summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fetch/api
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:35:49 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:35:49 +0000
commitd8bbc7858622b6d9c278469aab701ca0b609cddf (patch)
treeeff41dc61d9f714852212739e6b3738b82a2af87 /testing/web-platform/tests/fetch/api
parentReleasing progress-linux version 125.0.3-1~progress7.99u1. (diff)
downloadfirefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.tar.xz
firefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.zip
Merging upstream version 126.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fetch/api')
-rw-r--r--testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js2
-rw-r--r--testing/web-platform/tests/fetch/api/request/destination/resources/dummy_video.ogvbin94372 -> 0 bytes
-rw-r--r--testing/web-platform/tests/fetch/api/request/request-bad-port.any.js2
-rw-r--r--testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py5
4 files changed, 8 insertions, 1 deletions
diff --git a/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js b/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js
index 16656b5435..5a15507437 100644
--- a/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js
+++ b/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js
@@ -24,6 +24,6 @@ promise_test(async test => {
}, "getAuthorizationHeaderValue - same origin redirection");
promise_test(async (test) => {
- const result = await getAuthorizationHeaderValue(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/api/resources/redirect.py?allow_headers=Authorization&location=" + encodeURIComponent(get_host_info().HTTPS_ORIGIN + "/fetch/api/resources/dump-authorization-header.py"));
+ const result = await getAuthorizationHeaderValue(get_host_info().HTTPS_REMOTE_ORIGIN + "/fetch/api/resources/redirect.py?allow_headers=Authorization&location=" + encodeURIComponent(get_host_info().HTTPS_ORIGIN + "/fetch/api/resources/dump-authorization-header.py?strip_auth_header=true"));
assert_equals(result, "none");
}, "getAuthorizationHeaderValue - cross origin redirection");
diff --git a/testing/web-platform/tests/fetch/api/request/destination/resources/dummy_video.ogv b/testing/web-platform/tests/fetch/api/request/destination/resources/dummy_video.ogv
deleted file mode 100644
index de99616ece..0000000000
--- a/testing/web-platform/tests/fetch/api/request/destination/resources/dummy_video.ogv
+++ /dev/null
Binary files differ
diff --git a/testing/web-platform/tests/fetch/api/request/request-bad-port.any.js b/testing/web-platform/tests/fetch/api/request/request-bad-port.any.js
index b0684d4be0..5c29823eaa 100644
--- a/testing/web-platform/tests/fetch/api/request/request-bad-port.any.js
+++ b/testing/web-platform/tests/fetch/api/request/request-bad-port.any.js
@@ -72,6 +72,7 @@ var BLOCKED_PORTS_LIST = [
2049, // nfs
3659, // apple-sasl
4045, // lockd
+ 4190, // sieve
5060, // sip
5061, // sips
6000, // x11
@@ -81,6 +82,7 @@ var BLOCKED_PORTS_LIST = [
6667, // irc (default)
6668, // irc (alternate)
6669, // irc (alternate)
+ 6679, // osaut
6697, // irc+tls
10080, // amanda
];
diff --git a/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py b/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py
index a651aeb4e8..0d82809f59 100644
--- a/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py
+++ b/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py
@@ -2,6 +2,11 @@ def main(request, response):
headers = [(b"Content-Type", "text/html"),
(b"Cache-Control", b"no-cache")]
+ if (request.GET.first(b"strip_auth_header", False) and request.method == "OPTIONS" and
+ b"authorization" in request.headers.get(b"Access-Control-Request-Headers", b"").lower()):
+ # Auth header should not be sent for preflight after cross-origin redirect.
+ return 500, headers, "fail"
+
if b"Origin" in request.headers:
headers.append((b"Access-Control-Allow-Origin", request.headers.get(b"Origin", b"")))
headers.append((b"Access-Control-Allow-Credentials", b"true"))