diff options
Diffstat (limited to 'testing/web-platform/tests/xhr/xhr-authorization-redirect.any.js')
-rw-r--r-- | testing/web-platform/tests/xhr/xhr-authorization-redirect.any.js | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/testing/web-platform/tests/xhr/xhr-authorization-redirect.any.js b/testing/web-platform/tests/xhr/xhr-authorization-redirect.any.js new file mode 100644 index 0000000000..beed7c31d7 --- /dev/null +++ b/testing/web-platform/tests/xhr/xhr-authorization-redirect.any.js @@ -0,0 +1,28 @@ +// META: global=window,sharedworker,dedicatedworker +// META: script=/common/get-host-info.sub.js + +const authorizationValue = "Basic " + btoa("user:pass"); +function getAuthorizationHeaderValue(url) +{ + var client = new XMLHttpRequest(); + client.open("GET", url, false); + client.setRequestHeader("Authorization", authorizationValue); + const promise = new Promise(resolve => client.onloadend = () => resolve(client.responseText)); + client.send(); + return promise; +} + +promise_test(async test => { + const result = await getAuthorizationHeaderValue("/fetch/api/resources/dump-authorization-header.py"); + assert_equals(result, authorizationValue); +}, "getAuthorizationHeaderValue - no redirection"); + +promise_test(async test => { + const result = await getAuthorizationHeaderValue("/fetch/api/resources/redirect.py?location=" + encodeURIComponent("/fetch/api/resources/dump-authorization-header.py")); + assert_equals(result, authorizationValue); +}, "getAuthorizationHeaderValue - same origin redirection"); + +promise_test(async (test) => { + const result = await getAuthorizationHeaderValue(get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/api/resources/redirect.py?allow_headers=Authorization&location=" + encodeURIComponent(get_host_info().HTTP_ORIGIN + "/fetch/api/resources/dump-authorization-header.py")); + assert_equals(result, "none"); +}, "getAuthorizationHeaderValue - cross origin redirection"); |