summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py')
-rw-r--r--testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py b/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py
index a651aeb4e8..0d82809f59 100644
--- a/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py
+++ b/testing/web-platform/tests/fetch/api/resources/dump-authorization-header.py
@@ -2,6 +2,11 @@ def main(request, response):
headers = [(b"Content-Type", "text/html"),
(b"Cache-Control", b"no-cache")]
+ if (request.GET.first(b"strip_auth_header", False) and request.method == "OPTIONS" and
+ b"authorization" in request.headers.get(b"Access-Control-Request-Headers", b"").lower()):
+ # Auth header should not be sent for preflight after cross-origin redirect.
+ return 500, headers, "fail"
+
if b"Origin" in request.headers:
headers.append((b"Access-Control-Allow-Origin", request.headers.get(b"Origin", b"")))
headers.append((b"Access-Control-Allow-Credentials", b"true"))
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 00:12:12 +0000