Add m-esr52 at 52.6.0

1 files changed, 54 insertions, 0 deletions

diff --git a/testing/web-platform/tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm b/testing/web-platform/tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm
new file mode 100644
index 000000000..ba7ea7e35
--- /dev/null
+++ b/testing/web-platform/tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm
@@ -0,0 +1,54 @@
+<!doctype html>
+<html>
+  <head>
+    <title>XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/utils.js"></script>
+    <link rel="help" href="https://xhr.spec.whatwg.org/#the-open()-method" data-tested-assertations="following::ol[1]/li[9]/ol[1]/li[1] following::ol[1]/li[9]/ol[1]/li[2]" />
+    <link rel="help" href="https://xhr.spec.whatwg.org/#the-send()-method" data-tested-assertations="following::code[contains(@title,'http-authorization')]/.." />  </head>
+  <body>
+    <div id="log"></div>
+    <script>
+      function request(user1, pass1, user2, pass2, name) { 
+        // user1, pass1 will if given become userinfo part of URL
+        // user2, pass2 will if given be passed to open() call
+        test(function() {
+          var client = new XMLHttpRequest(),
+              urlstart = "", userwin, passwin
+          // if user2 is set, winning user name and password is 2
+          if(user2)
+            userwin = user2, passwin = pass2
+          // if user1 is set, and user2 is not set, user1 and pass1 win
+          if(user1 && ! user2)
+            userwin = user1, passwin = pass1
+          // if neither user name is set, pass 2 wins (there will be no userinfo in URL)
+          if (!(user1 || user2))
+            passwin = pass2
+          if(user1) { // should add userinfo to URL (there is no way to create userinfo part of URL with only password in)
+            urlstart = "http://" + user1
+            if(pass1)
+              urlstart += ":" + pass1
+            urlstart += "@" + location.host + location.pathname.replace(/\/[^\/]*$/, '/')
+          }
+          client.open("GET", urlstart + "resources/authentication.py", false, user2, pass2)
+          client.setRequestHeader("x-user", userwin)
+          client.send(null)
+          assert_true(client.responseText == ((userwin||'') + "\n" + (passwin||'')), 'responseText should contain the right user and password')
+
+          // We want to send multiple requests to the same realm here, so we try to make the UA forget its (cached) credentials between each test..
+          // forcing a 401 response to (hopefully) "log out"
+          // NOTE: This is commented out because it causes authentication prompts while running the test
+          //client.open('GET', "resources/authentication.py?logout=1", false)
+          //client.send()
+        }, document.title+' '+name)
+      }
+      request(null, null, token(), token(), 'user/pass in open() call')
+      request(null, null, token(), token(), 'another user/pass in open() call - must override cached credentials from previous test')
+      request("userinfo-user", "userinfo-pass", token(), token(), 'user/pass both in URL userinfo AND open() call - expexted that open() wins')
+      request(token(), token(), null, null, 'user/pass *only* in URL userinfo')
+      request(token(), null, null, token(), 'user name in URL userinfo, password in open() call: user name wins and password is thrown away')
+      request("1", token(), token(), null, 'user name and password in URL userinfo, only user name in open() call: user name in open() wins')
+    </script>
+  </body>
+</html>