wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
076cd81ce0
gecko/testing/web-platform/tests/cors/credentials-flag.htm

129 lines
4.2 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<title>CORS - Access-Control-Allow-Credentials</title>
<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>
<h1>CORS - Access-Control-Allow-Credentials</h1>
<div id=log></div>
<script>
var url = CROSSDOMAIN + 'resources/cors-cookie.py?ident='
/*
* widthCredentials
*/
// XXX Do some https tests here as well
test(function () {
var client = new XMLHttpRequest()
client.open('GET', CROSSDOMAIN, false)
assert_throws(null, function() { client.withCredentials = true; }, 'setting withCredentials')
}, 'Setting withCredentials on a sync XHR object should throw')
async_test(function () {
var id = new Date().getTime() + '_1',
client = new XMLHttpRequest()
client.open("GET", url + id, true)
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE")
client.open("GET", url + id, true)
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE")
this.done()
})
client.send(null)
})
client.send(null)
}, "Don't send cookie by default");
async_test(function () {
var id = new Date().getTime() + '_2',
client = new XMLHttpRequest()
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "No cookie in initial request");
/* We have cookie, but the browser shouldn't send */
client.open("GET", url + id, true)
client.withCredentials = false
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "No cookie after withCredentials=false sync request")
/* Reads and deletes the cookie */
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "COOKIE", "Cookie sent in withCredentials=true sync request")
this.done()
})
client.send(null)
})
client.send(null)
})
client.send(null)
}, "Don't send cookie part 2");
async_test(function () {
var id = new Date().getTime() + '_3',
client = new XMLHttpRequest()
/* Shouldn't set the response cookie */
client.open("GET", url + id, true)
client.withCredentials = false
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "first");
/* Sets the cookie */
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "NO_COOKIE", "second")
/* Reads and deletes the cookie */
client.open("GET", url + id, true)
client.withCredentials = true
client.onload = this.step_func(function() {
assert_equals(client.response, "COOKIE", "third")
this.done()
})
client.send(null)
})
client.send(null)
})
client.send(null)
}, "Don't obey Set-Cookie when withCredentials=false");
function test_response_header(allow) {
var resp_test = async_test('Access-Control-Allow-Credentials: ' + allow + ' should be disallowed (async)')
resp_test.step(function() {
var client = new XMLHttpRequest()
client.open('GET',
CROSSDOMAIN + 'resources/cors-makeheader.py?credentials=' + allow,
true)
client.withCredentials = true;
client.onload = resp_test.step_func(function() {
assert_unreached("onload")
})
client.onerror = resp_test.step_func(function () {
assert_equals(client.readyState, client.DONE, 'readyState')
resp_test.done()
})
client.send()
})
}
test_response_header('TRUE')
test_response_header('True')
test_response_header('"true"')
test_response_header('false')
test_response_header('1')
test_response_header('0')
</script>
Reference in New Issue View Git Blame Copy Permalink