content/base/test/test_CrossSiteXHR_origin.html@6474c204b198
content/base/test/test_CrossSiteXHR_origin.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!DOCTYPE HTML>
2 <html>
3 <head>
4 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
5 <title>Test for Cross Site XMLHttpRequest</title>
6 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
8 </head>
9 <body onload="gen.next()">
10 <p id="display">
11 <iframe id=loader></iframe>
12 </p>
13 <div id="content" style="display: none">
15 </div>
16 <pre id="test">
17 <script class="testbody" type="application/javascript;version=1.8">
19 SimpleTest.waitForExplicitFinish();
21 var origins =
22 [{ server: 'http://example.org' },
23 { server: 'http://example.org:80',
24 origin: 'http://example.org'
25 },
26 { server: 'http://sub1.test1.example.org' },
27 { server: 'http://test2.example.org:8000' },
28 { server: 'http://sub1.\xe4lt.example.org:8000',
29 origin: 'http://sub1.xn--lt-uia.example.org:8000'
30 },
31 { server: 'http://sub2.\xe4lt.example.org',
32 origin: 'http://sub2.xn--lt-uia.example.org'
33 },
34 { server: 'http://ex\xe4mple.test',
35 origin: 'http://xn--exmple-cua.test'
36 },
37 { server: 'http://xn--exmple-cua.test' },
38 { server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae',
39 origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp'
40 },
41 { origin: 'http://example.org',
42 file: 'jar:http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.jar!/file_CrossSiteXHR_inner.html'
43 },
44 { origin: 'null',
45 file: 'http://example.org/tests/content/base/test/file_CrossSiteXHR_inner_data.sjs'
46 },
47 ];
49 //['https://example.com:443'],
50 //['https://sub1.test1.example.com:443'],
52 window.addEventListener("message", function(e) {
53 gen.send(e.data);
54 }, false);
56 gen = runTest();
58 function runTest() {
59 var loader = document.getElementById('loader');
60 var loaderWindow = loader.contentWindow;
61 loader.onload = function () { gen.next() };
63 // Test preflight-less requests
64 basePath = "/tests/content/base/test/file_CrossSiteXHR_server.sjs?"
65 baseURL = "http://mochi.test:8888" + basePath;
67 for (originEntry of origins) {
68 origin = originEntry.origin || originEntry.server;
70 loader.src = originEntry.file ||
71 (originEntry.server + "/tests/content/base/test/file_CrossSiteXHR_inner.html");
72 yield undefined;
74 var isNullOrigin = origin == "null";
76 port = /:\d+/;
77 passTests = [
78 origin,
79 "*",
80 " \t " + origin + "\t \t",
81 "\t \t* \t ",
82 ];
83 failTests = [
84 "",
85 " ",
86 port.test(origin) ? origin.replace(port, "")
87 : origin + ":1234",
88 port.test(origin) ? origin.replace(port, ":")
89 : origin + ":",
90 origin + ".",
91 origin + "/",
92 origin + "#",
93 origin + "?",
94 origin + "\\",
95 origin + "%",
96 origin + "@",
97 origin + "/hello",
98 "foo:bar@" + origin,
99 "* " + origin,
100 origin + " " + origin,
101 "allow <" + origin + ">",
102 "<" + origin + ">",
103 "<*>",
104 origin.substr(0, 5) == "https" ? origin.replace("https", "http")
105 : origin.replace("http", "https"),
106 origin.replace("://", "://www."),
107 origin.replace("://", ":// "),
108 origin.replace(/\/[^.]+\./, "/"),
109 ];
111 if (isNullOrigin) {
112 passTests = ["*", "\t \t* \t ", "null"];
113 failTests = failTests.filter(function(v) { return v != origin });
114 }
116 for (allowOrigin of passTests) {
117 req = {
118 url: baseURL +
119 "allowOrigin=" + escape(allowOrigin) +
120 "&origin=" + escape(origin),
121 method: "GET",
122 };
123 loaderWindow.postMessage(req.toSource(), isNullOrigin ? "*" : origin);
125 res = eval(yield);
126 is(res.didFail, false, "shouldn't have failed for " + allowOrigin);
127 is(res.status, 200, "wrong status for " + allowOrigin);
128 is(res.statusText, "OK", "wrong status text for " + allowOrigin);
129 is(res.responseXML,
130 "<res>hello pass</res>",
131 "wrong responseXML in test for " + allowOrigin);
132 is(res.responseText, "<res>hello pass</res>\n",
133 "wrong responseText in test for " + allowOrigin);
134 is(res.events.join(","),
135 "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
136 "wrong responseText in test for " + allowOrigin);
137 }
139 for (allowOrigin of failTests) {
140 req = {
141 url: baseURL + "allowOrigin=" + escape(allowOrigin),
142 method: "GET",
143 };
144 loaderWindow.postMessage(req.toSource(), isNullOrigin ? "*" : origin);
146 res = eval(yield);
147 is(res.didFail, true, "should have failed for " + allowOrigin);
148 is(res.responseText, "", "should have no text for " + allowOrigin);
149 is(res.status, 0, "should have no status for " + allowOrigin);
150 is(res.statusText, "", "wrong status text for " + allowOrigin);
151 is(res.responseXML, null, "should have no XML for " + allowOrigin);
152 is(res.events.join(","),
153 "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
154 "wrong events in test for " + allowOrigin);
155 is(res.progressEvents, 0,
156 "wrong events in test for " + allowOrigin);
157 }
158 }
160 SimpleTest.finish();
162 yield undefined;
163 }
165 </script>
166 </pre>
167 </body>
168 </html>
