1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<!DOCTYPE HTML>
<html>
<head>
<title>Test bug 466080</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<iframe id="frame1"
src="https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs">
This iframe should load the resource via the src-attribute from
a secure server which requires a client-cert. Doing this is
supposed to work, but further below in the test we try to load
the resource from the same url using a XHR, which should not work.
TODO : What if we change 'src' from JS? Would/should it load?
</iframe>
<script class="testbody" type="text/javascript">
"use strict";
onWindowLoad();
let alltests = [
// load resource from a relative url - this should work
{ url:"bug466080.sjs",
status_check:"==200",
error:"XHR from relative URL"},
// TODO - load the resource from a relative url via https..?
// load a non-existing resource - should get "404 Not Found"
{ url:"bug466080-does-not.exist",
status_check:"==404",
error:"XHR loading non-existing resource"},
// load resource from cross-site non-secure server
{ url:"http://test1.example.com/tests/dom/base/test/bug466080.sjs",
status_check:"==200",
error:"XHR from cross-site plaintext server"},
// load resource from cross-site secure server - should work since no credentials are needed
{ url:"https://test1.example.com/tests/dom/base/test/bug466080.sjs",
status_check:"==200",
error:"XHR from cross-site secure server"},
// load resource from cross-site secure server - should work since the server just requests certs
{ url:"https://requestclientcert.example.com/tests/dom/base/test/bug466080.sjs",
status_check:"==200",
error:"XHR from cross-site secure server requesting certificate"},
// load resource from cross-site secure server - should NOT work since the server requires cert
// note that this is the url which is used in the iframe.src above
{ url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
status_check:"!=200",
error:"XHR from cross-site secure server requiring certificate"},
// repeat previous, - should NOT work
{ url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
status_check:"==200",
error:"XHR w/ credentials from cross-site secure server requiring certificate",
withCredentials:"true"},
// repeat previous, but with credentials - should work
{ url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
status_check:"==200",
error:"XHR w/ credentials from cross-site secure server requiring certificate",
withCredentials:"true"},
// repeat previous, withCredentials but using a weird method to force preflight
// should NOT work since our preflight is anonymous and will fail with our simple server
{ url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
status_check:"!=200",
error:"XHR PREFLIGHT from cross-site secure server requiring certificate",
withCredentials:"true",
method:"XMETHOD"},
];
async function onWindowLoad() {
// First, check that resource was loaded into the iframe
// This check in fact depends on bug #444165... :)
await new Promise(resolve => {
document.getElementById("frame1").onload = () => { resolve(); };
});
function runTest(test) {
var xhr = new XMLHttpRequest();
var method = "GET";
if (test.method != null) { method = test.method; }
xhr.open(method, test.url);
xhr.withCredentials = test.withCredentials;
SpecialPowers.wrap(xhr).setRequestHeader("Connection", "Keep-Alive", false);
try {
xhr.send();
} catch(e) {
}
xhr.onloadend = function() {
var success = eval(xhr.status + test.status_check);
ok(success, test.error);
if (alltests.length == 0) {
SimpleTest.finish();
} else {
runTest(alltests.shift());
}
};
}
runTest(alltests.shift());
}
SimpleTest.waitForExplicitFinish();
</script>
</body>
</html>
|