testing/web-platform/tests/xhr/send-redirect-to-cors.htm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

<!doctype html>
<html>
  <head>
    <title>XMLHttpRequest: send() - Redirect to CORS-enabled resource</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
  </head>
  <body>
    <div id="log"></div>
    <script>
      function extractBody(body) {
        if (body === null) {
          return { body: "", type: "NO" };
        }
        if (typeof body === "string") {
          return { body: body, type: "text/plain;charset=UTF-8" };
        }
        if (body instanceof Uint8Array) {
          const arr = Array.prototype.slice.call(body);
          return { body: String.fromCharCode.apply(null, arr), type: "NO" }
        }
        return { body: "EXTRACT NOT IMPLEMENTED", type: "EXTRACT NOT IMPLEMENTED" }
      }

      function redirect(code, name = code, method = "GET", body = null, explicitType = null, safelistContentType = false) {
        async_test(t => {
          let { body: expectedBody, type: expectedType } = extractBody(body);
          if (explicitType !== null) {
            expectedType = explicitType;
          }
          let expectedMethod = method;
          if (((code === "301" || code === "302") && method === "POST") || (code === "303" && method !== "GET" && method !== "HEAD")) {
            expectedMethod = "GET";
            expectedBody = "";
            expectedType = "NO";
          }
          const client = new XMLHttpRequest();
          client.onreadystatechange = t.step_func(() => {
            if (client.readyState === 4) {
              if ((expectedMethod === "GET" && expectedType === "NO") || explicitType !== "application/x-pony" || safelistContentType) {
                assert_equals(client.status, 200);
                assert_equals(client.getResponseHeader("x-request-method"), expectedMethod);
                assert_equals(client.getResponseHeader("x-request-content-type"), expectedType);
                assert_equals(client.getResponseHeader("x-request-data"), expectedBody);
              } else {
                // "application/x-pony" is not safelisted by corsenabled.py -> network error
                assert_equals(client.status, 0);
                assert_equals(client.statusText, "");
                assert_equals(client.responseText, "");
                assert_equals(client.responseXML, null);
              }
              t.done();
            }
          });
          let safelist = "";
          if (safelistContentType) {
            safelist = "?safelist_content_type";
          }
          client.open(method, "resources/redirect.py?location="+encodeURIComponent("http://www2."+location.host+(location.pathname.replace(/[^\/]+$/, ''))+'resources/corsenabled.py')+safelist+"&code=" + code);
          if (explicitType !== null) {
            client.setRequestHeader("Content-Type", explicitType);
          }
          client.send(body);
        }, document.title + " (" + name + ")");
      }
      // corsenabled.py safelists methods GET, POST, PUT, and FOO
      redirect("301")
      redirect("301", "301 GET with explicit Content-Type", "GET", null, "application/x-pony")
      redirect("301", "301 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true)
      redirect("303", "303 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true)
      redirect("302")
      redirect("303")
      redirect("302", "302 FOO with string and explicit Content-Type safelisted", "FOO", "test", "application/x-pony", true)
      redirect("303", "303 FOO with string and explicit Content-Type safelisted", "FOO", "test", "application/x-pony", true)
      redirect("307")
      redirect("307", "307 post with null", "POST", null)
      redirect("307", "307 post with string", "POST", "hello")
      redirect("307", "307 post with typed array", "POST", new Uint8Array([65, 66, 67]))
      redirect("301", "301 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
      redirect("301", "301 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/x-pony", true)
      redirect("302", "302 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
      redirect("307", "307 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
      redirect("307", "307 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
      redirect("308", "308 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
      redirect("308", "308 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
      redirect("308", "308 FOO with string and explicit Content-Type text/plain", "FOO", "yoyo", "text/plain")
      redirect("308", "308 FOO with string and explicit Content-Type multipart/form-data", "FOO", "yoyo", "multipart/form-data")
      redirect("308", "308 FOO with string and explicit Content-Type safelisted", "FOO", "yoyo", "application/thunderstorm", true)
      redirect("307", "307 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/thunderstorm", true)
    </script>
  </body>
</html>