mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-05 08:35:26 +00:00
1137 lines
39 KiB
HTML
1137 lines
39 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
|
|
<title>Test for Cross Site XMLHttpRequest</title>
|
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body onload="gen.next()">
|
|
<p id="display">
|
|
<iframe id=loader></iframe>
|
|
</p>
|
|
<div id="content" style="display: none">
|
|
|
|
</div>
|
|
<pre id="test">
|
|
<script class="testbody" type="application/javascript;version=1.8">
|
|
|
|
const runPreflightTests = 1;
|
|
const runCookieTests = 1;
|
|
const runRedirectTests = 1;
|
|
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
window.addEventListener("message", function(e) {
|
|
gen.send(e.data);
|
|
}, false);
|
|
|
|
gen = runTest();
|
|
|
|
function runTest() {
|
|
var loader = document.getElementById('loader');
|
|
var loaderWindow = loader.contentWindow;
|
|
loader.onload = function () { gen.next() };
|
|
|
|
// Test preflight-less requests
|
|
basePath = "/tests/content/base/test/file_CrossSiteXHR_server.sjs?"
|
|
baseURL = "http://mochi.test:8888" + basePath;
|
|
|
|
// Test preflighted requests
|
|
loader.src = "http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.html";
|
|
origin = "http://example.org";
|
|
yield;
|
|
|
|
tests = [// Plain request
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// undefined username
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
username: undefined
|
|
},
|
|
|
|
// undefined username and password
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
username: undefined,
|
|
password: undefined
|
|
},
|
|
|
|
// nonempty username
|
|
{ pass: 0,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
username: "user",
|
|
},
|
|
|
|
// nonempty password
|
|
// XXXbz this passes for now, because we ignore passwords
|
|
// without usernames in most cases.
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
password: "password",
|
|
},
|
|
|
|
// Default allowed headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "Content-Type": "text/plain",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// Custom headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "X-My-Header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header": "secondValue" },
|
|
allowHeaders: "x-my-header, long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my%-header": "myValue" },
|
|
allowHeaders: "x-my%-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "" },
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "y-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header y-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, y-my-header z",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, y-my-he(ader",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "myheader": "" },
|
|
allowMethods: "myheader",
|
|
},
|
|
|
|
// Multiple custom headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header, second-header, third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header,second-header,third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header ,second-header ,third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue",
|
|
"third-header": "thirdValue" },
|
|
allowHeaders: "x-my-header , second-header , third-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue" },
|
|
allowHeaders: ", x-my-header, , ,, second-header, , ",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"second-header": "secondValue" },
|
|
allowHeaders: "x-my-header, second-header, unused-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "myValue",
|
|
"y-my-header": "secondValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "",
|
|
"y-my-header": "" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
|
|
// HEAD requests
|
|
{ pass: 1,
|
|
method: "HEAD",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// HEAD with safe headers
|
|
{ pass: 1,
|
|
method: "HEAD",
|
|
headers: { "Content-Type": "text/plain",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// HEAD with custom headers
|
|
{ pass: 1,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "",
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "y-my-header",
|
|
},
|
|
{ pass: 0,
|
|
method: "HEAD",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header y-my-header",
|
|
},
|
|
|
|
// POST tests
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// POST with standard headers
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "multipart/form-data" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// POST with custom headers
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Accept": "foo/bar",
|
|
"Accept-Language": "sv-SE",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
headers: { "Content-Type": "text/plain",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, content-type",
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar",
|
|
"x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "x-my-header": "myValue" },
|
|
allowHeaders: "x-my-header, $_%",
|
|
},
|
|
|
|
// Other methods
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowHeaders: "DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST, PUT, DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST, DELETE, PUT",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE, POST, PUT",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST ,PUT ,DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST,PUT,DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "POST , PUT , DELETE",
|
|
},
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: " ,, PUT ,, , , DELETE , ,",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PUT",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETEZ",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE PUT",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE, PUT Z",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE, PU(T",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PUT DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PUT Z, DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
allowMethods: "PU(T, DELETE",
|
|
},
|
|
{ pass: 0,
|
|
method: "MYMETHOD",
|
|
allowMethods: "myMethod",
|
|
},
|
|
{ pass: 0,
|
|
method: "PUT",
|
|
allowMethods: "put",
|
|
},
|
|
|
|
// Progress events
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
uploadProgress: "uploadprogress",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
uploadProgress: "progress",
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
uploadProgress: "uploadprogress",
|
|
noAllowPreflight: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
uploadProgress: "progress",
|
|
noAllowPreflight: 1,
|
|
},
|
|
|
|
// Status messages
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
status: 404,
|
|
statusMessage: "nothin' here",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
status: 401,
|
|
statusMessage: "no can do",
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "foo/bar" },
|
|
allowHeaders: "content-type",
|
|
status: 500,
|
|
statusMessage: "server boo",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noAllowPreflight: 1,
|
|
status: 200,
|
|
statusMessage: "Yes!!",
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
headers: { "x-my-header": "header value" },
|
|
allowHeaders: "x-my-header",
|
|
preflightStatus: 400
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
headers: { "x-my-header": "header value" },
|
|
allowHeaders: "x-my-header",
|
|
preflightStatus: 200
|
|
},
|
|
|
|
// exposed headers
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header",
|
|
expectedResponseHeaders: ["x-my-header"],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
origin: "http://invalid",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header y",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "y x-my-header",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header, y-my-header z",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header" },
|
|
exposeHeaders: "x-my-header, y-my-hea(er",
|
|
expectedResponseHeaders: [],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
responseHeaders: { "x-my-header": "x header",
|
|
"y-my-header": "y header" },
|
|
exposeHeaders: " , ,,y-my-header,z-my-header, ",
|
|
expectedResponseHeaders: ["y-my-header"],
|
|
},
|
|
|
|
// Check that sending a body in the OPTIONS response works
|
|
{ pass: 1,
|
|
method: "DELETE",
|
|
allowMethods: "DELETE",
|
|
preflightBody: "I'm a preflight response body",
|
|
},
|
|
];
|
|
|
|
if (!runPreflightTests) {
|
|
tests = [];
|
|
}
|
|
|
|
for each(test in tests) {
|
|
var req = {
|
|
url: baseURL + "allowOrigin=" + escape(test.origin || origin),
|
|
method: test.method,
|
|
headers: test.headers,
|
|
uploadProgress: test.uploadProgress,
|
|
body: test.body,
|
|
responseHeaders: test.responseHeaders,
|
|
};
|
|
|
|
if (test.pass) {
|
|
req.url += "&origin=" + escape(origin) +
|
|
"&requestMethod=" + test.method;
|
|
}
|
|
|
|
if ("username" in test) {
|
|
req.username = test.username;
|
|
}
|
|
|
|
if ("password" in test) {
|
|
req.password = test.password;
|
|
}
|
|
|
|
if (test.noAllowPreflight)
|
|
req.url += "&noAllowPreflight";
|
|
|
|
if (test.pass && "headers" in test) {
|
|
function isUnsafeHeader(name) {
|
|
lName = name.toLowerCase();
|
|
return lName != "accept" &&
|
|
lName != "accept-language" &&
|
|
(lName != "content-type" ||
|
|
["text/plain",
|
|
"multipart/form-data",
|
|
"application/x-www-form-urlencoded"]
|
|
.indexOf(test.headers[name].toLowerCase()) == -1);
|
|
}
|
|
req.url += "&headers=" + escape(test.headers.toSource());
|
|
reqHeaders =
|
|
escape([name for (name in test.headers)]
|
|
.filter(isUnsafeHeader)
|
|
.map(String.toLowerCase)
|
|
.sort()
|
|
.join(","));
|
|
req.url += reqHeaders ? "&requestHeaders=" + reqHeaders : "";
|
|
}
|
|
if ("allowHeaders" in test)
|
|
req.url += "&allowHeaders=" + escape(test.allowHeaders);
|
|
if ("allowMethods" in test)
|
|
req.url += "&allowMethods=" + escape(test.allowMethods);
|
|
if (test.body)
|
|
req.url += "&body=" + escape(test.body);
|
|
if (test.status) {
|
|
req.url += "&status=" + test.status;
|
|
req.url += "&statusMessage=" + escape(test.statusMessage);
|
|
}
|
|
if (test.preflightStatus)
|
|
req.url += "&preflightStatus=" + test.preflightStatus;
|
|
if (test.responseHeaders)
|
|
req.url += "&responseHeaders=" + escape(test.responseHeaders.toSource());
|
|
if (test.exposeHeaders)
|
|
req.url += "&exposeHeaders=" + escape(test.exposeHeaders);
|
|
if (test.preflightBody)
|
|
req.url += "&preflightBody=" + escape(test.preflightBody);
|
|
|
|
loaderWindow.postMessage(req.toSource(), origin);
|
|
res = eval(yield);
|
|
|
|
if (test.pass) {
|
|
is(res.didFail, false,
|
|
"shouldn't have failed in test for " + test.toSource());
|
|
if (test.status) {
|
|
is(res.status, test.status, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, test.statusMessage, "wrong status text for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.status, 200, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "OK", "wrong status text for " + test.toSource());
|
|
}
|
|
if (test.method !== "HEAD") {
|
|
is(res.responseXML, "<res>hello pass</res>",
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "<res>hello pass</res>\n",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,rs1,loadstart,rs2,rs3,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,rs1,loadstart,rs2,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
if (test.responseHeaders) {
|
|
for (header in test.responseHeaders) {
|
|
if (test.expectedResponseHeaders.indexOf(header) == -1) {
|
|
is(res.responseHeaders[header], null,
|
|
"wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
}
|
|
else {
|
|
is(res.responseHeaders[header], test.responseHeaders[header],
|
|
"wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
is(res.didFail, true,
|
|
"should have failed in test for " + test.toSource());
|
|
is(res.status, 0, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
if (!res.sendThrew) {
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,rs1,loadstart,rs2,rs4,error,loadend",
|
|
"wrong events in test for " + test.toSource());
|
|
}
|
|
is(res.progressEvents, 0,
|
|
"wrong events in test for " + test.toSource());
|
|
if (test.responseHeaders) {
|
|
for (header in test.responseHeaders) {
|
|
is(res.responseHeaders[header], null,
|
|
"wrong response header (" + header + ") in test for " +
|
|
test.toSource());
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Test cookie behavior
|
|
tests = [{ pass: 1,
|
|
method: "GET",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
withCred: 1,
|
|
allowCred: 0,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
origin: "*",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
withCred: 0,
|
|
allowCred: 1,
|
|
origin: "*",
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
setCookie: "a=1",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
cookie: "a=1",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
noCookie: 1,
|
|
withCred: 0,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
noCookie: 1,
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
setCookie: "a=2",
|
|
withCred: 0,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
cookie: "a=1",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
setCookie: "a=2",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
cookie: "a=2",
|
|
withCred: 1,
|
|
allowCred: 1,
|
|
},
|
|
];
|
|
|
|
if (!runCookieTests) {
|
|
tests = [];
|
|
}
|
|
|
|
for each(test in tests) {
|
|
req = {
|
|
url: baseURL + "allowOrigin=" + escape(test.origin || origin),
|
|
method: test.method,
|
|
headers: test.headers,
|
|
withCred: test.withCred,
|
|
};
|
|
|
|
if (test.allowCred)
|
|
req.url += "&allowCred";
|
|
|
|
if (test.setCookie)
|
|
req.url += "&setCookie=" + escape(test.setCookie);
|
|
if (test.cookie)
|
|
req.url += "&cookie=" + escape(test.cookie);
|
|
if (test.noCookie)
|
|
req.url += "&noCookie";
|
|
|
|
if ("allowHeaders" in test)
|
|
req.url += "&allowHeaders=" + escape(test.allowHeaders);
|
|
if ("allowMethods" in test)
|
|
req.url += "&allowMethods=" + escape(test.allowMethods);
|
|
|
|
loaderWindow.postMessage(req.toSource(), origin);
|
|
|
|
res = eval(yield);
|
|
if (test.pass) {
|
|
is(res.didFail, false,
|
|
"shouldn't have failed in test for " + test.toSource());
|
|
is(res.status, 200, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "OK", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, "<res>hello pass</res>",
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "<res>hello pass</res>\n",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,rs1,loadstart,rs2,rs3,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.didFail, true,
|
|
"should have failed in test for " + test.toSource());
|
|
is(res.status, 0, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,rs1,loadstart,rs2,rs4,error,loadend",
|
|
"wrong events in test for " + test.toSource());
|
|
is(res.progressEvents, 0,
|
|
"wrong events in test for " + test.toSource());
|
|
}
|
|
}
|
|
|
|
// Make sure to clear cookies to avoid affecting other tests
|
|
document.cookie = "a=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT"
|
|
is(document.cookie, "", "No cookies should be left over");
|
|
|
|
|
|
// Test redirects
|
|
is(loader.src, "http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.html");
|
|
is(origin, "http://example.org");
|
|
|
|
tests = [{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://example.org",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "x"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "GET",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://test2.example.org:8000",
|
|
allowOrigin: origin
|
|
},
|
|
{ server: "http://sub2.xn--lt-uia.example.org",
|
|
allowOrigin: "*"
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "DELETE",
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.com",
|
|
},
|
|
{ server: "http://sub1.test1.example.org",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
],
|
|
},
|
|
{ pass: 1,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain" },
|
|
hops: [{ server: "http://example.org",
|
|
},
|
|
{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
},
|
|
],
|
|
},
|
|
{ pass: 0,
|
|
method: "POST",
|
|
body: "hi there",
|
|
headers: { "Content-Type": "text/plain",
|
|
"my-header": "myValue",
|
|
},
|
|
hops: [{ server: "http://example.com",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
{ server: "http://example.org",
|
|
allowOrigin: origin,
|
|
allowHeaders: "my-header",
|
|
},
|
|
],
|
|
},
|
|
];
|
|
|
|
if (!runRedirectTests) {
|
|
tests = [];
|
|
}
|
|
|
|
for each(test in tests) {
|
|
req = {
|
|
url: test.hops[0].server + basePath + "hop=1&hops=" +
|
|
escape(test.hops.toSource()),
|
|
method: test.method,
|
|
headers: test.headers,
|
|
body: test.body,
|
|
};
|
|
|
|
if (test.pass) {
|
|
if (test.body)
|
|
req.url += "&body=" + escape(test.body);
|
|
}
|
|
|
|
loaderWindow.postMessage(req.toSource(), origin);
|
|
|
|
res = eval(yield);
|
|
if (test.pass) {
|
|
is(res.didFail, false,
|
|
"shouldn't have failed in test for " + test.toSource());
|
|
is(res.status, 200, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "OK", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, "<res>hello pass</res>",
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "<res>hello pass</res>\n",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,rs1,loadstart,rs2,rs3,rs4,load,loadend",
|
|
"wrong responseText in test for " + test.toSource());
|
|
}
|
|
else {
|
|
is(res.didFail, true,
|
|
"should have failed in test for " + test.toSource());
|
|
is(res.status, 0, "wrong status in test for " + test.toSource());
|
|
is(res.statusText, "", "wrong status text for " + test.toSource());
|
|
is(res.responseXML, null,
|
|
"wrong responseXML in test for " + test.toSource());
|
|
is(res.responseText, "",
|
|
"wrong responseText in test for " + test.toSource());
|
|
is(res.events.join(","),
|
|
"opening,rs1,sending,rs1,loadstart,rs2,rs4,error,loadend",
|
|
"wrong events in test for " + test.toSource());
|
|
is(res.progressEvents, 0,
|
|
"wrong progressevents in test for " + test.toSource());
|
|
}
|
|
}
|
|
|
|
|
|
SimpleTest.finish();
|
|
|
|
yield;
|
|
}
|
|
|
|
</script>
|
|
</pre>
|
|
</body>
|
|
</html>
|