1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
<!DOCTYPE html>
<meta charset=utf-8>
<title>Basic CORS</title>
<link rel=help href=https://fetch.spec.whatwg.org/>
<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/utils.js></script>
<script src=support.js?pipe=sub></script>
<div id=log></div>
<script>
function cors(desc, scheme, subdomain = "", port = location.port) {
const sameorigin = !scheme;
const base =
sameorigin ? "" : `${scheme}://${subdomain}${location.hostname}:${port}${dirname(location.pathname)}`;
async_test((t) => {
const client = new XMLHttpRequest();
client.open("GET", `${base}resources/cors-makeheader.py?get_value=hest_er_best&origin=none&${token()}`);
client.send();
client.onload = t.step_func_done(() => {
assert_true(sameorigin, "Cross origin request must be rejected.");
assert_true(client.response.includes("hest_er_best"), "Got response");
});
client.onerror = t.step_func_done(() => {
assert_false(sameorigin, "Same origin request must be accepted.");
});
}, `${desc}, origin: none`);
async_test((t) => {
const client = new XMLHttpRequest();
client.open("GET", `${base}resources/cors-makeheader.py?get_value=hest_er_best&${token()}`);
client.send();
client.onload = t.step_func_done(() => {
assert_true(client.response.includes("hest_er_best"), "Got response");
});
client.onerror = t.unreached_func("Should be accepted");
}, `${desc}, origin: echo`);
}
cors("Same domain basic usage");
cors("Cross domain basic usage", "http", "www1.");
cors("Same domain different port", "http", undefined, PORT);
cors("Cross domain different port", "http", "www1.", PORT);
cors("Cross domain different protocol", "https", "www1.", PORTS);
cors("Same domain different protocol different port", "https", undefined, PORTS);
</script>
|
