diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/cors/origin.htm | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/cors/origin.htm')
-rw-r--r-- | testing/web-platform/tests/cors/origin.htm | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cors/origin.htm b/testing/web-platform/tests/cors/origin.htm new file mode 100644 index 000000000..a090b3340 --- /dev/null +++ b/testing/web-platform/tests/cors/origin.htm @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>Access-Control-Allow-Origin handling</title> +<meta name=help href=http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#resource-sharing-check> +<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com"> + +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=support.js?pipe=sub></script> + +<h1>Access-Control-Allow-Origin handling</h1> + +<div id=log></div> + +<script> + +/* + * Origin header + */ +function shouldPass(origin) { + test(function () { + var client = new XMLHttpRequest() + client.open('GET', CROSSDOMAIN + + '/resources/cors-makeheader.py?origin=' + + encodeURIComponent(origin), + false) + client.send() + r = JSON.parse(client.response) + var host = location.protocol + "//" + location.host + assert_equals(r['origin'], host, 'Request Origin: should be ' + host) + }, 'Allow origin: ' + origin.replace(/\t/g, "[tab]").replace(/ /g, '_')); +} + +shouldPass('*'); +shouldPass(' * '); +shouldPass(' *'); +shouldPass(location.protocol + "//" + location.host); +shouldPass(" "+location.protocol + "//" + location.host); +shouldPass(" "+location.protocol + "//" + location.host + " "); +shouldPass(" "+location.protocol + "//" + location.host); + + +function shouldFail(origin) { + test(function () { + var client = new XMLHttpRequest() + client.open('GET', CROSSDOMAIN + + '/resources/cors-makeheader.py?origin=' + + encodeURIComponent(origin), + false) + assert_throws(null, function() { client.send() }, 'send') + }, 'Disallow origin: ' + origin.replace(/\0/g, "\\0")); +} + +shouldFail(location.protocol + "//" + SUBDOMAIN + "." + location.host) +shouldFail("//" + location.host) +shouldFail("://" + location.host) +shouldFail("ftp://" + location.host) +shouldFail("http:://" + location.host) +shouldFail("http:/" + location.host) +shouldFail("http:" + location.host) +shouldFail(location.host) +shouldFail(location.protocol + "//" + location.host + "?") +shouldFail(location.protocol + "//" + location.host + "/") +shouldFail(location.protocol + "//" + location.host + " /") +shouldFail(location.protocol + "//" + location.host + "#") +shouldFail(location.protocol + "//" + location.host + "%23") +shouldFail(location.protocol + "//" + location.host + ":80") +shouldFail(location.protocol + "//" + location.host + ", *") +shouldFail(location.protocol + "//" + location.host + "\0") +shouldFail((location.protocol + "//" + location.host).toUpperCase()) +shouldFail(location.protocol.toUpperCase() + "//" + location.host) +shouldFail("-") +shouldFail("**") +shouldFail("\0*") +shouldFail("*\0") +shouldFail("'*'") +shouldFail('"*"') +shouldFail("* *") +shouldFail("* null") +shouldFail("*" + location.protocol + "//" + "*") +shouldFail("*" + location.protocol + "//" + location.host) +shouldFail("* " + location.protocol + "//" + location.host) +shouldFail("*, " + location.protocol + "//" + location.host) +shouldFail("\0" + location.protocol + "//" + location.host) +shouldFail("null " + location.protocol + "//" + location.host) +shouldFail('http://example.net') +shouldFail('null') +shouldFail('null *') +shouldFail('') +shouldFail(location.href) +shouldFail(dirname(location.href)) +shouldFail(CROSSDOMAIN) +shouldFail(location.host.replace(/^[^\.]+\./, "")) +shouldFail("." + location.host.replace(/^[^\.]+\./, "")) +shouldFail("*." + location.host.replace(/^[^\.]+\./, "")) +shouldFail("http://" + location.host.replace(/^[^\.]+\./, "")) +shouldFail("http://." + location.host.replace(/^[^\.]+\./, "")) +shouldFail("http://*." + location.host.replace(/^[^\.]+\./, "")) + +function doubleOrigin(origin, origin2) { + test(function () { + var client = new XMLHttpRequest() + client.open('GET', CROSSDOMAIN + + '/resources/cors-makeheader.py?origin=' + + encodeURIComponent(origin) + + '&origin2=' + encodeURIComponent(origin2), + false) + assert_throws(null, function() { client.send() }, 'send') + }, 'Disallow multiple headers (' + origin + ', ' + origin2 + ')'); +} + +doubleOrigin('', '*'); +doubleOrigin('*', ''); +doubleOrigin('*', '*'); +doubleOrigin('', location.protocol + "//" + location.host); +doubleOrigin('*', location.protocol + "//" + location.host); +doubleOrigin(location.protocol + "//" + location.host, location.protocol + "//" + location.host); + +</script> |