mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
90 lines
3.1 KiB
HTML
90 lines
3.1 KiB
HTML
<!DOCTYPE html>
|
|
<meta charset=utf-8>
|
|
<title>Access-Control-Allow-Headers handling</title>
|
|
<script src=/resources/testharness.js></script>
|
|
<script src=/resources/testharnessreport.js></script>
|
|
<script src=support.js?pipe=sub></script>
|
|
|
|
<h1>Access-Control-Allow-Headers handling</h1>
|
|
|
|
<div id=log></div>
|
|
|
|
<script>
|
|
|
|
/*
|
|
* Origin header
|
|
*/
|
|
function shouldPass(origin) {
|
|
test(function () {
|
|
var client = new XMLHttpRequest()
|
|
client.open('GET', CROSSDOMAIN
|
|
+ '/resources/cors-makeheader.py?origin='
|
|
+ encodeURIComponent(origin),
|
|
false)
|
|
client.send()
|
|
r = JSON.parse(client.response)
|
|
var host = location.protocol + "//" + location.host
|
|
assert_equals(r['origin'], host, 'Request Origin: should be ' + host)
|
|
}, 'Allow origin: ' + origin.replace(/\t/g, "[tab]").replace(/ /g, '_'));
|
|
}
|
|
|
|
shouldPass('*');
|
|
shouldPass(' * ');
|
|
shouldPass(' *');
|
|
shouldPass(location.protocol + "//" + location.host);
|
|
shouldPass(" "+location.protocol + "//" + location.host);
|
|
shouldPass(" "+location.protocol + "//" + location.host + " ");
|
|
shouldPass(" "+location.protocol + "//" + location.host);
|
|
|
|
|
|
function shouldFail(origin) {
|
|
test(function () {
|
|
var client = new XMLHttpRequest()
|
|
client.open('GET', CROSSDOMAIN
|
|
+ '/resources/cors-makeheader.py?origin='
|
|
+ encodeURIComponent(origin),
|
|
false)
|
|
assert_throws(null, function() { client.send() }, 'send')
|
|
}, 'Disallow origin: ' + origin.replace('\0', '\\0'));
|
|
}
|
|
|
|
shouldFail(location.protocol + "//" + SUBDOMAIN + "." + location.host)
|
|
shouldFail("//" + location.host)
|
|
shouldFail("://" + location.host)
|
|
shouldFail("ftp://" + location.host)
|
|
shouldFail("http:://" + location.host)
|
|
shouldFail("http:/" + location.host)
|
|
shouldFail("http:" + location.host)
|
|
shouldFail(location.host)
|
|
shouldFail(location.protocol + "//" + location.host + "?")
|
|
shouldFail(location.protocol + "//" + location.host + "/")
|
|
shouldFail(location.protocol + "//" + location.host + " /")
|
|
shouldFail(location.protocol + "//" + location.host + "#")
|
|
shouldFail(location.protocol + "//" + location.host + "%23")
|
|
shouldFail(location.protocol + "//" + location.host + ":80")
|
|
shouldFail(location.protocol + "//" + location.host + ", *")
|
|
shouldFail(location.protocol + "//" + location.host + "\0")
|
|
shouldFail((location.protocol + "//" + location.host).toUpperCase())
|
|
shouldFail(location.protocol.toUpperCase() + "//" + location.host)
|
|
shouldFail("-")
|
|
shouldFail("**")
|
|
shouldFail("\0*")
|
|
shouldFail("*\0")
|
|
shouldFail("'*'")
|
|
shouldFail('"*"')
|
|
shouldFail("* *")
|
|
shouldFail("*" + location.protocol + "//" + "*")
|
|
shouldFail("*" + location.protocol + "//" + location.host)
|
|
shouldFail("* " + location.protocol + "//" + location.host)
|
|
shouldFail("*, " + location.protocol + "//" + location.host)
|
|
shouldFail("\0" + location.protocol + "//" + location.host)
|
|
shouldFail("null " + location.protocol + "//" + location.host)
|
|
shouldFail('http://example.net')
|
|
shouldFail('null')
|
|
shouldFail('')
|
|
shouldFail(location.href)
|
|
shouldFail(dirname(location.href))
|
|
shouldFail(CROSSDOMAIN)
|
|
|
|
</script>
|