summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fetch/api/credentials
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/fetch/api/credentials')
-rw-r--r--testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js17
-rw-r--r--testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js26
-rw-r--r--testing/web-platform/tests/fetch/api/credentials/cookies.any.js49
3 files changed, 92 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js b/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js
new file mode 100644
index 0000000000..31ccc38697
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/credentials/authentication-basic.any.js
@@ -0,0 +1,17 @@
+// META: global=window,worker
+
+function basicAuth(desc, user, pass, mode, status) {
+ promise_test(function(test) {
+ var headers = { "Authorization": "Basic " + btoa(user + ":" + pass)};
+ var requestInit = {"credentials": mode, "headers": headers};
+ return fetch("../resources/authentication.py?realm=test", requestInit).then(function(resp) {
+ assert_equals(resp.status, status, "HTTP status is " + status);
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ });
+ }, desc);
+}
+
+basicAuth("User-added Authorization header with include mode", "user", "password", "include", 200);
+basicAuth("User-added Authorization header with same-origin mode", "user", "password", "same-origin", 200);
+basicAuth("User-added Authorization header with omit mode", "user", "password", "omit", 200);
+basicAuth("User-added bogus Authorization header with omit mode", "notuser", "notpassword", "omit", 401);
diff --git a/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js b/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js
new file mode 100644
index 0000000000..b637636811
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/credentials/authentication-redirection.any.js
@@ -0,0 +1,26 @@
+// META: global=window,worker
+// META: script=/common/get-host-info.sub.js
+
+const authorizationValue = "Basic " + btoa("user:pass");
+async function getAuthorizationHeaderValue(url)
+{
+ const headers = { "Authorization": authorizationValue};
+ const requestInit = {"headers": headers};
+ const response = await fetch(url, requestInit);
+ return response.text();
+}
+
+promise_test(async test => {
+ const result = await getAuthorizationHeaderValue("/fetch/api/resources/dump-authorization-header.py");
+ assert_equals(result, authorizationValue);
+}, "getAuthorizationHeaderValue - no redirection");
+
+promise_test(async test => {
+ const result = await getAuthorizationHeaderValue("/fetch/api/resources/redirect.py?location=" + encodeURIComponent("/fetch/api/resources/dump-authorization-header.py"));
+ assert_equals(result, authorizationValue);
+}, "getAuthorizationHeaderValue - same origin redirection");
+
+promise_test(async (test) => {
+ const result = await getAuthorizationHeaderValue(get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/api/resources/redirect.py?allow_headers=Authorization&location=" + encodeURIComponent(get_host_info().HTTP_ORIGIN + "/fetch/api/resources/dump-authorization-header.py"));
+ assert_equals(result, "none");
+}, "getAuthorizationHeaderValue - cross origin redirection");
diff --git a/testing/web-platform/tests/fetch/api/credentials/cookies.any.js b/testing/web-platform/tests/fetch/api/credentials/cookies.any.js
new file mode 100644
index 0000000000..de30e47765
--- /dev/null
+++ b/testing/web-platform/tests/fetch/api/credentials/cookies.any.js
@@ -0,0 +1,49 @@
+// META: global=window,worker
+// META: script=../resources/utils.js
+
+function cookies(desc, credentials1, credentials2 ,cookies) {
+ var url = RESOURCES_DIR + "top.txt"
+ var urlParameters = "";
+ var urlCleanParameters = "";
+ if (cookies) {
+ urlParameters +="?pipe=header(Set-Cookie,";
+ urlParameters += cookies.join(",True)|header(Set-Cookie,") + ",True)";
+ urlCleanParameters +="?pipe=header(Set-Cookie,";
+ urlCleanParameters += cookies.join("%3B%20max-age=0,True)|header(Set-Cookie,") + "%3B%20max-age=0,True)";
+ }
+
+ var requestInit = {"credentials": credentials1}
+ promise_test(function(test){
+ var requestInit = {"credentials": credentials1}
+ return fetch(url + urlParameters, requestInit).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ //check cookies sent
+ return fetch(RESOURCES_DIR + "inspect-headers.py?headers=cookie" , {"credentials": credentials2});
+ }).then(function(resp) {
+ assert_equals(resp.status, 200, "HTTP status is 200");
+ assert_equals(resp.type , "basic", "Response's type is basic");
+ assert_false(resp.headers.has("Cookie") , "Cookie header is not exposed in response");
+ if (credentials1 != "omit" && credentials2 != "omit") {
+ assert_equals(resp.headers.get("x-request-cookie") , cookies.join("; "), "Request include cookie(s)");
+ }
+ else {
+ assert_false(resp.headers.has("x-request-cookie") , "Request does not have cookie(s)");
+ }
+ //clean cookies
+ return fetch(url + urlCleanParameters, {"credentials": "include"});
+ }).catch(function(e) {
+ return fetch(url + urlCleanParameters, {"credentials": "include"}).then(function() {
+ return Promise.reject(e);
+ });
+ });
+ }, desc);
+}
+
+cookies("Include mode: 1 cookie", "include", "include", ["a=1"]);
+cookies("Include mode: 2 cookies", "include", "include", ["b=2", "c=3"]);
+cookies("Omit mode: discard cookies", "omit", "omit", ["d=4"]);
+cookies("Omit mode: no cookie is stored", "omit", "include", ["e=5"]);
+cookies("Omit mode: no cookie is sent", "include", "omit", ["f=6"]);
+cookies("Same-origin mode: 1 cookie", "same-origin", "same-origin", ["a=1"]);
+cookies("Same-origin mode: 2 cookies", "same-origin", "same-origin", ["b=2", "c=3"]);