1 files changed, 50 insertions, 0 deletions

diff --git a/testing/web-platform/tests/xhr/send-authentication-competing-names-passwords.htm b/testing/web-platform/tests/xhr/send-authentication-competing-names-passwords.htm
new file mode 100644
index 0000000000..bc6755c7d6
--- /dev/null
+++ b/testing/web-platform/tests/xhr/send-authentication-competing-names-passwords.htm
@@ -0,0 +1,50 @@
+<!doctype html>
+<html>
+  <head>
+    <title>XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/utils.js"></script>
+  </head>
+  <body>
+    <div id="log"></div>
+    <script>
+      function request(user1, pass1, user2, pass2, name) {
+        test(function() {
+          const client = new XMLHttpRequest(),
+                userwin = user2 || user1,
+                passwin = pass2 || pass1;
+          let urlstart = "";
+          if (user1 || pass1) {
+            urlstart = "http://";
+            if (user1) {
+              urlstart += user1;
+            }
+            if (pass1) {
+              urlstart += ":" + pass1;
+            }
+            urlstart += "@" + location.host + location.pathname.replace(/\/[^\/]*$/, '/');
+          }
+          client.open("GET", urlstart + "resources/authentication.py", false, user2, pass2);
+          client.setRequestHeader("x-user", userwin);
+          client.send(null);
+          assert_equals(client.responseText, ((userwin||'') + "\n" + (passwin||'')), 'responseText should contain the right user and password');
+        }, "XMLHttpRequest user/pass options: " + name);
+      }
+      // Cannot have just a password
+      request(null, null, token(), null, "user in open()");
+      request(null, null, token(), token(), "user/pass in open()");
+      request(null, null, token(), token(), "another user/pass in open(); must override cached credentials from previous test");
+      request(null, token(), token(), null, "pass in URL, user in open()");
+      request(null, token(), token(), token(), "pass in URL, user/pass in open()");
+      request(token(), null, null, null, "user in URL");
+      request(token(), null, null, token(), "user in URL, pass in open()");
+      request(token(), token(), null, null, "user/pass in URL");
+      request(token(), null, token(), null, "user in URL and open()");
+      request(token(), null, token(), token(), "user in URL; user/pass in open()");
+      request(token(), token(), token(), null, "user/pass in URL; user in open()");
+      request(token(), token(), null, token(), "user/pass in URL; pass in open()");
+      request(token(), token(), token(), token(), "user/pass in URL and open()");
+    </script>
+  </body>
+</html>