1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/test_CrossSiteXHR.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1196 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<head>
1.7 + <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
1.8 + <title>Test for Cross Site XMLHttpRequest</title>
1.9 + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.10 + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
1.11 +</head>
1.12 +<body onload="initTest()">
1.13 +<p id="display">
1.14 +<iframe id=loader></iframe>
1.15 +</p>
1.16 +<div id="content" style="display: none">
1.17 +
1.18 +</div>
1.19 +<pre id="test">
1.20 +<script class="testbody" type="application/javascript;version=1.8">
1.21 +
1.22 +const runPreflightTests = 1;
1.23 +const runCookieTests = 1;
1.24 +const runRedirectTests = 1;
1.25 +
1.26 +var gen;
1.27 +
1.28 +function initTest() {
1.29 + SimpleTest.waitForExplicitFinish();
1.30 + // Allow all cookies, then do the actual test initialization
1.31 + SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 0]]}, initTestCallback);
1.32 +}
1.33 +
1.34 +function initTestCallback() {
1.35 + window.addEventListener("message", function(e) {
1.36 + gen.send(e.data);
1.37 + }, false);
1.38 +
1.39 + gen = runTest();
1.40 +
1.41 + gen.next()
1.42 +}
1.43 +
1.44 +function runTest() {
1.45 + var loader = document.getElementById('loader');
1.46 + var loaderWindow = loader.contentWindow;
1.47 + loader.onload = function () { gen.next() };
1.48 +
1.49 + // Test preflight-less requests
1.50 + basePath = "/tests/content/base/test/file_CrossSiteXHR_server.sjs?"
1.51 + baseURL = "http://mochi.test:8888" + basePath;
1.52 +
1.53 + // Test preflighted requests
1.54 + loader.src = "http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.html";
1.55 + origin = "http://example.org";
1.56 + yield undefined;
1.57 +
1.58 + tests = [// Plain request
1.59 + { pass: 1,
1.60 + method: "GET",
1.61 + noAllowPreflight: 1,
1.62 + },
1.63 +
1.64 + // undefined username
1.65 + { pass: 1,
1.66 + method: "GET",
1.67 + noAllowPreflight: 1,
1.68 + username: undefined
1.69 + },
1.70 +
1.71 + // undefined username and password
1.72 + { pass: 1,
1.73 + method: "GET",
1.74 + noAllowPreflight: 1,
1.75 + username: undefined,
1.76 + password: undefined
1.77 + },
1.78 +
1.79 + // nonempty username
1.80 + { pass: 0,
1.81 + method: "GET",
1.82 + noAllowPreflight: 1,
1.83 + username: "user",
1.84 + },
1.85 +
1.86 + // nonempty password
1.87 + // XXXbz this passes for now, because we ignore passwords
1.88 + // without usernames in most cases.
1.89 + { pass: 1,
1.90 + method: "GET",
1.91 + noAllowPreflight: 1,
1.92 + password: "password",
1.93 + },
1.94 +
1.95 + // Default allowed headers
1.96 + { pass: 1,
1.97 + method: "GET",
1.98 + headers: { "Content-Type": "text/plain",
1.99 + "Accept": "foo/bar",
1.100 + "Accept-Language": "sv-SE" },
1.101 + noAllowPreflight: 1,
1.102 + },
1.103 + { pass: 0,
1.104 + method: "GET",
1.105 + headers: { "Content-Type": "foo/bar",
1.106 + "Accept": "foo/bar",
1.107 + "Accept-Language": "sv-SE" },
1.108 + noAllowPreflight: 1,
1.109 + },
1.110 +
1.111 + // Custom headers
1.112 + { pass: 1,
1.113 + method: "GET",
1.114 + headers: { "x-my-header": "myValue" },
1.115 + allowHeaders: "x-my-header",
1.116 + },
1.117 + { pass: 1,
1.118 + method: "GET",
1.119 + headers: { "x-my-header": "myValue" },
1.120 + allowHeaders: "X-My-Header",
1.121 + },
1.122 + { pass: 1,
1.123 + method: "GET",
1.124 + headers: { "x-my-header": "myValue",
1.125 + "long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header": "secondValue" },
1.126 + allowHeaders: "x-my-header, long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header",
1.127 + },
1.128 + { pass: 1,
1.129 + method: "GET",
1.130 + headers: { "x-my%-header": "myValue" },
1.131 + allowHeaders: "x-my%-header",
1.132 + },
1.133 + { pass: 0,
1.134 + method: "GET",
1.135 + headers: { "x-my-header": "myValue" },
1.136 + },
1.137 + { pass: 0,
1.138 + method: "GET",
1.139 + headers: { "x-my-header": "" },
1.140 + },
1.141 + { pass: 0,
1.142 + method: "GET",
1.143 + headers: { "x-my-header": "myValue" },
1.144 + allowHeaders: "",
1.145 + },
1.146 + { pass: 0,
1.147 + method: "GET",
1.148 + headers: { "x-my-header": "myValue" },
1.149 + allowHeaders: "y-my-header",
1.150 + },
1.151 + { pass: 0,
1.152 + method: "GET",
1.153 + headers: { "x-my-header": "myValue" },
1.154 + allowHeaders: "x-my-header y-my-header",
1.155 + },
1.156 + { pass: 0,
1.157 + method: "GET",
1.158 + headers: { "x-my-header": "myValue" },
1.159 + allowHeaders: "x-my-header, y-my-header z",
1.160 + },
1.161 + { pass: 0,
1.162 + method: "GET",
1.163 + headers: { "x-my-header": "myValue" },
1.164 + allowHeaders: "x-my-header, y-my-he(ader",
1.165 + },
1.166 + { pass: 0,
1.167 + method: "GET",
1.168 + headers: { "myheader": "" },
1.169 + allowMethods: "myheader",
1.170 + },
1.171 +
1.172 + // Multiple custom headers
1.173 + { pass: 1,
1.174 + method: "GET",
1.175 + headers: { "x-my-header": "myValue",
1.176 + "second-header": "secondValue",
1.177 + "third-header": "thirdValue" },
1.178 + allowHeaders: "x-my-header, second-header, third-header",
1.179 + },
1.180 + { pass: 1,
1.181 + method: "GET",
1.182 + headers: { "x-my-header": "myValue",
1.183 + "second-header": "secondValue",
1.184 + "third-header": "thirdValue" },
1.185 + allowHeaders: "x-my-header,second-header,third-header",
1.186 + },
1.187 + { pass: 1,
1.188 + method: "GET",
1.189 + headers: { "x-my-header": "myValue",
1.190 + "second-header": "secondValue",
1.191 + "third-header": "thirdValue" },
1.192 + allowHeaders: "x-my-header ,second-header ,third-header",
1.193 + },
1.194 + { pass: 1,
1.195 + method: "GET",
1.196 + headers: { "x-my-header": "myValue",
1.197 + "second-header": "secondValue",
1.198 + "third-header": "thirdValue" },
1.199 + allowHeaders: "x-my-header , second-header , third-header",
1.200 + },
1.201 + { pass: 1,
1.202 + method: "GET",
1.203 + headers: { "x-my-header": "myValue",
1.204 + "second-header": "secondValue" },
1.205 + allowHeaders: ", x-my-header, , ,, second-header, , ",
1.206 + },
1.207 + { pass: 1,
1.208 + method: "GET",
1.209 + headers: { "x-my-header": "myValue",
1.210 + "second-header": "secondValue" },
1.211 + allowHeaders: "x-my-header, second-header, unused-header",
1.212 + },
1.213 + { pass: 0,
1.214 + method: "GET",
1.215 + headers: { "x-my-header": "myValue",
1.216 + "y-my-header": "secondValue" },
1.217 + allowHeaders: "x-my-header",
1.218 + },
1.219 + { pass: 0,
1.220 + method: "GET",
1.221 + headers: { "x-my-header": "",
1.222 + "y-my-header": "" },
1.223 + allowHeaders: "x-my-header",
1.224 + },
1.225 +
1.226 + // HEAD requests
1.227 + { pass: 1,
1.228 + method: "HEAD",
1.229 + noAllowPreflight: 1,
1.230 + },
1.231 +
1.232 + // HEAD with safe headers
1.233 + { pass: 1,
1.234 + method: "HEAD",
1.235 + headers: { "Content-Type": "text/plain",
1.236 + "Accept": "foo/bar",
1.237 + "Accept-Language": "sv-SE" },
1.238 + noAllowPreflight: 1,
1.239 + },
1.240 + { pass: 0,
1.241 + method: "HEAD",
1.242 + headers: { "Content-Type": "foo/bar",
1.243 + "Accept": "foo/bar",
1.244 + "Accept-Language": "sv-SE" },
1.245 + noAllowPreflight: 1,
1.246 + },
1.247 +
1.248 + // HEAD with custom headers
1.249 + { pass: 1,
1.250 + method: "HEAD",
1.251 + headers: { "x-my-header": "myValue" },
1.252 + allowHeaders: "x-my-header",
1.253 + },
1.254 + { pass: 0,
1.255 + method: "HEAD",
1.256 + headers: { "x-my-header": "myValue" },
1.257 + },
1.258 + { pass: 0,
1.259 + method: "HEAD",
1.260 + headers: { "x-my-header": "myValue" },
1.261 + allowHeaders: "",
1.262 + },
1.263 + { pass: 0,
1.264 + method: "HEAD",
1.265 + headers: { "x-my-header": "myValue" },
1.266 + allowHeaders: "y-my-header",
1.267 + },
1.268 + { pass: 0,
1.269 + method: "HEAD",
1.270 + headers: { "x-my-header": "myValue" },
1.271 + allowHeaders: "x-my-header y-my-header",
1.272 + },
1.273 +
1.274 + // POST tests
1.275 + { pass: 1,
1.276 + method: "POST",
1.277 + body: "hi there",
1.278 + noAllowPreflight: 1,
1.279 + },
1.280 + { pass: 1,
1.281 + method: "POST",
1.282 + },
1.283 + { pass: 1,
1.284 + method: "POST",
1.285 + noAllowPreflight: 1,
1.286 + },
1.287 +
1.288 + // POST with standard headers
1.289 + { pass: 1,
1.290 + method: "POST",
1.291 + body: "hi there",
1.292 + headers: { "Content-Type": "text/plain" },
1.293 + noAllowPreflight: 1,
1.294 + },
1.295 + { pass: 1,
1.296 + method: "POST",
1.297 + body: "hi there",
1.298 + headers: { "Content-Type": "multipart/form-data" },
1.299 + noAllowPreflight: 1,
1.300 + },
1.301 + { pass: 1,
1.302 + method: "POST",
1.303 + body: "hi there",
1.304 + headers: { "Content-Type": "application/x-www-form-urlencoded" },
1.305 + noAllowPreflight: 1,
1.306 + },
1.307 + { pass: 0,
1.308 + method: "POST",
1.309 + body: "hi there",
1.310 + headers: { "Content-Type": "foo/bar" },
1.311 + },
1.312 + { pass: 0,
1.313 + method: "POST",
1.314 + headers: { "Content-Type": "foo/bar" },
1.315 + },
1.316 + { pass: 1,
1.317 + method: "POST",
1.318 + body: "hi there",
1.319 + headers: { "Content-Type": "text/plain",
1.320 + "Accept": "foo/bar",
1.321 + "Accept-Language": "sv-SE" },
1.322 + noAllowPreflight: 1,
1.323 + },
1.324 +
1.325 + // POST with custom headers
1.326 + { pass: 1,
1.327 + method: "POST",
1.328 + body: "hi there",
1.329 + headers: { "Accept": "foo/bar",
1.330 + "Accept-Language": "sv-SE",
1.331 + "x-my-header": "myValue" },
1.332 + allowHeaders: "x-my-header",
1.333 + },
1.334 + { pass: 1,
1.335 + method: "POST",
1.336 + headers: { "Content-Type": "text/plain",
1.337 + "x-my-header": "myValue" },
1.338 + allowHeaders: "x-my-header",
1.339 + },
1.340 + { pass: 1,
1.341 + method: "POST",
1.342 + body: "hi there",
1.343 + headers: { "Content-Type": "text/plain",
1.344 + "x-my-header": "myValue" },
1.345 + allowHeaders: "x-my-header",
1.346 + },
1.347 + { pass: 1,
1.348 + method: "POST",
1.349 + body: "hi there",
1.350 + headers: { "Content-Type": "foo/bar",
1.351 + "x-my-header": "myValue" },
1.352 + allowHeaders: "x-my-header, content-type",
1.353 + },
1.354 + { pass: 0,
1.355 + method: "POST",
1.356 + body: "hi there",
1.357 + headers: { "Content-Type": "foo/bar" },
1.358 + noAllowPreflight: 1,
1.359 + },
1.360 + { pass: 0,
1.361 + method: "POST",
1.362 + body: "hi there",
1.363 + headers: { "Content-Type": "foo/bar",
1.364 + "x-my-header": "myValue" },
1.365 + allowHeaders: "x-my-header",
1.366 + },
1.367 + { pass: 1,
1.368 + method: "POST",
1.369 + headers: { "x-my-header": "myValue" },
1.370 + allowHeaders: "x-my-header",
1.371 + },
1.372 + { pass: 1,
1.373 + method: "POST",
1.374 + body: "hi there",
1.375 + headers: { "x-my-header": "myValue" },
1.376 + allowHeaders: "x-my-header, $_%",
1.377 + },
1.378 +
1.379 + // Other methods
1.380 + { pass: 1,
1.381 + method: "DELETE",
1.382 + allowMethods: "DELETE",
1.383 + },
1.384 + { pass: 0,
1.385 + method: "DELETE",
1.386 + allowHeaders: "DELETE",
1.387 + },
1.388 + { pass: 0,
1.389 + method: "DELETE",
1.390 + },
1.391 + { pass: 0,
1.392 + method: "DELETE",
1.393 + allowMethods: "",
1.394 + },
1.395 + { pass: 1,
1.396 + method: "DELETE",
1.397 + allowMethods: "POST, PUT, DELETE",
1.398 + },
1.399 + { pass: 1,
1.400 + method: "DELETE",
1.401 + allowMethods: "POST, DELETE, PUT",
1.402 + },
1.403 + { pass: 1,
1.404 + method: "DELETE",
1.405 + allowMethods: "DELETE, POST, PUT",
1.406 + },
1.407 + { pass: 1,
1.408 + method: "DELETE",
1.409 + allowMethods: "POST ,PUT ,DELETE",
1.410 + },
1.411 + { pass: 1,
1.412 + method: "DELETE",
1.413 + allowMethods: "POST,PUT,DELETE",
1.414 + },
1.415 + { pass: 1,
1.416 + method: "DELETE",
1.417 + allowMethods: "POST , PUT , DELETE",
1.418 + },
1.419 + { pass: 1,
1.420 + method: "DELETE",
1.421 + allowMethods: " ,, PUT ,, , , DELETE , ,",
1.422 + },
1.423 + { pass: 0,
1.424 + method: "DELETE",
1.425 + allowMethods: "PUT",
1.426 + },
1.427 + { pass: 0,
1.428 + method: "DELETE",
1.429 + allowMethods: "DELETEZ",
1.430 + },
1.431 + { pass: 0,
1.432 + method: "DELETE",
1.433 + allowMethods: "DELETE PUT",
1.434 + },
1.435 + { pass: 0,
1.436 + method: "DELETE",
1.437 + allowMethods: "DELETE, PUT Z",
1.438 + },
1.439 + { pass: 0,
1.440 + method: "DELETE",
1.441 + allowMethods: "DELETE, PU(T",
1.442 + },
1.443 + { pass: 0,
1.444 + method: "DELETE",
1.445 + allowMethods: "PUT DELETE",
1.446 + },
1.447 + { pass: 0,
1.448 + method: "DELETE",
1.449 + allowMethods: "PUT Z, DELETE",
1.450 + },
1.451 + { pass: 0,
1.452 + method: "DELETE",
1.453 + allowMethods: "PU(T, DELETE",
1.454 + },
1.455 + { pass: 0,
1.456 + method: "MYMETHOD",
1.457 + allowMethods: "myMethod",
1.458 + },
1.459 + { pass: 0,
1.460 + method: "PUT",
1.461 + allowMethods: "put",
1.462 + },
1.463 +
1.464 + // Progress events
1.465 + { pass: 1,
1.466 + method: "POST",
1.467 + body: "hi there",
1.468 + headers: { "Content-Type": "text/plain" },
1.469 + uploadProgress: "progress",
1.470 + },
1.471 + { pass: 0,
1.472 + method: "POST",
1.473 + body: "hi there",
1.474 + headers: { "Content-Type": "text/plain" },
1.475 + uploadProgress: "progress",
1.476 + noAllowPreflight: 1,
1.477 + },
1.478 +
1.479 + // Status messages
1.480 + { pass: 1,
1.481 + method: "GET",
1.482 + noAllowPreflight: 1,
1.483 + status: 404,
1.484 + statusMessage: "nothin' here",
1.485 + },
1.486 + { pass: 1,
1.487 + method: "GET",
1.488 + noAllowPreflight: 1,
1.489 + status: 401,
1.490 + statusMessage: "no can do",
1.491 + },
1.492 + { pass: 1,
1.493 + method: "POST",
1.494 + body: "hi there",
1.495 + headers: { "Content-Type": "foo/bar" },
1.496 + allowHeaders: "content-type",
1.497 + status: 500,
1.498 + statusMessage: "server boo",
1.499 + },
1.500 + { pass: 1,
1.501 + method: "GET",
1.502 + noAllowPreflight: 1,
1.503 + status: 200,
1.504 + statusMessage: "Yes!!",
1.505 + },
1.506 + { pass: 0,
1.507 + method: "GET",
1.508 + headers: { "x-my-header": "header value" },
1.509 + allowHeaders: "x-my-header",
1.510 + preflightStatus: 400
1.511 + },
1.512 + { pass: 1,
1.513 + method: "GET",
1.514 + headers: { "x-my-header": "header value" },
1.515 + allowHeaders: "x-my-header",
1.516 + preflightStatus: 200
1.517 + },
1.518 + { pass: 1,
1.519 + method: "GET",
1.520 + headers: { "x-my-header": "header value" },
1.521 + allowHeaders: "x-my-header",
1.522 + preflightStatus: 204
1.523 + },
1.524 +
1.525 + // exposed headers
1.526 + { pass: 1,
1.527 + method: "GET",
1.528 + responseHeaders: { "x-my-header": "x header" },
1.529 + exposeHeaders: "x-my-header",
1.530 + expectedResponseHeaders: ["x-my-header"],
1.531 + },
1.532 + { pass: 0,
1.533 + method: "GET",
1.534 + origin: "http://invalid",
1.535 + responseHeaders: { "x-my-header": "x header" },
1.536 + exposeHeaders: "x-my-header",
1.537 + expectedResponseHeaders: [],
1.538 + },
1.539 + { pass: 1,
1.540 + method: "GET",
1.541 + responseHeaders: { "x-my-header": "x header" },
1.542 + expectedResponseHeaders: [],
1.543 + },
1.544 + { pass: 1,
1.545 + method: "GET",
1.546 + responseHeaders: { "x-my-header": "x header" },
1.547 + exposeHeaders: "x-my-header y",
1.548 + expectedResponseHeaders: [],
1.549 + },
1.550 + { pass: 1,
1.551 + method: "GET",
1.552 + responseHeaders: { "x-my-header": "x header" },
1.553 + exposeHeaders: "y x-my-header",
1.554 + expectedResponseHeaders: [],
1.555 + },
1.556 + { pass: 1,
1.557 + method: "GET",
1.558 + responseHeaders: { "x-my-header": "x header" },
1.559 + exposeHeaders: "x-my-header, y-my-header z",
1.560 + expectedResponseHeaders: [],
1.561 + },
1.562 + { pass: 1,
1.563 + method: "GET",
1.564 + responseHeaders: { "x-my-header": "x header" },
1.565 + exposeHeaders: "x-my-header, y-my-hea(er",
1.566 + expectedResponseHeaders: [],
1.567 + },
1.568 + { pass: 1,
1.569 + method: "GET",
1.570 + responseHeaders: { "x-my-header": "x header",
1.571 + "y-my-header": "y header" },
1.572 + exposeHeaders: " , ,,y-my-header,z-my-header, ",
1.573 + expectedResponseHeaders: ["y-my-header"],
1.574 + },
1.575 + { pass: 1,
1.576 + method: "GET",
1.577 + responseHeaders: { "Cache-Control": "cacheControl header",
1.578 + "Content-Language": "contentLanguage header",
1.579 + "Expires":"expires header",
1.580 + "Last-Modified":"lastModified header",
1.581 + "Pragma":"pragma header",
1.582 + "Unexpected":"unexpected header" },
1.583 + expectedResponseHeaders: ["Cache-Control","Content-Language","Content-Type","Expires","Last-Modified","Pragma"],
1.584 + },
1.585 + // Check that sending a body in the OPTIONS response works
1.586 + { pass: 1,
1.587 + method: "DELETE",
1.588 + allowMethods: "DELETE",
1.589 + preflightBody: "I'm a preflight response body",
1.590 + },
1.591 + ];
1.592 +
1.593 + if (!runPreflightTests) {
1.594 + tests = [];
1.595 + }
1.596 +
1.597 + for (test of tests) {
1.598 + var req = {
1.599 + url: baseURL + "allowOrigin=" + escape(test.origin || origin),
1.600 + method: test.method,
1.601 + headers: test.headers,
1.602 + uploadProgress: test.uploadProgress,
1.603 + body: test.body,
1.604 + responseHeaders: test.responseHeaders,
1.605 + };
1.606 +
1.607 + if (test.pass) {
1.608 + req.url += "&origin=" + escape(origin) +
1.609 + "&requestMethod=" + test.method;
1.610 + }
1.611 +
1.612 + if ("username" in test) {
1.613 + req.username = test.username;
1.614 + }
1.615 +
1.616 + if ("password" in test) {
1.617 + req.password = test.password;
1.618 + }
1.619 +
1.620 + if (test.noAllowPreflight)
1.621 + req.url += "&noAllowPreflight";
1.622 +
1.623 + if (test.pass && "headers" in test) {
1.624 + function isUnsafeHeader(name) {
1.625 + lName = name.toLowerCase();
1.626 + return lName != "accept" &&
1.627 + lName != "accept-language" &&
1.628 + (lName != "content-type" ||
1.629 + ["text/plain",
1.630 + "multipart/form-data",
1.631 + "application/x-www-form-urlencoded"]
1.632 + .indexOf(test.headers[name].toLowerCase()) == -1);
1.633 + }
1.634 + req.url += "&headers=" + escape(test.headers.toSource());
1.635 + reqHeaders =
1.636 + escape([name for (name in test.headers)]
1.637 + .filter(isUnsafeHeader)
1.638 + .map(String.toLowerCase)
1.639 + .sort()
1.640 + .join(","));
1.641 + req.url += reqHeaders ? "&requestHeaders=" + reqHeaders : "";
1.642 + }
1.643 + if ("allowHeaders" in test)
1.644 + req.url += "&allowHeaders=" + escape(test.allowHeaders);
1.645 + if ("allowMethods" in test)
1.646 + req.url += "&allowMethods=" + escape(test.allowMethods);
1.647 + if (test.body)
1.648 + req.url += "&body=" + escape(test.body);
1.649 + if (test.status) {
1.650 + req.url += "&status=" + test.status;
1.651 + req.url += "&statusMessage=" + escape(test.statusMessage);
1.652 + }
1.653 + if (test.preflightStatus)
1.654 + req.url += "&preflightStatus=" + test.preflightStatus;
1.655 + if (test.responseHeaders)
1.656 + req.url += "&responseHeaders=" + escape(test.responseHeaders.toSource());
1.657 + if (test.exposeHeaders)
1.658 + req.url += "&exposeHeaders=" + escape(test.exposeHeaders);
1.659 + if (test.preflightBody)
1.660 + req.url += "&preflightBody=" + escape(test.preflightBody);
1.661 +
1.662 + loaderWindow.postMessage(req.toSource(), origin);
1.663 + res = eval(yield);
1.664 +
1.665 + if (test.pass) {
1.666 + is(res.didFail, false,
1.667 + "shouldn't have failed in test for " + test.toSource());
1.668 + if (test.status) {
1.669 + is(res.status, test.status, "wrong status in test for " + test.toSource());
1.670 + is(res.statusText, test.statusMessage, "wrong status text for " + test.toSource());
1.671 + }
1.672 + else {
1.673 + is(res.status, 200, "wrong status in test for " + test.toSource());
1.674 + is(res.statusText, "OK", "wrong status text for " + test.toSource());
1.675 + }
1.676 + if (test.method !== "HEAD") {
1.677 + is(res.responseXML, "<res>hello pass</res>",
1.678 + "wrong responseXML in test for " + test.toSource());
1.679 + is(res.responseText, "<res>hello pass</res>\n",
1.680 + "wrong responseText in test for " + test.toSource());
1.681 + is(res.events.join(","),
1.682 + "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
1.683 + "wrong responseText in test for " + test.toSource());
1.684 + }
1.685 + else {
1.686 + is(res.responseXML, null,
1.687 + "wrong responseXML in test for " + test.toSource());
1.688 + is(res.responseText, "",
1.689 + "wrong responseText in test for " + test.toSource());
1.690 + is(res.events.join(","),
1.691 + "opening,rs1,sending,loadstart,rs2,rs4,load,loadend",
1.692 + "wrong responseText in test for " + test.toSource());
1.693 + }
1.694 + if (test.responseHeaders) {
1.695 + for (header in test.responseHeaders) {
1.696 + if (test.expectedResponseHeaders.indexOf(header) == -1) {
1.697 + is(res.responseHeaders[header], null,
1.698 + "|xhr.getResponseHeader()|wrong response header (" + header + ") in test for " +
1.699 + test.toSource());
1.700 + is(res.allResponseHeaders[header], null,
1.701 + "|xhr.getAllResponseHeaderss()|wrong response header (" + header + ") in test for " +
1.702 + test.toSource());
1.703 + }
1.704 + else {
1.705 + is(res.responseHeaders[header], test.responseHeaders[header],
1.706 + "|xhr.getResponseHeader()|wrong response header (" + header + ") in test for " +
1.707 + test.toSource());
1.708 + is(res.allResponseHeaders[header], test.responseHeaders[header],
1.709 + "|xhr.getAllResponseHeaderss()|wrong response header (" + header + ") in test for " +
1.710 + test.toSource());
1.711 + }
1.712 + }
1.713 + }
1.714 + }
1.715 + else {
1.716 + is(res.didFail, true,
1.717 + "should have failed in test for " + test.toSource());
1.718 + is(res.status, 0, "wrong status in test for " + test.toSource());
1.719 + is(res.statusText, "", "wrong status text for " + test.toSource());
1.720 + is(res.responseXML, null,
1.721 + "wrong responseXML in test for " + test.toSource());
1.722 + is(res.responseText, "",
1.723 + "wrong responseText in test for " + test.toSource());
1.724 + if (!res.sendThrew) {
1.725 + is(res.events.join(","),
1.726 + "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
1.727 + "wrong events in test for " + test.toSource());
1.728 + }
1.729 + is(res.progressEvents, 0,
1.730 + "wrong events in test for " + test.toSource());
1.731 + if (test.responseHeaders) {
1.732 + for (header in test.responseHeaders) {
1.733 + is(res.responseHeaders[header], null,
1.734 + "wrong response header (" + header + ") in test for " +
1.735 + test.toSource());
1.736 + }
1.737 + }
1.738 + }
1.739 + }
1.740 +
1.741 + // Test cookie behavior
1.742 + tests = [{ pass: 1,
1.743 + method: "GET",
1.744 + withCred: 1,
1.745 + allowCred: 1,
1.746 + },
1.747 + { pass: 0,
1.748 + method: "GET",
1.749 + withCred: 1,
1.750 + allowCred: 0,
1.751 + },
1.752 + { pass: 0,
1.753 + method: "GET",
1.754 + withCred: 1,
1.755 + allowCred: 1,
1.756 + origin: "*",
1.757 + },
1.758 + { pass: 1,
1.759 + method: "GET",
1.760 + withCred: 0,
1.761 + allowCred: 1,
1.762 + origin: "*",
1.763 + },
1.764 + { pass: 1,
1.765 + method: "GET",
1.766 + setCookie: "a=1",
1.767 + withCred: 1,
1.768 + allowCred: 1,
1.769 + },
1.770 + { pass: 1,
1.771 + method: "GET",
1.772 + cookie: "a=1",
1.773 + withCred: 1,
1.774 + allowCred: 1,
1.775 + },
1.776 + { pass: 1,
1.777 + method: "GET",
1.778 + noCookie: 1,
1.779 + withCred: 0,
1.780 + allowCred: 1,
1.781 + },
1.782 + { pass: 0,
1.783 + method: "GET",
1.784 + noCookie: 1,
1.785 + withCred: 1,
1.786 + allowCred: 1,
1.787 + },
1.788 + { pass: 1,
1.789 + method: "GET",
1.790 + setCookie: "a=2",
1.791 + withCred: 0,
1.792 + allowCred: 1,
1.793 + },
1.794 + { pass: 1,
1.795 + method: "GET",
1.796 + cookie: "a=1",
1.797 + withCred: 1,
1.798 + allowCred: 1,
1.799 + },
1.800 + { pass: 1,
1.801 + method: "GET",
1.802 + setCookie: "a=2",
1.803 + withCred: 1,
1.804 + allowCred: 1,
1.805 + },
1.806 + { pass: 1,
1.807 + method: "GET",
1.808 + cookie: "a=2",
1.809 + withCred: 1,
1.810 + allowCred: 1,
1.811 + },
1.812 + ];
1.813 +
1.814 + if (!runCookieTests) {
1.815 + tests = [];
1.816 + }
1.817 +
1.818 + for (test of tests) {
1.819 + req = {
1.820 + url: baseURL + "allowOrigin=" + escape(test.origin || origin),
1.821 + method: test.method,
1.822 + headers: test.headers,
1.823 + withCred: test.withCred,
1.824 + };
1.825 +
1.826 + if (test.allowCred)
1.827 + req.url += "&allowCred";
1.828 +
1.829 + if (test.setCookie)
1.830 + req.url += "&setCookie=" + escape(test.setCookie);
1.831 + if (test.cookie)
1.832 + req.url += "&cookie=" + escape(test.cookie);
1.833 + if (test.noCookie)
1.834 + req.url += "&noCookie";
1.835 +
1.836 + if ("allowHeaders" in test)
1.837 + req.url += "&allowHeaders=" + escape(test.allowHeaders);
1.838 + if ("allowMethods" in test)
1.839 + req.url += "&allowMethods=" + escape(test.allowMethods);
1.840 +
1.841 + loaderWindow.postMessage(req.toSource(), origin);
1.842 +
1.843 + res = eval(yield);
1.844 + if (test.pass) {
1.845 + is(res.didFail, false,
1.846 + "shouldn't have failed in test for " + test.toSource());
1.847 + is(res.status, 200, "wrong status in test for " + test.toSource());
1.848 + is(res.statusText, "OK", "wrong status text for " + test.toSource());
1.849 + is(res.responseXML, "<res>hello pass</res>",
1.850 + "wrong responseXML in test for " + test.toSource());
1.851 + is(res.responseText, "<res>hello pass</res>\n",
1.852 + "wrong responseText in test for " + test.toSource());
1.853 + is(res.events.join(","),
1.854 + "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
1.855 + "wrong responseText in test for " + test.toSource());
1.856 + }
1.857 + else {
1.858 + is(res.didFail, true,
1.859 + "should have failed in test for " + test.toSource());
1.860 + is(res.status, 0, "wrong status in test for " + test.toSource());
1.861 + is(res.statusText, "", "wrong status text for " + test.toSource());
1.862 + is(res.responseXML, null,
1.863 + "wrong responseXML in test for " + test.toSource());
1.864 + is(res.responseText, "",
1.865 + "wrong responseText in test for " + test.toSource());
1.866 + is(res.events.join(","),
1.867 + "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
1.868 + "wrong events in test for " + test.toSource());
1.869 + is(res.progressEvents, 0,
1.870 + "wrong events in test for " + test.toSource());
1.871 + }
1.872 + }
1.873 +
1.874 + // Make sure to clear cookies to avoid affecting other tests
1.875 + document.cookie = "a=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT"
1.876 + is(document.cookie, "", "No cookies should be left over");
1.877 +
1.878 +
1.879 + // Test redirects
1.880 + is(loader.src, "http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.html");
1.881 + is(origin, "http://example.org");
1.882 +
1.883 + tests = [{ pass: 1,
1.884 + method: "GET",
1.885 + hops: [{ server: "http://example.com",
1.886 + allowOrigin: origin
1.887 + },
1.888 + ],
1.889 + },
1.890 + { pass: 0,
1.891 + method: "GET",
1.892 + hops: [{ server: "http://example.com",
1.893 + allowOrigin: origin
1.894 + },
1.895 + { server: "http://example.org",
1.896 + allowOrigin: origin
1.897 + },
1.898 + ],
1.899 + },
1.900 + { pass: 1,
1.901 + method: "GET",
1.902 + hops: [{ server: "http://example.com",
1.903 + allowOrigin: origin
1.904 + },
1.905 + { server: "http://example.org",
1.906 + allowOrigin: "*"
1.907 + },
1.908 + ],
1.909 + },
1.910 + { pass: 0,
1.911 + method: "GET",
1.912 + hops: [{ server: "http://example.com",
1.913 + allowOrigin: origin
1.914 + },
1.915 + { server: "http://example.org",
1.916 + },
1.917 + ],
1.918 + },
1.919 + { pass: 1,
1.920 + method: "GET",
1.921 + hops: [{ server: "http://example.org",
1.922 + },
1.923 + { server: "http://example.org",
1.924 + },
1.925 + { server: "http://example.com",
1.926 + allowOrigin: origin
1.927 + },
1.928 + ],
1.929 + },
1.930 + { pass: 0,
1.931 + method: "GET",
1.932 + hops: [{ server: "http://example.org",
1.933 + },
1.934 + { server: "http://example.org",
1.935 + },
1.936 + { server: "http://example.com",
1.937 + allowOrigin: origin
1.938 + },
1.939 + { server: "http://example.org",
1.940 + },
1.941 + ],
1.942 + },
1.943 + { pass: 0,
1.944 + method: "GET",
1.945 + hops: [{ server: "http://example.com",
1.946 + allowOrigin: origin
1.947 + },
1.948 + { server: "http://test2.example.org:8000",
1.949 + allowOrigin: origin
1.950 + },
1.951 + { server: "http://sub2.xn--lt-uia.example.org",
1.952 + allowOrigin: origin
1.953 + },
1.954 + { server: "http://sub1.test1.example.org",
1.955 + allowOrigin: origin
1.956 + },
1.957 + ],
1.958 + },
1.959 + { pass: 0,
1.960 + method: "GET",
1.961 + hops: [{ server: "http://example.com",
1.962 + allowOrigin: origin
1.963 + },
1.964 + { server: "http://test2.example.org:8000",
1.965 + allowOrigin: origin
1.966 + },
1.967 + { server: "http://sub2.xn--lt-uia.example.org",
1.968 + allowOrigin: "*"
1.969 + },
1.970 + { server: "http://sub1.test1.example.org",
1.971 + allowOrigin: "*"
1.972 + },
1.973 + ],
1.974 + },
1.975 + { pass: 1,
1.976 + method: "GET",
1.977 + hops: [{ server: "http://example.com",
1.978 + allowOrigin: origin
1.979 + },
1.980 + { server: "http://test2.example.org:8000",
1.981 + allowOrigin: "*"
1.982 + },
1.983 + { server: "http://sub2.xn--lt-uia.example.org",
1.984 + allowOrigin: "*"
1.985 + },
1.986 + { server: "http://sub1.test1.example.org",
1.987 + allowOrigin: "*"
1.988 + },
1.989 + ],
1.990 + },
1.991 + { pass: 0,
1.992 + method: "GET",
1.993 + hops: [{ server: "http://example.com",
1.994 + allowOrigin: origin
1.995 + },
1.996 + { server: "http://test2.example.org:8000",
1.997 + allowOrigin: origin
1.998 + },
1.999 + { server: "http://sub2.xn--lt-uia.example.org",
1.1000 + allowOrigin: "x"
1.1001 + },
1.1002 + { server: "http://sub1.test1.example.org",
1.1003 + allowOrigin: origin
1.1004 + },
1.1005 + ],
1.1006 + },
1.1007 + { pass: 0,
1.1008 + method: "GET",
1.1009 + hops: [{ server: "http://example.com",
1.1010 + allowOrigin: origin
1.1011 + },
1.1012 + { server: "http://test2.example.org:8000",
1.1013 + allowOrigin: origin
1.1014 + },
1.1015 + { server: "http://sub2.xn--lt-uia.example.org",
1.1016 + allowOrigin: "*"
1.1017 + },
1.1018 + { server: "http://sub1.test1.example.org",
1.1019 + allowOrigin: origin
1.1020 + },
1.1021 + ],
1.1022 + },
1.1023 + { pass: 0,
1.1024 + method: "GET",
1.1025 + hops: [{ server: "http://example.com",
1.1026 + allowOrigin: origin
1.1027 + },
1.1028 + { server: "http://test2.example.org:8000",
1.1029 + allowOrigin: origin
1.1030 + },
1.1031 + { server: "http://sub2.xn--lt-uia.example.org",
1.1032 + allowOrigin: "*"
1.1033 + },
1.1034 + { server: "http://sub1.test1.example.org",
1.1035 + },
1.1036 + ],
1.1037 + },
1.1038 + { pass: 1,
1.1039 + method: "POST",
1.1040 + body: "hi there",
1.1041 + headers: { "Content-Type": "text/plain" },
1.1042 + hops: [{ server: "http://example.org",
1.1043 + },
1.1044 + { server: "http://example.com",
1.1045 + allowOrigin: origin,
1.1046 + },
1.1047 + ],
1.1048 + },
1.1049 + { pass: 0,
1.1050 + method: "POST",
1.1051 + body: "hi there",
1.1052 + headers: { "Content-Type": "text/plain",
1.1053 + "my-header": "myValue",
1.1054 + },
1.1055 + hops: [{ server: "http://example.org",
1.1056 + },
1.1057 + { server: "http://example.com",
1.1058 + allowOrigin: origin,
1.1059 + allowHeaders: "my-header",
1.1060 + },
1.1061 + ],
1.1062 + },
1.1063 + { pass: 0,
1.1064 + method: "DELETE",
1.1065 + hops: [{ server: "http://example.org",
1.1066 + },
1.1067 + { server: "http://example.com",
1.1068 + allowOrigin: origin,
1.1069 + },
1.1070 + ],
1.1071 + },
1.1072 + { pass: 0,
1.1073 + method: "POST",
1.1074 + body: "hi there",
1.1075 + headers: { "Content-Type": "text/plain",
1.1076 + "my-header": "myValue",
1.1077 + },
1.1078 + hops: [{ server: "http://example.com",
1.1079 + allowOrigin: origin,
1.1080 + },
1.1081 + { server: "http://sub1.test1.example.org",
1.1082 + allowOrigin: origin,
1.1083 + },
1.1084 + ],
1.1085 + },
1.1086 + { pass: 0,
1.1087 + method: "DELETE",
1.1088 + hops: [{ server: "http://example.com",
1.1089 + allowOrigin: origin,
1.1090 + },
1.1091 + { server: "http://sub1.test1.example.org",
1.1092 + allowOrigin: origin,
1.1093 + },
1.1094 + ],
1.1095 + },
1.1096 + { pass: 0,
1.1097 + method: "POST",
1.1098 + body: "hi there",
1.1099 + headers: { "Content-Type": "text/plain",
1.1100 + "my-header": "myValue",
1.1101 + },
1.1102 + hops: [{ server: "http://example.com",
1.1103 + },
1.1104 + { server: "http://sub1.test1.example.org",
1.1105 + allowOrigin: origin,
1.1106 + allowHeaders: "my-header",
1.1107 + },
1.1108 + ],
1.1109 + },
1.1110 + { pass: 1,
1.1111 + method: "POST",
1.1112 + body: "hi there",
1.1113 + headers: { "Content-Type": "text/plain" },
1.1114 + hops: [{ server: "http://example.org",
1.1115 + },
1.1116 + { server: "http://example.com",
1.1117 + allowOrigin: origin,
1.1118 + },
1.1119 + ],
1.1120 + },
1.1121 + { pass: 0,
1.1122 + method: "POST",
1.1123 + body: "hi there",
1.1124 + headers: { "Content-Type": "text/plain",
1.1125 + "my-header": "myValue",
1.1126 + },
1.1127 + hops: [{ server: "http://example.com",
1.1128 + allowOrigin: origin,
1.1129 + allowHeaders: "my-header",
1.1130 + },
1.1131 + { server: "http://example.org",
1.1132 + allowOrigin: origin,
1.1133 + allowHeaders: "my-header",
1.1134 + },
1.1135 + ],
1.1136 + },
1.1137 + ];
1.1138 +
1.1139 + if (!runRedirectTests) {
1.1140 + tests = [];
1.1141 + }
1.1142 +
1.1143 + for (test of tests) {
1.1144 + req = {
1.1145 + url: test.hops[0].server + basePath + "hop=1&hops=" +
1.1146 + escape(test.hops.toSource()),
1.1147 + method: test.method,
1.1148 + headers: test.headers,
1.1149 + body: test.body,
1.1150 + };
1.1151 +
1.1152 + if (test.pass) {
1.1153 + if (test.body)
1.1154 + req.url += "&body=" + escape(test.body);
1.1155 + }
1.1156 +
1.1157 + loaderWindow.postMessage(req.toSource(), origin);
1.1158 +
1.1159 + res = eval(yield);
1.1160 + if (test.pass) {
1.1161 + is(res.didFail, false,
1.1162 + "shouldn't have failed in test for " + test.toSource());
1.1163 + is(res.status, 200, "wrong status in test for " + test.toSource());
1.1164 + is(res.statusText, "OK", "wrong status text for " + test.toSource());
1.1165 + is(res.responseXML, "<res>hello pass</res>",
1.1166 + "wrong responseXML in test for " + test.toSource());
1.1167 + is(res.responseText, "<res>hello pass</res>\n",
1.1168 + "wrong responseText in test for " + test.toSource());
1.1169 + is(res.events.join(","),
1.1170 + "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
1.1171 + "wrong responseText in test for " + test.toSource());
1.1172 + }
1.1173 + else {
1.1174 + is(res.didFail, true,
1.1175 + "should have failed in test for " + test.toSource());
1.1176 + is(res.status, 0, "wrong status in test for " + test.toSource());
1.1177 + is(res.statusText, "", "wrong status text for " + test.toSource());
1.1178 + is(res.responseXML, null,
1.1179 + "wrong responseXML in test for " + test.toSource());
1.1180 + is(res.responseText, "",
1.1181 + "wrong responseText in test for " + test.toSource());
1.1182 + is(res.events.join(","),
1.1183 + "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
1.1184 + "wrong events in test for " + test.toSource());
1.1185 + is(res.progressEvents, 0,
1.1186 + "wrong progressevents in test for " + test.toSource());
1.1187 + }
1.1188 + }
1.1189 +
1.1190 +
1.1191 + SimpleTest.finish();
1.1192 +
1.1193 + yield undefined;
1.1194 +}
1.1195 +
1.1196 +</script>
1.1197 +</pre>
1.1198 +</body>
1.1199 +</html>
