summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/xhr/cors-expose-star.sub.any.js
blob: 9d88046806c764a467b0ad59fec3c73d9f0fa14b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

// META: script=../fetch/api/resources/utils.js

const url = "http://{{host}}:{{ports[http][1]}}" + dirname(location.pathname) + "resources/top.txt",
      sharedHeaders = "?pipe=header(Access-Control-Expose-Headers,*)|header(Test,X)|header(*,whoa)|"

async_test(function() {
  const headers = "header(Access-Control-Allow-Origin,*)"
  var client = new XMLHttpRequest();
  client.open("GET", url + sharedHeaders + headers);
  client.send();
  client.onreadystatechange = this.step_func(function () {
    if (this.readyState == this.HEADERS_RECEIVED) {
      assert_equals(client.getResponseHeader("test"), "X");
      assert_equals(client.getResponseHeader("set-cookie"), null);
      assert_equals(client.getResponseHeader("*"), "whoa");
      this.done();
    }
  });
}, "Basic Access-Control-Expose-Headers: * support")

async_test(function() {
  const origin = location.origin, // assuming an ASCII origin
        headers = "header(Access-Control-Allow-Origin," + origin + ")|header(Access-Control-Allow-Credentials,true)"
  var client = new XMLHttpRequest();
  client.open("GET", url + sharedHeaders + headers);
  client.withCredentials = true;
  client.send();
  client.onreadystatechange = this.step_func(function () {
    if (this.readyState == this.HEADERS_RECEIVED) {
      assert_equals(client.getResponseHeader("content-type"), "text/plain"); // safelisted
      assert_equals(client.getResponseHeader("test"), null);
      assert_equals(client.getResponseHeader("set-cookie"), null);
      assert_equals(client.getResponseHeader("*"), "whoa");
      this.done();
    }
  });
}, "* for credentialed fetches only matches literally")

async_test(function() {
  const headers =  "header(Access-Control-Allow-Origin,*)|header(Access-Control-Expose-Headers,set-cookie\\,*)"
  var client = new XMLHttpRequest();
  client.open("GET", url + sharedHeaders + headers);
  client.send();
  client.onreadystatechange = this.step_func(function () {
    if (this.readyState == this.HEADERS_RECEIVED) {
      assert_equals(client.getResponseHeader("test"), "X");
      assert_equals(client.getResponseHeader("set-cookie"), null);
      assert_equals(client.getResponseHeader("*"), "whoa");
      this.done();
    }
  });
}, "* can be one of several values")
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 18:01:12 +0000