content/base/test/test_CrossSiteXHR.html@6474c204b198
content/base/test/test_CrossSiteXHR.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!DOCTYPE HTML>
2 <html>
3 <head>
4 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
5 <title>Test for Cross Site XMLHttpRequest</title>
6 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
8 </head>
9 <body onload="initTest()">
10 <p id="display">
11 <iframe id=loader></iframe>
12 </p>
13 <div id="content" style="display: none">
15 </div>
16 <pre id="test">
17 <script class="testbody" type="application/javascript;version=1.8">
19 const runPreflightTests = 1;
20 const runCookieTests = 1;
21 const runRedirectTests = 1;
23 var gen;
25 function initTest() {
26 SimpleTest.waitForExplicitFinish();
27 // Allow all cookies, then do the actual test initialization
28 SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 0]]}, initTestCallback);
29 }
31 function initTestCallback() {
32 window.addEventListener("message", function(e) {
33 gen.send(e.data);
34 }, false);
36 gen = runTest();
38 gen.next()
39 }
41 function runTest() {
42 var loader = document.getElementById('loader');
43 var loaderWindow = loader.contentWindow;
44 loader.onload = function () { gen.next() };
46 // Test preflight-less requests
47 basePath = "/tests/content/base/test/file_CrossSiteXHR_server.sjs?"
48 baseURL = "http://mochi.test:8888" + basePath;
50 // Test preflighted requests
51 loader.src = "http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.html";
52 origin = "http://example.org";
53 yield undefined;
55 tests = [// Plain request
56 { pass: 1,
57 method: "GET",
58 noAllowPreflight: 1,
59 },
61 // undefined username
62 { pass: 1,
63 method: "GET",
64 noAllowPreflight: 1,
65 username: undefined
66 },
68 // undefined username and password
69 { pass: 1,
70 method: "GET",
71 noAllowPreflight: 1,
72 username: undefined,
73 password: undefined
74 },
76 // nonempty username
77 { pass: 0,
78 method: "GET",
79 noAllowPreflight: 1,
80 username: "user",
81 },
83 // nonempty password
84 // XXXbz this passes for now, because we ignore passwords
85 // without usernames in most cases.
86 { pass: 1,
87 method: "GET",
88 noAllowPreflight: 1,
89 password: "password",
90 },
92 // Default allowed headers
93 { pass: 1,
94 method: "GET",
95 headers: { "Content-Type": "text/plain",
96 "Accept": "foo/bar",
97 "Accept-Language": "sv-SE" },
98 noAllowPreflight: 1,
99 },
100 { pass: 0,
101 method: "GET",
102 headers: { "Content-Type": "foo/bar",
103 "Accept": "foo/bar",
104 "Accept-Language": "sv-SE" },
105 noAllowPreflight: 1,
106 },
108 // Custom headers
109 { pass: 1,
110 method: "GET",
111 headers: { "x-my-header": "myValue" },
112 allowHeaders: "x-my-header",
113 },
114 { pass: 1,
115 method: "GET",
116 headers: { "x-my-header": "myValue" },
117 allowHeaders: "X-My-Header",
118 },
119 { pass: 1,
120 method: "GET",
121 headers: { "x-my-header": "myValue",
122 "long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header": "secondValue" },
123 allowHeaders: "x-my-header, long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header-long-header",
124 },
125 { pass: 1,
126 method: "GET",
127 headers: { "x-my%-header": "myValue" },
128 allowHeaders: "x-my%-header",
129 },
130 { pass: 0,
131 method: "GET",
132 headers: { "x-my-header": "myValue" },
133 },
134 { pass: 0,
135 method: "GET",
136 headers: { "x-my-header": "" },
137 },
138 { pass: 0,
139 method: "GET",
140 headers: { "x-my-header": "myValue" },
141 allowHeaders: "",
142 },
143 { pass: 0,
144 method: "GET",
145 headers: { "x-my-header": "myValue" },
146 allowHeaders: "y-my-header",
147 },
148 { pass: 0,
149 method: "GET",
150 headers: { "x-my-header": "myValue" },
151 allowHeaders: "x-my-header y-my-header",
152 },
153 { pass: 0,
154 method: "GET",
155 headers: { "x-my-header": "myValue" },
156 allowHeaders: "x-my-header, y-my-header z",
157 },
158 { pass: 0,
159 method: "GET",
160 headers: { "x-my-header": "myValue" },
161 allowHeaders: "x-my-header, y-my-he(ader",
162 },
163 { pass: 0,
164 method: "GET",
165 headers: { "myheader": "" },
166 allowMethods: "myheader",
167 },
169 // Multiple custom headers
170 { pass: 1,
171 method: "GET",
172 headers: { "x-my-header": "myValue",
173 "second-header": "secondValue",
174 "third-header": "thirdValue" },
175 allowHeaders: "x-my-header, second-header, third-header",
176 },
177 { pass: 1,
178 method: "GET",
179 headers: { "x-my-header": "myValue",
180 "second-header": "secondValue",
181 "third-header": "thirdValue" },
182 allowHeaders: "x-my-header,second-header,third-header",
183 },
184 { pass: 1,
185 method: "GET",
186 headers: { "x-my-header": "myValue",
187 "second-header": "secondValue",
188 "third-header": "thirdValue" },
189 allowHeaders: "x-my-header ,second-header ,third-header",
190 },
191 { pass: 1,
192 method: "GET",
193 headers: { "x-my-header": "myValue",
194 "second-header": "secondValue",
195 "third-header": "thirdValue" },
196 allowHeaders: "x-my-header , second-header , third-header",
197 },
198 { pass: 1,
199 method: "GET",
200 headers: { "x-my-header": "myValue",
201 "second-header": "secondValue" },
202 allowHeaders: ", x-my-header, , ,, second-header, , ",
203 },
204 { pass: 1,
205 method: "GET",
206 headers: { "x-my-header": "myValue",
207 "second-header": "secondValue" },
208 allowHeaders: "x-my-header, second-header, unused-header",
209 },
210 { pass: 0,
211 method: "GET",
212 headers: { "x-my-header": "myValue",
213 "y-my-header": "secondValue" },
214 allowHeaders: "x-my-header",
215 },
216 { pass: 0,
217 method: "GET",
218 headers: { "x-my-header": "",
219 "y-my-header": "" },
220 allowHeaders: "x-my-header",
221 },
223 // HEAD requests
224 { pass: 1,
225 method: "HEAD",
226 noAllowPreflight: 1,
227 },
229 // HEAD with safe headers
230 { pass: 1,
231 method: "HEAD",
232 headers: { "Content-Type": "text/plain",
233 "Accept": "foo/bar",
234 "Accept-Language": "sv-SE" },
235 noAllowPreflight: 1,
236 },
237 { pass: 0,
238 method: "HEAD",
239 headers: { "Content-Type": "foo/bar",
240 "Accept": "foo/bar",
241 "Accept-Language": "sv-SE" },
242 noAllowPreflight: 1,
243 },
245 // HEAD with custom headers
246 { pass: 1,
247 method: "HEAD",
248 headers: { "x-my-header": "myValue" },
249 allowHeaders: "x-my-header",
250 },
251 { pass: 0,
252 method: "HEAD",
253 headers: { "x-my-header": "myValue" },
254 },
255 { pass: 0,
256 method: "HEAD",
257 headers: { "x-my-header": "myValue" },
258 allowHeaders: "",
259 },
260 { pass: 0,
261 method: "HEAD",
262 headers: { "x-my-header": "myValue" },
263 allowHeaders: "y-my-header",
264 },
265 { pass: 0,
266 method: "HEAD",
267 headers: { "x-my-header": "myValue" },
268 allowHeaders: "x-my-header y-my-header",
269 },
271 // POST tests
272 { pass: 1,
273 method: "POST",
274 body: "hi there",
275 noAllowPreflight: 1,
276 },
277 { pass: 1,
278 method: "POST",
279 },
280 { pass: 1,
281 method: "POST",
282 noAllowPreflight: 1,
283 },
285 // POST with standard headers
286 { pass: 1,
287 method: "POST",
288 body: "hi there",
289 headers: { "Content-Type": "text/plain" },
290 noAllowPreflight: 1,
291 },
292 { pass: 1,
293 method: "POST",
294 body: "hi there",
295 headers: { "Content-Type": "multipart/form-data" },
296 noAllowPreflight: 1,
297 },
298 { pass: 1,
299 method: "POST",
300 body: "hi there",
301 headers: { "Content-Type": "application/x-www-form-urlencoded" },
302 noAllowPreflight: 1,
303 },
304 { pass: 0,
305 method: "POST",
306 body: "hi there",
307 headers: { "Content-Type": "foo/bar" },
308 },
309 { pass: 0,
310 method: "POST",
311 headers: { "Content-Type": "foo/bar" },
312 },
313 { pass: 1,
314 method: "POST",
315 body: "hi there",
316 headers: { "Content-Type": "text/plain",
317 "Accept": "foo/bar",
318 "Accept-Language": "sv-SE" },
319 noAllowPreflight: 1,
320 },
322 // POST with custom headers
323 { pass: 1,
324 method: "POST",
325 body: "hi there",
326 headers: { "Accept": "foo/bar",
327 "Accept-Language": "sv-SE",
328 "x-my-header": "myValue" },
329 allowHeaders: "x-my-header",
330 },
331 { pass: 1,
332 method: "POST",
333 headers: { "Content-Type": "text/plain",
334 "x-my-header": "myValue" },
335 allowHeaders: "x-my-header",
336 },
337 { pass: 1,
338 method: "POST",
339 body: "hi there",
340 headers: { "Content-Type": "text/plain",
341 "x-my-header": "myValue" },
342 allowHeaders: "x-my-header",
343 },
344 { pass: 1,
345 method: "POST",
346 body: "hi there",
347 headers: { "Content-Type": "foo/bar",
348 "x-my-header": "myValue" },
349 allowHeaders: "x-my-header, content-type",
350 },
351 { pass: 0,
352 method: "POST",
353 body: "hi there",
354 headers: { "Content-Type": "foo/bar" },
355 noAllowPreflight: 1,
356 },
357 { pass: 0,
358 method: "POST",
359 body: "hi there",
360 headers: { "Content-Type": "foo/bar",
361 "x-my-header": "myValue" },
362 allowHeaders: "x-my-header",
363 },
364 { pass: 1,
365 method: "POST",
366 headers: { "x-my-header": "myValue" },
367 allowHeaders: "x-my-header",
368 },
369 { pass: 1,
370 method: "POST",
371 body: "hi there",
372 headers: { "x-my-header": "myValue" },
373 allowHeaders: "x-my-header, $_%",
374 },
376 // Other methods
377 { pass: 1,
378 method: "DELETE",
379 allowMethods: "DELETE",
380 },
381 { pass: 0,
382 method: "DELETE",
383 allowHeaders: "DELETE",
384 },
385 { pass: 0,
386 method: "DELETE",
387 },
388 { pass: 0,
389 method: "DELETE",
390 allowMethods: "",
391 },
392 { pass: 1,
393 method: "DELETE",
394 allowMethods: "POST, PUT, DELETE",
395 },
396 { pass: 1,
397 method: "DELETE",
398 allowMethods: "POST, DELETE, PUT",
399 },
400 { pass: 1,
401 method: "DELETE",
402 allowMethods: "DELETE, POST, PUT",
403 },
404 { pass: 1,
405 method: "DELETE",
406 allowMethods: "POST ,PUT ,DELETE",
407 },
408 { pass: 1,
409 method: "DELETE",
410 allowMethods: "POST,PUT,DELETE",
411 },
412 { pass: 1,
413 method: "DELETE",
414 allowMethods: "POST , PUT , DELETE",
415 },
416 { pass: 1,
417 method: "DELETE",
418 allowMethods: " ,, PUT ,, , , DELETE , ,",
419 },
420 { pass: 0,
421 method: "DELETE",
422 allowMethods: "PUT",
423 },
424 { pass: 0,
425 method: "DELETE",
426 allowMethods: "DELETEZ",
427 },
428 { pass: 0,
429 method: "DELETE",
430 allowMethods: "DELETE PUT",
431 },
432 { pass: 0,
433 method: "DELETE",
434 allowMethods: "DELETE, PUT Z",
435 },
436 { pass: 0,
437 method: "DELETE",
438 allowMethods: "DELETE, PU(T",
439 },
440 { pass: 0,
441 method: "DELETE",
442 allowMethods: "PUT DELETE",
443 },
444 { pass: 0,
445 method: "DELETE",
446 allowMethods: "PUT Z, DELETE",
447 },
448 { pass: 0,
449 method: "DELETE",
450 allowMethods: "PU(T, DELETE",
451 },
452 { pass: 0,
453 method: "MYMETHOD",
454 allowMethods: "myMethod",
455 },
456 { pass: 0,
457 method: "PUT",
458 allowMethods: "put",
459 },
461 // Progress events
462 { pass: 1,
463 method: "POST",
464 body: "hi there",
465 headers: { "Content-Type": "text/plain" },
466 uploadProgress: "progress",
467 },
468 { pass: 0,
469 method: "POST",
470 body: "hi there",
471 headers: { "Content-Type": "text/plain" },
472 uploadProgress: "progress",
473 noAllowPreflight: 1,
474 },
476 // Status messages
477 { pass: 1,
478 method: "GET",
479 noAllowPreflight: 1,
480 status: 404,
481 statusMessage: "nothin' here",
482 },
483 { pass: 1,
484 method: "GET",
485 noAllowPreflight: 1,
486 status: 401,
487 statusMessage: "no can do",
488 },
489 { pass: 1,
490 method: "POST",
491 body: "hi there",
492 headers: { "Content-Type": "foo/bar" },
493 allowHeaders: "content-type",
494 status: 500,
495 statusMessage: "server boo",
496 },
497 { pass: 1,
498 method: "GET",
499 noAllowPreflight: 1,
500 status: 200,
501 statusMessage: "Yes!!",
502 },
503 { pass: 0,
504 method: "GET",
505 headers: { "x-my-header": "header value" },
506 allowHeaders: "x-my-header",
507 preflightStatus: 400
508 },
509 { pass: 1,
510 method: "GET",
511 headers: { "x-my-header": "header value" },
512 allowHeaders: "x-my-header",
513 preflightStatus: 200
514 },
515 { pass: 1,
516 method: "GET",
517 headers: { "x-my-header": "header value" },
518 allowHeaders: "x-my-header",
519 preflightStatus: 204
520 },
522 // exposed headers
523 { pass: 1,
524 method: "GET",
525 responseHeaders: { "x-my-header": "x header" },
526 exposeHeaders: "x-my-header",
527 expectedResponseHeaders: ["x-my-header"],
528 },
529 { pass: 0,
530 method: "GET",
531 origin: "http://invalid",
532 responseHeaders: { "x-my-header": "x header" },
533 exposeHeaders: "x-my-header",
534 expectedResponseHeaders: [],
535 },
536 { pass: 1,
537 method: "GET",
538 responseHeaders: { "x-my-header": "x header" },
539 expectedResponseHeaders: [],
540 },
541 { pass: 1,
542 method: "GET",
543 responseHeaders: { "x-my-header": "x header" },
544 exposeHeaders: "x-my-header y",
545 expectedResponseHeaders: [],
546 },
547 { pass: 1,
548 method: "GET",
549 responseHeaders: { "x-my-header": "x header" },
550 exposeHeaders: "y x-my-header",
551 expectedResponseHeaders: [],
552 },
553 { pass: 1,
554 method: "GET",
555 responseHeaders: { "x-my-header": "x header" },
556 exposeHeaders: "x-my-header, y-my-header z",
557 expectedResponseHeaders: [],
558 },
559 { pass: 1,
560 method: "GET",
561 responseHeaders: { "x-my-header": "x header" },
562 exposeHeaders: "x-my-header, y-my-hea(er",
563 expectedResponseHeaders: [],
564 },
565 { pass: 1,
566 method: "GET",
567 responseHeaders: { "x-my-header": "x header",
568 "y-my-header": "y header" },
569 exposeHeaders: " , ,,y-my-header,z-my-header, ",
570 expectedResponseHeaders: ["y-my-header"],
571 },
572 { pass: 1,
573 method: "GET",
574 responseHeaders: { "Cache-Control": "cacheControl header",
575 "Content-Language": "contentLanguage header",
576 "Expires":"expires header",
577 "Last-Modified":"lastModified header",
578 "Pragma":"pragma header",
579 "Unexpected":"unexpected header" },
580 expectedResponseHeaders: ["Cache-Control","Content-Language","Content-Type","Expires","Last-Modified","Pragma"],
581 },
582 // Check that sending a body in the OPTIONS response works
583 { pass: 1,
584 method: "DELETE",
585 allowMethods: "DELETE",
586 preflightBody: "I'm a preflight response body",
587 },
588 ];
590 if (!runPreflightTests) {
591 tests = [];
592 }
594 for (test of tests) {
595 var req = {
596 url: baseURL + "allowOrigin=" + escape(test.origin || origin),
597 method: test.method,
598 headers: test.headers,
599 uploadProgress: test.uploadProgress,
600 body: test.body,
601 responseHeaders: test.responseHeaders,
602 };
604 if (test.pass) {
605 req.url += "&origin=" + escape(origin) +
606 "&requestMethod=" + test.method;
607 }
609 if ("username" in test) {
610 req.username = test.username;
611 }
613 if ("password" in test) {
614 req.password = test.password;
615 }
617 if (test.noAllowPreflight)
618 req.url += "&noAllowPreflight";
620 if (test.pass && "headers" in test) {
621 function isUnsafeHeader(name) {
622 lName = name.toLowerCase();
623 return lName != "accept" &&
624 lName != "accept-language" &&
625 (lName != "content-type" ||
626 ["text/plain",
627 "multipart/form-data",
628 "application/x-www-form-urlencoded"]
629 .indexOf(test.headers[name].toLowerCase()) == -1);
630 }
631 req.url += "&headers=" + escape(test.headers.toSource());
632 reqHeaders =
633 escape([name for (name in test.headers)]
634 .filter(isUnsafeHeader)
635 .map(String.toLowerCase)
636 .sort()
637 .join(","));
638 req.url += reqHeaders ? "&requestHeaders=" + reqHeaders : "";
639 }
640 if ("allowHeaders" in test)
641 req.url += "&allowHeaders=" + escape(test.allowHeaders);
642 if ("allowMethods" in test)
643 req.url += "&allowMethods=" + escape(test.allowMethods);
644 if (test.body)
645 req.url += "&body=" + escape(test.body);
646 if (test.status) {
647 req.url += "&status=" + test.status;
648 req.url += "&statusMessage=" + escape(test.statusMessage);
649 }
650 if (test.preflightStatus)
651 req.url += "&preflightStatus=" + test.preflightStatus;
652 if (test.responseHeaders)
653 req.url += "&responseHeaders=" + escape(test.responseHeaders.toSource());
654 if (test.exposeHeaders)
655 req.url += "&exposeHeaders=" + escape(test.exposeHeaders);
656 if (test.preflightBody)
657 req.url += "&preflightBody=" + escape(test.preflightBody);
659 loaderWindow.postMessage(req.toSource(), origin);
660 res = eval(yield);
662 if (test.pass) {
663 is(res.didFail, false,
664 "shouldn't have failed in test for " + test.toSource());
665 if (test.status) {
666 is(res.status, test.status, "wrong status in test for " + test.toSource());
667 is(res.statusText, test.statusMessage, "wrong status text for " + test.toSource());
668 }
669 else {
670 is(res.status, 200, "wrong status in test for " + test.toSource());
671 is(res.statusText, "OK", "wrong status text for " + test.toSource());
672 }
673 if (test.method !== "HEAD") {
674 is(res.responseXML, "<res>hello pass</res>",
675 "wrong responseXML in test for " + test.toSource());
676 is(res.responseText, "<res>hello pass</res>\n",
677 "wrong responseText in test for " + test.toSource());
678 is(res.events.join(","),
679 "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
680 "wrong responseText in test for " + test.toSource());
681 }
682 else {
683 is(res.responseXML, null,
684 "wrong responseXML in test for " + test.toSource());
685 is(res.responseText, "",
686 "wrong responseText in test for " + test.toSource());
687 is(res.events.join(","),
688 "opening,rs1,sending,loadstart,rs2,rs4,load,loadend",
689 "wrong responseText in test for " + test.toSource());
690 }
691 if (test.responseHeaders) {
692 for (header in test.responseHeaders) {
693 if (test.expectedResponseHeaders.indexOf(header) == -1) {
694 is(res.responseHeaders[header], null,
695 "|xhr.getResponseHeader()|wrong response header (" + header + ") in test for " +
696 test.toSource());
697 is(res.allResponseHeaders[header], null,
698 "|xhr.getAllResponseHeaderss()|wrong response header (" + header + ") in test for " +
699 test.toSource());
700 }
701 else {
702 is(res.responseHeaders[header], test.responseHeaders[header],
703 "|xhr.getResponseHeader()|wrong response header (" + header + ") in test for " +
704 test.toSource());
705 is(res.allResponseHeaders[header], test.responseHeaders[header],
706 "|xhr.getAllResponseHeaderss()|wrong response header (" + header + ") in test for " +
707 test.toSource());
708 }
709 }
710 }
711 }
712 else {
713 is(res.didFail, true,
714 "should have failed in test for " + test.toSource());
715 is(res.status, 0, "wrong status in test for " + test.toSource());
716 is(res.statusText, "", "wrong status text for " + test.toSource());
717 is(res.responseXML, null,
718 "wrong responseXML in test for " + test.toSource());
719 is(res.responseText, "",
720 "wrong responseText in test for " + test.toSource());
721 if (!res.sendThrew) {
722 is(res.events.join(","),
723 "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
724 "wrong events in test for " + test.toSource());
725 }
726 is(res.progressEvents, 0,
727 "wrong events in test for " + test.toSource());
728 if (test.responseHeaders) {
729 for (header in test.responseHeaders) {
730 is(res.responseHeaders[header], null,
731 "wrong response header (" + header + ") in test for " +
732 test.toSource());
733 }
734 }
735 }
736 }
738 // Test cookie behavior
739 tests = [{ pass: 1,
740 method: "GET",
741 withCred: 1,
742 allowCred: 1,
743 },
744 { pass: 0,
745 method: "GET",
746 withCred: 1,
747 allowCred: 0,
748 },
749 { pass: 0,
750 method: "GET",
751 withCred: 1,
752 allowCred: 1,
753 origin: "*",
754 },
755 { pass: 1,
756 method: "GET",
757 withCred: 0,
758 allowCred: 1,
759 origin: "*",
760 },
761 { pass: 1,
762 method: "GET",
763 setCookie: "a=1",
764 withCred: 1,
765 allowCred: 1,
766 },
767 { pass: 1,
768 method: "GET",
769 cookie: "a=1",
770 withCred: 1,
771 allowCred: 1,
772 },
773 { pass: 1,
774 method: "GET",
775 noCookie: 1,
776 withCred: 0,
777 allowCred: 1,
778 },
779 { pass: 0,
780 method: "GET",
781 noCookie: 1,
782 withCred: 1,
783 allowCred: 1,
784 },
785 { pass: 1,
786 method: "GET",
787 setCookie: "a=2",
788 withCred: 0,
789 allowCred: 1,
790 },
791 { pass: 1,
792 method: "GET",
793 cookie: "a=1",
794 withCred: 1,
795 allowCred: 1,
796 },
797 { pass: 1,
798 method: "GET",
799 setCookie: "a=2",
800 withCred: 1,
801 allowCred: 1,
802 },
803 { pass: 1,
804 method: "GET",
805 cookie: "a=2",
806 withCred: 1,
807 allowCred: 1,
808 },
809 ];
811 if (!runCookieTests) {
812 tests = [];
813 }
815 for (test of tests) {
816 req = {
817 url: baseURL + "allowOrigin=" + escape(test.origin || origin),
818 method: test.method,
819 headers: test.headers,
820 withCred: test.withCred,
821 };
823 if (test.allowCred)
824 req.url += "&allowCred";
826 if (test.setCookie)
827 req.url += "&setCookie=" + escape(test.setCookie);
828 if (test.cookie)
829 req.url += "&cookie=" + escape(test.cookie);
830 if (test.noCookie)
831 req.url += "&noCookie";
833 if ("allowHeaders" in test)
834 req.url += "&allowHeaders=" + escape(test.allowHeaders);
835 if ("allowMethods" in test)
836 req.url += "&allowMethods=" + escape(test.allowMethods);
838 loaderWindow.postMessage(req.toSource(), origin);
840 res = eval(yield);
841 if (test.pass) {
842 is(res.didFail, false,
843 "shouldn't have failed in test for " + test.toSource());
844 is(res.status, 200, "wrong status in test for " + test.toSource());
845 is(res.statusText, "OK", "wrong status text for " + test.toSource());
846 is(res.responseXML, "<res>hello pass</res>",
847 "wrong responseXML in test for " + test.toSource());
848 is(res.responseText, "<res>hello pass</res>\n",
849 "wrong responseText in test for " + test.toSource());
850 is(res.events.join(","),
851 "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
852 "wrong responseText in test for " + test.toSource());
853 }
854 else {
855 is(res.didFail, true,
856 "should have failed in test for " + test.toSource());
857 is(res.status, 0, "wrong status in test for " + test.toSource());
858 is(res.statusText, "", "wrong status text for " + test.toSource());
859 is(res.responseXML, null,
860 "wrong responseXML in test for " + test.toSource());
861 is(res.responseText, "",
862 "wrong responseText in test for " + test.toSource());
863 is(res.events.join(","),
864 "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
865 "wrong events in test for " + test.toSource());
866 is(res.progressEvents, 0,
867 "wrong events in test for " + test.toSource());
868 }
869 }
871 // Make sure to clear cookies to avoid affecting other tests
872 document.cookie = "a=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT"
873 is(document.cookie, "", "No cookies should be left over");
876 // Test redirects
877 is(loader.src, "http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.html");
878 is(origin, "http://example.org");
880 tests = [{ pass: 1,
881 method: "GET",
882 hops: [{ server: "http://example.com",
883 allowOrigin: origin
884 },
885 ],
886 },
887 { pass: 0,
888 method: "GET",
889 hops: [{ server: "http://example.com",
890 allowOrigin: origin
891 },
892 { server: "http://example.org",
893 allowOrigin: origin
894 },
895 ],
896 },
897 { pass: 1,
898 method: "GET",
899 hops: [{ server: "http://example.com",
900 allowOrigin: origin
901 },
902 { server: "http://example.org",
903 allowOrigin: "*"
904 },
905 ],
906 },
907 { pass: 0,
908 method: "GET",
909 hops: [{ server: "http://example.com",
910 allowOrigin: origin
911 },
912 { server: "http://example.org",
913 },
914 ],
915 },
916 { pass: 1,
917 method: "GET",
918 hops: [{ server: "http://example.org",
919 },
920 { server: "http://example.org",
921 },
922 { server: "http://example.com",
923 allowOrigin: origin
924 },
925 ],
926 },
927 { pass: 0,
928 method: "GET",
929 hops: [{ server: "http://example.org",
930 },
931 { server: "http://example.org",
932 },
933 { server: "http://example.com",
934 allowOrigin: origin
935 },
936 { server: "http://example.org",
937 },
938 ],
939 },
940 { pass: 0,
941 method: "GET",
942 hops: [{ server: "http://example.com",
943 allowOrigin: origin
944 },
945 { server: "http://test2.example.org:8000",
946 allowOrigin: origin
947 },
948 { server: "http://sub2.xn--lt-uia.example.org",
949 allowOrigin: origin
950 },
951 { server: "http://sub1.test1.example.org",
952 allowOrigin: origin
953 },
954 ],
955 },
956 { pass: 0,
957 method: "GET",
958 hops: [{ server: "http://example.com",
959 allowOrigin: origin
960 },
961 { server: "http://test2.example.org:8000",
962 allowOrigin: origin
963 },
964 { server: "http://sub2.xn--lt-uia.example.org",
965 allowOrigin: "*"
966 },
967 { server: "http://sub1.test1.example.org",
968 allowOrigin: "*"
969 },
970 ],
971 },
972 { pass: 1,
973 method: "GET",
974 hops: [{ server: "http://example.com",
975 allowOrigin: origin
976 },
977 { server: "http://test2.example.org:8000",
978 allowOrigin: "*"
979 },
980 { server: "http://sub2.xn--lt-uia.example.org",
981 allowOrigin: "*"
982 },
983 { server: "http://sub1.test1.example.org",
984 allowOrigin: "*"
985 },
986 ],
987 },
988 { pass: 0,
989 method: "GET",
990 hops: [{ server: "http://example.com",
991 allowOrigin: origin
992 },
993 { server: "http://test2.example.org:8000",
994 allowOrigin: origin
995 },
996 { server: "http://sub2.xn--lt-uia.example.org",
997 allowOrigin: "x"
998 },
999 { server: "http://sub1.test1.example.org",
1000 allowOrigin: origin
1001 },
1002 ],
1003 },
1004 { pass: 0,
1005 method: "GET",
1006 hops: [{ server: "http://example.com",
1007 allowOrigin: origin
1008 },
1009 { server: "http://test2.example.org:8000",
1010 allowOrigin: origin
1011 },
1012 { server: "http://sub2.xn--lt-uia.example.org",
1013 allowOrigin: "*"
1014 },
1015 { server: "http://sub1.test1.example.org",
1016 allowOrigin: origin
1017 },
1018 ],
1019 },
1020 { pass: 0,
1021 method: "GET",
1022 hops: [{ server: "http://example.com",
1023 allowOrigin: origin
1024 },
1025 { server: "http://test2.example.org:8000",
1026 allowOrigin: origin
1027 },
1028 { server: "http://sub2.xn--lt-uia.example.org",
1029 allowOrigin: "*"
1030 },
1031 { server: "http://sub1.test1.example.org",
1032 },
1033 ],
1034 },
1035 { pass: 1,
1036 method: "POST",
1037 body: "hi there",
1038 headers: { "Content-Type": "text/plain" },
1039 hops: [{ server: "http://example.org",
1040 },
1041 { server: "http://example.com",
1042 allowOrigin: origin,
1043 },
1044 ],
1045 },
1046 { pass: 0,
1047 method: "POST",
1048 body: "hi there",
1049 headers: { "Content-Type": "text/plain",
1050 "my-header": "myValue",
1051 },
1052 hops: [{ server: "http://example.org",
1053 },
1054 { server: "http://example.com",
1055 allowOrigin: origin,
1056 allowHeaders: "my-header",
1057 },
1058 ],
1059 },
1060 { pass: 0,
1061 method: "DELETE",
1062 hops: [{ server: "http://example.org",
1063 },
1064 { server: "http://example.com",
1065 allowOrigin: origin,
1066 },
1067 ],
1068 },
1069 { pass: 0,
1070 method: "POST",
1071 body: "hi there",
1072 headers: { "Content-Type": "text/plain",
1073 "my-header": "myValue",
1074 },
1075 hops: [{ server: "http://example.com",
1076 allowOrigin: origin,
1077 },
1078 { server: "http://sub1.test1.example.org",
1079 allowOrigin: origin,
1080 },
1081 ],
1082 },
1083 { pass: 0,
1084 method: "DELETE",
1085 hops: [{ server: "http://example.com",
1086 allowOrigin: origin,
1087 },
1088 { server: "http://sub1.test1.example.org",
1089 allowOrigin: origin,
1090 },
1091 ],
1092 },
1093 { pass: 0,
1094 method: "POST",
1095 body: "hi there",
1096 headers: { "Content-Type": "text/plain",
1097 "my-header": "myValue",
1098 },
1099 hops: [{ server: "http://example.com",
1100 },
1101 { server: "http://sub1.test1.example.org",
1102 allowOrigin: origin,
1103 allowHeaders: "my-header",
1104 },
1105 ],
1106 },
1107 { pass: 1,
1108 method: "POST",
1109 body: "hi there",
1110 headers: { "Content-Type": "text/plain" },
1111 hops: [{ server: "http://example.org",
1112 },
1113 { server: "http://example.com",
1114 allowOrigin: origin,
1115 },
1116 ],
1117 },
1118 { pass: 0,
1119 method: "POST",
1120 body: "hi there",
1121 headers: { "Content-Type": "text/plain",
1122 "my-header": "myValue",
1123 },
1124 hops: [{ server: "http://example.com",
1125 allowOrigin: origin,
1126 allowHeaders: "my-header",
1127 },
1128 { server: "http://example.org",
1129 allowOrigin: origin,
1130 allowHeaders: "my-header",
1131 },
1132 ],
1133 },
1134 ];
1136 if (!runRedirectTests) {
1137 tests = [];
1138 }
1140 for (test of tests) {
1141 req = {
1142 url: test.hops[0].server + basePath + "hop=1&hops=" +
1143 escape(test.hops.toSource()),
1144 method: test.method,
1145 headers: test.headers,
1146 body: test.body,
1147 };
1149 if (test.pass) {
1150 if (test.body)
1151 req.url += "&body=" + escape(test.body);
1152 }
1154 loaderWindow.postMessage(req.toSource(), origin);
1156 res = eval(yield);
1157 if (test.pass) {
1158 is(res.didFail, false,
1159 "shouldn't have failed in test for " + test.toSource());
1160 is(res.status, 200, "wrong status in test for " + test.toSource());
1161 is(res.statusText, "OK", "wrong status text for " + test.toSource());
1162 is(res.responseXML, "<res>hello pass</res>",
1163 "wrong responseXML in test for " + test.toSource());
1164 is(res.responseText, "<res>hello pass</res>\n",
1165 "wrong responseText in test for " + test.toSource());
1166 is(res.events.join(","),
1167 "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
1168 "wrong responseText in test for " + test.toSource());
1169 }
1170 else {
1171 is(res.didFail, true,
1172 "should have failed in test for " + test.toSource());
1173 is(res.status, 0, "wrong status in test for " + test.toSource());
1174 is(res.statusText, "", "wrong status text for " + test.toSource());
1175 is(res.responseXML, null,
1176 "wrong responseXML in test for " + test.toSource());
1177 is(res.responseText, "",
1178 "wrong responseText in test for " + test.toSource());
1179 is(res.events.join(","),
1180 "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
1181 "wrong events in test for " + test.toSource());
1182 is(res.progressEvents, 0,
1183 "wrong progressevents in test for " + test.toSource());
1184 }
1185 }
1188 SimpleTest.finish();
1190 yield undefined;
1191 }
1193 </script>
1194 </pre>
1195 </body>
1196 </html>
