diff options
Diffstat (limited to 'dom/security/test/cors/test_CrossSiteXHR_origin.html')
-rw-r--r-- | dom/security/test/cors/test_CrossSiteXHR_origin.html | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/dom/security/test/cors/test_CrossSiteXHR_origin.html b/dom/security/test/cors/test_CrossSiteXHR_origin.html new file mode 100644 index 0000000000..ba4a645965 --- /dev/null +++ b/dom/security/test/cors/test_CrossSiteXHR_origin.html @@ -0,0 +1,180 @@ +<!DOCTYPE HTML> +<html> +<head> + <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8"> + <title>Test for Cross Site XMLHttpRequest</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<p id="display"> +<iframe id=loader></iframe> +</p> +<div id="content" style="display: none"> + +</div> +<pre id="test"> +<script class="testbody" type="application/javascript"> + +SimpleTest.waitForExplicitFinish(); +SimpleTest.requestLongerTimeout(2); + +var origins = + [{ server: 'http://example.org' }, + { server: 'http://example.org:80', + origin: 'http://example.org' + }, + { server: 'http://sub1.test1.example.org' }, + { server: 'http://test2.example.org:8000' }, + { server: 'http://sub1.\xe4lt.example.org:8000', + origin: 'http://sub1.xn--lt-uia.example.org:8000' + }, + { server: 'http://sub2.\xe4lt.example.org', + origin: 'http://sub2.xn--lt-uia.example.org' + }, + { server: 'http://ex\xe4mple.test', + origin: 'http://xn--exmple-cua.test' + }, + { server: 'http://xn--exmple-cua.test' }, + { server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae', + origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp' + }, + { origin: 'null', + file: 'http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs' + }, + ]; + + //['https://example.com:443'], + //['https://sub1.test1.example.com:443'], + + +function initTest() { + // Allow all cookies, then do the actual test initialization + SpecialPowers.pushPrefEnv({ + "set": [ + // Some of this test relies on redirecting to data: URLs from http. + ["network.allow_redirect_to_data", true], + ] + }).then(initTestCallback); +} + +function initTestCallback() { + window.addEventListener("message", function(e) { + gen.next(e.data); + }); + + gen = runTest(); + gen.next(); +} + +function* runTest() { + var loader = document.getElementById('loader'); + var loaderWindow = loader.contentWindow; + loader.onload = function () { gen.next() }; + + // Test preflight-less requests + basePath = "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?" + baseURL = "http://mochi.test:8888" + basePath; + + for (originEntry of origins) { + origin = originEntry.origin || originEntry.server; + + loader.src = originEntry.file || + (originEntry.server + "/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html"); + yield undefined; + + var isNullOrigin = origin == "null"; + + port = /:\d+/; + passTests = [ + origin, + "*", + " \t " + origin + "\t \t", + "\t \t* \t ", + ]; + failTests = [ + "", + " ", + port.test(origin) ? origin.replace(port, "") + : origin + ":1234", + port.test(origin) ? origin.replace(port, ":") + : origin + ":", + origin + ".", + origin + "/", + origin + "#", + origin + "?", + origin + "\\", + origin + "%", + origin + "@", + origin + "/hello", + "foo:bar@" + origin, + "* " + origin, + origin + " " + origin, + "allow <" + origin + ">", + "<" + origin + ">", + "<*>", + origin.substr(0, 5) == "https" ? origin.replace("https", "http") + : origin.replace("http", "https"), + origin.replace("://", "://www."), + origin.replace("://", ":// "), + origin.replace(/\/[^.]+\./, "/"), + ]; + + if (isNullOrigin) { + passTests = ["*", "\t \t* \t ", "null"]; + failTests = failTests.filter(function(v) { return v != origin }); + } + + for (allowOrigin of passTests) { + req = { + url: baseURL + + "allowOrigin=" + escape(allowOrigin) + + "&origin=" + escape(origin), + method: "GET", + }; + loaderWindow.postMessage(JSON.stringify(req), isNullOrigin ? "*" : origin); + + res = JSON.parse(yield); + is(res.didFail, false, "shouldn't have failed for " + allowOrigin); + is(res.status, 200, "wrong status for " + allowOrigin); + is(res.statusText, "OK", "wrong status text for " + allowOrigin); + is(res.responseXML, + "<res>hello pass</res>", + "wrong responseXML in test for " + allowOrigin); + is(res.responseText, "<res>hello pass</res>\n", + "wrong responseText in test for " + allowOrigin); + is(res.events.join(","), + "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend", + "wrong responseText in test for " + allowOrigin); + } + + for (allowOrigin of failTests) { + req = { + url: baseURL + "allowOrigin=" + escape(allowOrigin), + method: "GET", + }; + loaderWindow.postMessage(JSON.stringify(req), isNullOrigin ? "*" : origin); + + res = JSON.parse(yield); + is(res.didFail, true, "should have failed for " + allowOrigin); + is(res.responseText, "", "should have no text for " + allowOrigin); + is(res.status, 0, "should have no status for " + allowOrigin); + is(res.statusText, "", "wrong status text for " + allowOrigin); + is(res.responseXML, null, "should have no XML for " + allowOrigin); + is(res.events.join(","), + "opening,rs1,sending,loadstart,rs4,error,loadend", + "wrong events in test for " + allowOrigin); + is(res.progressEvents, 0, + "wrong events in test for " + allowOrigin); + } + } + + SimpleTest.finish(); +} + +addLoadEvent(initTest); + +</script> +</pre> +</body> +</html> |