summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/eventsource/eventsource-cross-origin.htm
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/eventsource/eventsource-cross-origin.htm')
-rw-r--r--testing/web-platform/tests/eventsource/eventsource-cross-origin.htm64
1 files changed, 64 insertions, 0 deletions
diff --git a/testing/web-platform/tests/eventsource/eventsource-cross-origin.htm b/testing/web-platform/tests/eventsource/eventsource-cross-origin.htm
new file mode 100644
index 000000000..b753bad7d
--- /dev/null
+++ b/testing/web-platform/tests/eventsource/eventsource-cross-origin.htm
@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>EventSource: cross-origin</title>
+ <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <div id="log"></div>
+ <script>
+ var crossdomain = location.href
+ .replace('://', '://www2.')
+ .replace(/\/[^\/]*$/, '/')
+
+ function doCORS(url, title) {
+ async_test(document.title + " " + title).step(function() {
+ var source = new EventSource(url, { withCredentials: true })
+ source.onmessage = this.step_func(function(e) {
+ assert_equals(e.data, "data")
+ source.close()
+ this.done()
+ })
+ })
+ }
+
+ doCORS(crossdomain + "resources/cors.py?run=message",
+ "basic use")
+ doCORS(crossdomain + "resources/cors.py?run=redirect&location=/eventsource/resources/cors.py?run=message",
+ "redirect use")
+ doCORS(crossdomain + "resources/cors.py?run=status-reconnect&status=200",
+ "redirect use recon")
+
+ function failCORS(url, title) {
+ async_test(document.title + " " + title).step(function() {
+ var source = new EventSource(url)
+ source.onerror = this.step_func(function(e) {
+ assert_equals(source.readyState, source.CLOSED, 'readyState')
+ assert_false(e.hasOwnProperty('data'))
+ source.close()
+ this.done()
+ })
+
+ /* Shouldn't happen */
+ source.onmessage = this.step_func(function(e) {
+ assert_unreached("shouldn't fire message event")
+ })
+ source.onopen = this.step_func(function(e) {
+ assert_unreached("shouldn't fire open event")
+ })
+ })
+ }
+
+ failCORS(crossdomain + "resources/cors.py?run=message&origin=http://example.org",
+ "allow-origin: http://example.org should fail")
+ failCORS(crossdomain + "resources/cors.py?run=message&origin=",
+ "allow-origin:'' should fail")
+ failCORS(crossdomain + "resources/message.py",
+ "No allow-origin should fail")
+ </script>
+ </body>
+</html>
+