 0, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
if (!res.sendThrew) {
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
|
|
"wrong events in test for " + test.toSource());
|
|
}
|
|
is(res.progressEvents, 0,
|
|
"wrong events in test for " + test.toSource());
|
|
if (test.responseHeaders) {
|
|
for (header in test.responseHeaders) {
|
|
is(res.responseHeaders[header], null,
|
|
"wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Test cookie behavior
|
|
tests = [{ pass: 1,
|
|
method: "GET",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
withCred: 1,
|
|
allowCred: 0,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
origin: "*",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
withCred: 0,
|
|
allowCred: 1,
|
|
origin: "*",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
setCookie: "a=1",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
cookie: "a=1",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noCookie: 1,
|
|
withCred: 0,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
noCookie: 1,
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
setCookie: "a=2",
|
|
withCred: 0,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
cookie: "a=1",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
setCookie: "a=2",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
cookie: "a=2",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
];
|
|
|
|
if (!runCookieTests) {
|
|
tests = [];
|
|
}
|
|
|
|
for (test of tests) {
|
|
req = {
|
|
url: baseURL + "allowOrigin=" + escape(test.origin || origin),
|
|
method: test.method,
|
|
headers: test.headers,
|
|
withCred: test.withCred,
|
|
};
|
|
|
|
if (test.allowCred)
|
|
req.url += "&allowCred";
|
|
|
|
if (test.setCookie)
|
|
req.url += "&setCookie=" + escape(test.setCookie);
|
|
if (test.cookie)
|
|
req.url += "&cookie=" + escape(test.cookie);
|
|
if (test.noCookie)
|
|
req.url += "&noCookie";
|
|
|
|
if ("allowHeaders" in test)
|
|
req.url += "&allowHeaders=" + escape(test.allowHeaders);
|
|
if ("allowMethods" in test)
|
|
req.url += "&allowMethods=" + escape(test.allowMethods);
|
|
|
|
loaderWindow.postMessage(req.toSource(), origin);
|
|
|
|
res = eval(yield);
|
|
if (test.pass) {
|
|
is(res.didFail, false,
|
|
"shouldn't have failed in test for " + test.toSource());
|
|
is(res.status, 200, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "OK", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, "<res>hello pass</res>",
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "<res>hello pass</res>\n",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.didFail, true,
|
|
"should have failed in test for " + test.toSource());
|
|
is(res.status, 0, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
|
|
"wrong events in test for " + test.toSource());
|
|
is(res.progressEvents, 0,
|
|
"wrong events in test for " + test.toSource());
|
|
}
|
|
}
|
|
|
|
// Make sure to clear cookies to avoid affecting other tests
|
|
document.cookie = "a=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT"
|
|
is(document.cookie, "", "No cookies should be left over");
|
|
|
|
|
|
// Test redirects
|
|
is(loader.src, "http://example.org/tests/dom/base/test/file_CrossSiteXHR_inner.html");
|
|
is(origin, "http://example.org");
|
|
|
|
tests = [{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: "*"
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "x"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.com",
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
{ server: "http://example.org",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
],
|
|
},
|
|
];
|
|
|
|
if (!runRedirectTests) {
|
|
tests = [];
|
|
}
|
|
|
|
for (test of tests) {
|
|
req = {
|
|
url: test.hops[0].server + basePath + "hop=1&hops=" +
|
|
escape(test.hops.toSource()),
|
|
method: test.method,
|
|
headers: test.headers,
|
|
body: test.body,
|
|
};
|
|
|
|
if (test.pass) {
|
|
if (test.body)
|
|
req.url += "&body=" + escape(test.body);
|
|
}
|
|
|
|
loaderWindow.postMessage(req.toSource(), origin);
|
|
|
|
res = eval(yield);
|
|
if (test.pass) {
|
|
is(res.didFail, false,
|
|
"shouldn't have failed in test for " + test.toSource());
|
|
is(res.status, 200, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "OK", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, "<res>hello pass</res>",
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "<res>hello pass</res>\n",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.didFail, true,
|
|
"should have failed in test for " + test.toSource());
|
|
is(res.status, 0, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
|
|
"wrong events in test for " + test.toSource());
|
|
is(res.progressEvents, 0,
|
|
"wrong progressevents in test for " + test.toSource());
|
|
}
|
|
}
|
|
|
|
|
|
SimpleTest.finish();
|
|
|
|
yield undefined;
|
|
}
|
|
|
|
</script>
|
|
</pre>
|
|
</body>
|
|
</html>
|