1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
setup(function(){
window.id = token();
var p = document.createElement('p');
p.innerHTML = 'Test id: <samp>'+id+'</samp>';
document.body.appendChild(p);
window.actual = {event:null, requests:[]};
window.errors = [];
window.origin = location.protocol+'//'+location.host;
window.escapedOrigin = encodeURIComponent(origin);
window.sameOriginURL = "http://{{domains[]}}:{{ports[http][0]}}" + location.pathname.replace(/\/[^\/]+$/, '/');
window.otherOriginURL = "http://{{domains[www1]}}:{{ports[http][0]}}" + location.pathname.replace(/\/[^\/]+$/, '/');
}, {timeout:10000, explicit_done:true});
onload = function() {
(async_test()).step(function() {
// fail early if track isn't supported
assert_true('HTMLTrackElement' in window, 'track not supported');
window.corsMode = document.title.match(/^track CORS: (No CORS|Anonymous|Use Credentials)/)[1];
var requests_tmp = document.title.substr(('track CORS: '+corsMode+', ').length).split(/, redirects to /g);
window.requests = [];
requests_tmp.forEach(function(r) {
var parts = r.split(', ');
requests.push({sameOrigin:parts[0] == 'same-origin', withHeaders:parts[1] == 'with headers'});
});
if (document.title.indexOf('not same-origin') > -1) {
window.hasCrossDomainCookie = true;
this.step(setCrossDomainCookie);
} else {
window.hasCrossDomainCookie = false;
this.step(loadTrack);
}
});
done();
};
function setCrossDomainCookie() {
var iframe = document.createElement('iframe');
iframe.onload = this.step_func(loadTrack);
iframe.src = otherOriginURL + 'support/set-cookie.html#'+id;
document.body.appendChild(iframe);
}
function loadTrack() {
var video = document.createElement('video');
window.track = document.createElement('track');
if (corsMode == 'Anonymous')
video.setAttribute('crossorigin', 'anonymous');
else if (corsMode == 'Use Credentials')
video.setAttribute('crossorigin', 'use-credentials');
// else No CORS, omit the crossorigin attribute
video.appendChild(track);
document.body.appendChild(video);
track.track.mode = 'showing';
document.cookie = id+'=yes;path=/;max-age=10';
var url = '';
var r;
while (r = requests.pop()) {
url = (r.sameOrigin ? sameOriginURL : otherOriginURL) +
'support/cors-tester.py?id=' + id +
(r.withHeaders ? '&origin=' + escapedOrigin : '') +
(url === '' ? '' : '&redirect=' + encodeURIComponent(url));
}
track.src = url;
track.onerror = track.onload = this.step_func(function(e) {
actual.event = e.type;
var xhr = new XMLHttpRequest();
xhr.open('GET', 'support/cors-tester.py?read=true&id=' + id, true);
xhr.onload = this.step_func(function() {
if (xhr.status == 200) {
var lines = xhr.responseText.split('\n');
lines.forEach(function(line) {
var chunks = line.split(' | ');
var current = {};
actual.requests.push(current);
chunks.forEach(function(chunk) {
var nameval = chunk.split(' = ');
var name = nameval[0];
var value = nameval[1];
current[name] = value;
});
});
} else if (xhr.status == 404) {
//No stash was found
} else {
errors.push('got unexpected xhr status: '+xhr.status);
}
this.step(removeCookies);
});
xhr.onerror = this.step_func(function() {
errors.push('got xhr error');
this.step(removeCookies);
});
xhr.send();
});
}
function removeCookies() {
document.cookie = id+'=;path=/;max-age=0';
var nextStep = checkData;
if (hasCrossDomainCookie) {
var iframe = document.createElement('iframe');
iframe.onload = this.step_func(nextStep);
iframe.src = otherOriginURL + 'support/cors-tester.py?delete-cookie&id=' + id;
document.body.appendChild(iframe);
} else {
this.step(nextStep);
}
}
function removeLog() {
var xhr = new XMLHttpRequest();
xhr.open('GET', 'support/cors-tester.py?cleanup&id='+id, true);
xhr.onload = this.step_func(function() {
assert_equals(xhr.responseText, 'OK', 'failed to clean up log: '+id);
this.step(checkData);
});
xhr.onerror = this.step_func(function() {
assert_unreached('failed to clean up log: '+id);
});
xhr.send();
}
function checkData() {
assert_equals(errors.length, 0, errors);
try {
if (actual.event == 'load' && expected.event == 'error')
assert_unreached('Security problem: got load event but expected error event');
assert_object_equals(actual, expected);
} catch(ex) {
var style = document.createElement('style');
style.textContent = '.json-diffs td { vertical-align:top } .json-diffs pre { margin:0 }';
document.head.appendChild(style);
var table = document.createElement('table');
table.border = "";
table.className = 'json-diffs';
table.innerHTML = '<tr><th>Actual<th>Expected<tr><td><pre></pre><td><pre></pre>';
table.getElementsByTagName('pre')[0].textContent = JSON.stringify(actual, null, 2);
table.getElementsByTagName('pre')[1].textContent = JSON.stringify(expected, null, 2);
document.body.insertBefore(table, document.getElementById('log'));
throw ex;
}
assert_equals(track.track.cues.length, expected.event == 'load' ? 1 : 0, 'track.track.cues.length');
this.done();
}
|
