summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/cors/redirect-preflight.htm
blob: bb47f2cae5d124f324b0c9f2f394d5352fec1e0a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

<!DOCTYPE html>
<meta charset=utf-8>
<title>CORS - redirect with preflight</title>
<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">

<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>

<h1>Redirect with preflight</h1>

<div id=log></div>
<script>

var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer

/*
 * Redirection with preflights
 */

function redir_preflight(code) {
    test(function() {
        var client = new XMLHttpRequest(),
            redirect = CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++

        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?'
                           + 'headers=x-test&location=' + encodeURIComponent(redirect)
                           + '&code=' + code + '&preflight=' + code + '&' + req_c++,
                    false)
        client.setRequestHeader('x-test', 'test')
        assert_throws(null, function() { client.send(null) });

    },
    'Redirect ' + code + ' on preflight')
}
redir_preflight(301)
redir_preflight(302)
redir_preflight(303)
redir_preflight(307)
redir_preflight(308)

/* Even thought the preflight was allowed (200), CORS should not follow
   a subsequent redirect */
function redir_after_preflight(code) {
    test(function() {
        var client = new XMLHttpRequest(),
            redirect = CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++

        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?'
                           + 'preflight=200&headers=x-test&location='
                           + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
                    false)
        client.setRequestHeader('x-test', 'test')
        assert_throws(null, function() { client.send(null) });

    },
    'Disallow redirect ' + code + ' after succesful (200) preflight')
}
redir_after_preflight(301)
redir_after_preflight(302)
redir_after_preflight(303)
redir_after_preflight(307)
redir_after_preflight(308)

</script>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 16:55:24 +0000