2011-01-16 08:58:50 -08:00
|
|
|
<!DOCTYPE HTML>
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>Test bug 466080</title>
|
|
|
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
|
|
</head>
|
|
|
|
<body onload="onWindowLoad()">
|
|
|
|
<iframe id="frame1"
|
|
|
|
src="https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs"
|
|
|
|
onload="document.iframeWasLoaded = true">
|
|
|
|
|
|
|
|
This iframe should load the resource via the src-attribute from
|
|
|
|
a secure server which requires a client-cert. Doing this is
|
|
|
|
supposed to work, but further below in the test we try to load
|
|
|
|
the resource from the same url using a XHR, which should not work.
|
|
|
|
|
|
|
|
TODO : What if we change 'src' from JS? Would/should it load?
|
|
|
|
|
|
|
|
</iframe>
|
|
|
|
|
|
|
|
<script class="testbody" type="text/javascript">
|
|
|
|
|
|
|
|
document.iframeWasLoaded = false;
|
|
|
|
|
|
|
|
var alltests = [
|
|
|
|
|
|
|
|
// load resource from a relative url - this should work
|
|
|
|
{ url:"bug466080.sjs",
|
|
|
|
status_check:"==200",
|
|
|
|
error:"XHR from relative URL"},
|
|
|
|
|
|
|
|
// TODO - load the resource from a relative url via https..?
|
|
|
|
|
|
|
|
// load a non-existing resource - should get "404 Not Found"
|
|
|
|
{ url:"bug466080-does-not.exist",
|
|
|
|
status_check:"==404",
|
|
|
|
error:"XHR loading non-existing resource"},
|
|
|
|
|
|
|
|
// load resource from cross-site non-secure server
|
|
|
|
{ url:"http://test1.example.com/tests/content/base/test/bug466080.sjs",
|
|
|
|
status_check:"==200",
|
|
|
|
error:"XHR from cross-site plaintext server"},
|
|
|
|
|
|
|
|
// load resource from cross-site secure server - should work since no credentials are needed
|
|
|
|
{ url:"https://test1.example.com/tests/content/base/test/bug466080.sjs",
|
|
|
|
status_check:"==200",
|
|
|
|
error:"XHR from cross-site secure server"},
|
|
|
|
|
|
|
|
// load resource from cross-site secure server - should work since the server just requests certs
|
|
|
|
{ url:"https://requestclientcert.example.com/tests/content/base/test/bug466080.sjs",
|
|
|
|
status_check:"==200",
|
|
|
|
error:"XHR from cross-site secure server requesting certificate"},
|
|
|
|
|
|
|
|
// load resource from cross-site secure server - should NOT work since the server requires cert
|
|
|
|
// note that this is the url which is used in the iframe.src above
|
|
|
|
{ url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
|
|
|
|
status_check:"!=200",
|
|
|
|
error:"XHR from cross-site secure server requiring certificate"},
|
|
|
|
|
|
|
|
// repeat previous, - should NOT work
|
|
|
|
{ url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
|
|
|
|
status_check:"==200",
|
|
|
|
error:"XHR w/ credentials from cross-site secure server requiring certificate",
|
|
|
|
withCredentials:"true"},
|
|
|
|
|
|
|
|
// repeat previous, but with credentials - should work
|
|
|
|
{ url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
|
|
|
|
status_check:"==200",
|
|
|
|
error:"XHR w/ credentials from cross-site secure server requiring certificate",
|
|
|
|
withCredentials:"true"},
|
|
|
|
|
|
|
|
// repeat previous, withCredentials but using a weird method to force preflight
|
|
|
|
// should NOT work since our preflight is anonymous and will fail with our simple server
|
|
|
|
{ url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
|
|
|
|
status_check:"!=200",
|
|
|
|
error:"XHR PREFLIGHT from cross-site secure server requiring certificate",
|
|
|
|
withCredentials:"true",
|
|
|
|
method:"XMETHOD"},
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
function onWindowLoad() {
|
|
|
|
// First, check that resource was loaded into the iframe
|
|
|
|
// This check in fact depends on bug #444165... :)
|
|
|
|
ok(document.iframeWasLoaded, "Loading resource via src-attribute");
|
|
|
|
|
|
|
|
|
2011-12-08 05:55:20 -08:00
|
|
|
function runTest(test) {
|
2011-01-16 08:58:50 -08:00
|
|
|
|
|
|
|
var xhr = new XMLHttpRequest();
|
2011-12-08 05:55:20 -08:00
|
|
|
|
2011-01-16 08:58:50 -08:00
|
|
|
var method = "GET";
|
|
|
|
if (test.method != null) { method = test.method; }
|
2011-12-08 05:55:20 -08:00
|
|
|
xhr.open(method, test.url);
|
|
|
|
|
2011-01-16 08:58:50 -08:00
|
|
|
xhr.withCredentials = test.withCredentials;
|
|
|
|
|
|
|
|
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
|
|
|
xhr.setRequestHeader("Connection", "Keep-Alive", false);
|
|
|
|
netscape.security.PrivilegeManager.disablePrivilege("UniversalXPConnect");
|
|
|
|
|
|
|
|
try {
|
|
|
|
xhr.send();
|
|
|
|
} catch(e) {
|
|
|
|
}
|
2011-12-08 05:55:20 -08:00
|
|
|
|
|
|
|
xhr.onloadend = function() {
|
|
|
|
var success = eval(xhr.status + test.status_check);
|
|
|
|
ok(success, test.error);
|
|
|
|
|
|
|
|
if (alltests.length == 0) {
|
|
|
|
SimpleTest.finish();
|
|
|
|
} else {
|
|
|
|
runTest(alltests.shift());
|
|
|
|
}
|
|
|
|
};
|
2011-01-16 08:58:50 -08:00
|
|
|
}
|
2011-12-08 05:55:20 -08:00
|
|
|
|
|
|
|
runTest(alltests.shift());
|
2011-01-16 08:58:50 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
|
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|