diff options
Diffstat (limited to 'testing/web-platform/tests/eventsource/eventsource-cross-origin.htm')
-rw-r--r-- | testing/web-platform/tests/eventsource/eventsource-cross-origin.htm | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/testing/web-platform/tests/eventsource/eventsource-cross-origin.htm b/testing/web-platform/tests/eventsource/eventsource-cross-origin.htm new file mode 100644 index 000000000..b753bad7d --- /dev/null +++ b/testing/web-platform/tests/eventsource/eventsource-cross-origin.htm @@ -0,0 +1,64 @@ +<!DOCTYPE html> +<html> + <head> + <meta charset=utf-8> + <title>EventSource: cross-origin</title> + <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <div id="log"></div> + <script> + var crossdomain = location.href + .replace('://', '://www2.') + .replace(/\/[^\/]*$/, '/') + + function doCORS(url, title) { + async_test(document.title + " " + title).step(function() { + var source = new EventSource(url, { withCredentials: true }) + source.onmessage = this.step_func(function(e) { + assert_equals(e.data, "data") + source.close() + this.done() + }) + }) + } + + doCORS(crossdomain + "resources/cors.py?run=message", + "basic use") + doCORS(crossdomain + "resources/cors.py?run=redirect&location=/eventsource/resources/cors.py?run=message", + "redirect use") + doCORS(crossdomain + "resources/cors.py?run=status-reconnect&status=200", + "redirect use recon") + + function failCORS(url, title) { + async_test(document.title + " " + title).step(function() { + var source = new EventSource(url) + source.onerror = this.step_func(function(e) { + assert_equals(source.readyState, source.CLOSED, 'readyState') + assert_false(e.hasOwnProperty('data')) + source.close() + this.done() + }) + + /* Shouldn't happen */ + source.onmessage = this.step_func(function(e) { + assert_unreached("shouldn't fire message event") + }) + source.onopen = this.step_func(function(e) { + assert_unreached("shouldn't fire open event") + }) + }) + } + + failCORS(crossdomain + "resources/cors.py?run=message&origin=http://example.org", + "allow-origin: http://example.org should fail") + failCORS(crossdomain + "resources/cors.py?run=message&origin=", + "allow-origin:'' should fail") + failCORS(crossdomain + "resources/message.py", + "No allow-origin should fail") + </script> + </body> +</html> + |