From 57a71b17f1481981d1018fbd68acb65b2f9599b8 Mon Sep 17 00:00:00 2001
From: Nikhil Marathe <nsm.nikhil@gmail.com>
Date: Mon, 5 Jan 2015 15:43:54 -0800
Subject: [PATCH] Bug 1119021 - CORS credentials tests. r=bkelly

Allow request to continue when useCredentials is set.

--HG--
extra : rebase_source : c39f6a4ebbf779e91f2bf380e4410fe1cf25daa1
---
 dom/fetch/FetchDriver.cpp                     |   3 -
 .../mochitest/fetch/worker_test_fetch_cors.js | 151 ++++++++++++++++++
 2 files changed, 151 insertions(+), 3 deletions(-)

diff --git a/dom/fetch/FetchDriver.cpp b/dom/fetch/FetchDriver.cpp
index b86dfdc4165..44abb675417 100644
--- a/dom/fetch/FetchDriver.cpp
+++ b/dom/fetch/FetchDriver.cpp
@@ -410,9 +410,6 @@ FetchDriver::HttpFetch(bool aCORSFlag, bool aCORSPreflightFlag, bool aAuthentica
     // Auth may require prompting, we don't support it yet.
     // The next patch in this same bug prevents this from aborting the request.
     // Credentials checks for CORS are handled by nsCORSListenerProxy,
-    if (useCredentials) {
-      return FailWithNetworkError();
-    }
   }
 
   // Step 5. Proxy authentication will be handled by Necko.
diff --git a/dom/tests/mochitest/fetch/worker_test_fetch_cors.js b/dom/tests/mochitest/fetch/worker_test_fetch_cors.js
index 1a66a547de0..99ea7c1b480 100644
--- a/dom/tests/mochitest/fetch/worker_test_fetch_cors.js
+++ b/dom/tests/mochitest/fetch/worker_test_fetch_cors.js
@@ -723,6 +723,156 @@ function testModeCors() {
   return Promise.all(fetches);
 }
 
+function testCredentials() {
+  var tests = [
+           { pass: 1,
+             method: "GET",
+             withCred: 1,
+             allowCred: 1,
+           },
+           { pass: 0,
+             method: "GET",
+             withCred: 1,
+             allowCred: 0,
+           },
+           { pass: 0,
+             method: "GET",
+             withCred: 1,
+             allowCred: 1,
+             origin: "*",
+           },
+           { pass: 1,
+             method: "GET",
+             withCred: 0,
+             allowCred: 1,
+             origin: "*",
+           },
+           { pass: 1,
+             method: "GET",
+             setCookie: "a=1",
+             withCred: 1,
+             allowCred: 1,
+           },
+           { pass: 1,
+             method: "GET",
+             cookie: "a=1",
+             withCred: 1,
+             allowCred: 1,
+           },
+           { pass: 1,
+             method: "GET",
+             noCookie: 1,
+             withCred: 0,
+             allowCred: 1,
+           },
+           { pass: 0,
+             method: "GET",
+             noCookie: 1,
+             withCred: 1,
+             allowCred: 1,
+           },
+           { pass: 1,
+             method: "GET",
+             setCookie: "a=2",
+             withCred: 0,
+             allowCred: 1,
+           },
+           { pass: 1,
+             method: "GET",
+             cookie: "a=1",
+             withCred: 1,
+             allowCred: 1,
+           },
+           { pass: 1,
+             method: "GET",
+             setCookie: "a=2",
+             withCred: 1,
+             allowCred: 1,
+           },
+           { pass: 1,
+             method: "GET",
+             cookie: "a=2",
+             withCred: 1,
+             allowCred: 1,
+           },
+           ];
+           // FIXME(nsm): Add "same-origin" credentials test
+
+  var baseURL = "http://example.org" + corsServerPath;
+  var origin = "http://mochi.test:8888";
+
+  var finalPromiseResolve, finalPromiseReject;
+  var finalPromise = new Promise(function(res, rej) {
+    finalPromiseResolve = res;
+    finalPromiseReject = rej;
+  });
+
+  function makeRequest(test) {
+    req = {
+      url: baseURL + "allowOrigin=" + escape(test.origin || origin),
+      method: test.method,
+      headers: test.headers,
+      withCred: test.withCred,
+    };
+
+    if (test.allowCred)
+      req.url += "&allowCred";
+
+    if (test.setCookie)
+      req.url += "&setCookie=" + escape(test.setCookie);
+    if (test.cookie)
+      req.url += "&cookie=" + escape(test.cookie);
+    if (test.noCookie)
+      req.url += "&noCookie";
+
+    if ("allowHeaders" in test)
+      req.url += "&allowHeaders=" + escape(test.allowHeaders);
+    if ("allowMethods" in test)
+      req.url += "&allowMethods=" + escape(test.allowMethods);
+
+    return new Request(req.url, { method: req.method,
+                                  headers: req.headers,
+                                  credentials: req.withCred ? "include" : "omit" });
+  }
+
+  function testResponse(res, test) {
+    if (test.pass) {
+      is(isNetworkError(res), false,
+        "shouldn't have failed in test for " + test.toSource());
+      is(res.status, 200, "wrong status in test for " + test.toSource());
+      is(res.statusText, "OK", "wrong status text for " + test.toSource());
+      return res.text().then(function(v) {
+        is(v, "<res>hello pass</res>\n",
+         "wrong text in test for " + test.toSource());
+      });
+    }
+    else {
+      is(isNetworkError(res), true,
+        "should have failed in test for " + test.toSource());
+      return res.text().then(function(v) {
+        is(v, "",
+         "wrong text in test for " + test.toSource());
+      });
+    }
+  }
+
+  function runATest(i) {
+    var test = tests[i];
+    var request = makeRequest(test);
+    fetch(request).then(function(res) {
+      testResponse(res, test);
+      if (i < tests.length-1) {
+        runATest(i+1);
+      } else {
+        finalPromiseResolve();
+      }
+    }, finalPromiseReject);
+  }
+
+  runATest(0);
+  return finalPromise;
+}
+
 function runTest() {
   var done = function() {
     if (typeof SimpleTest === "object") {
@@ -738,6 +888,7 @@ function runTest() {
     .then(testModeSameOrigin)
     .then(testModeNoCors)
     .then(testModeCors)
+    .then(testCredentials)
     // Put more promise based tests here.
     .then(done)
     .catch(function(e) {