Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(384)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html

Issue 14557011: Fix problems with cross-origin redirects. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Fixed typo in numbering in a test. Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt ('k') | LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html
diff --git a/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html b/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html
new file mode 100644
index 0000000000000000000000000000000000000000..ec891bd5376f9c542748049c577b6955512029c3
--- /dev/null
+++ b/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html
@@ -0,0 +1,88 @@
+<p>Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard.</p>
+
+<pre id="console"></pre>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
+}
+
+function runTestAsync(url, credentials, addCustomHeader, expectSuccess) {
+ log("Testing " + url + (credentials ? " with " : " without ") + "credentials");
+ log("Expecting success: " + expectSuccess);
+
+ xhr = new XMLHttpRequest();
+ xhr.withCredentials = credentials;
+ xhr.open("GET", url, true);
+ if (addCustomHeader)
+ xhr.setRequestHeader("x-webkit", "foo");
+
+ xhr.onload = function() {
+ log((expectSuccess ? "PASS" : "FAIL") + ": " + xhr.responseText);
+ nextTest();
+ }
+ xhr.onerror = function() {
+ log((expectSuccess ? "FAIL" : "PASS") + ": " + xhr.status);
+ nextTest();
+ }
+ xhr.send(null);
+}
+
+var withoutCredentials = false;
+var withCredentials = true;
+var noCustomHeader = false;
+var addCustomHeader = true;
+var succeeds = true;
+var fails = false;
+
+var tests = [
+// Test simple same origin requests that receive cross origin redirects.
+
+// Request without credentials is redirected to a cross-origin response with Access-Control-Allow-Origin=*.
+// The redirect response passes the access check.
+["resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi",
+ withoutCredentials, noCustomHeader, succeeds],
+
+// Request with credentials is redirected to a cross-origin response with Access-Control-Allow-Origin=*.
+// The redirect response fails the access check because credentials were sent.
+["resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi",
+ withCredentials, noCustomHeader, fails],
+
+// Request without credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin.
+// The redirect response passes the access check.
+["resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi",
+ withoutCredentials, noCustomHeader, succeeds],
+
+// Request with credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin.
+// The redirect response passes the access check.
+["resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi",
+ withCredentials, noCustomHeader, succeeds],
+
+// Request without credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin
+// forbidding credentials. The redirect response passes the access check.
+["resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-no-credentials.cgi",
+ withoutCredentials, noCustomHeader, succeeds],
+
+// Request with credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin
+// forbidding credentials. The redirect response fails the access check.
+["resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-no-credentials.cgi",
+ withCredentials, noCustomHeader, fails],
+
+]
+
+var currentTest = 0;
+
+function nextTest() {
+ if (currentTest < tests.length)
+ runTestAsync.apply(null, tests[currentTest++]);
+ else if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+nextTest();
+</script>
« no previous file with comments | « LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt ('k') | LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698