<!DOCTYPE HTML> <html> <head> <title>Test bug 466080</title> <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> </head> <body onload="onWindowLoad()"> <iframe id="frame1" src="https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs" onload="document.iframeWasLoaded = true"> This iframe should load the resource via the src-attribute from a secure server which requires a client-cert. Doing this is supposed to work, but further below in the test we try to load the resource from the same url using a XHR, which should not work. TODO : What if we change 'src' from JS? Would/should it load? </iframe> <script class="testbody" type="text/javascript"> document.iframeWasLoaded = false; var alltests = [ // load resource from a relative url - this should work { url:"bug466080.sjs", status_check:"==200", error:"XHR from relative URL"}, // TODO - load the resource from a relative url via https..? // load a non-existing resource - should get "404 Not Found" { url:"bug466080-does-not.exist", status_check:"==404", error:"XHR loading non-existing resource"}, // load resource from cross-site non-secure server { url:"http://test1.example.com/tests/dom/base/test/bug466080.sjs", status_check:"==200", error:"XHR from cross-site plaintext server"}, // load resource from cross-site secure server - should work since no credentials are needed { url:"https://test1.example.com/tests/dom/base/test/bug466080.sjs", status_check:"==200", error:"XHR from cross-site secure server"}, // load resource from cross-site secure server - should work since the server just requests certs { url:"https://requestclientcert.example.com/tests/dom/base/test/bug466080.sjs", status_check:"==200", error:"XHR from cross-site secure server requesting certificate"}, // load resource from cross-site secure server - should NOT work since the server requires cert // note that this is the url which is used in the iframe.src above { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", status_check:"!=200", error:"XHR from cross-site secure server requiring certificate"}, // repeat previous, - should NOT work { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", status_check:"==200", error:"XHR w/ credentials from cross-site secure server requiring certificate", withCredentials:"true"}, // repeat previous, but with credentials - should work { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", status_check:"==200", error:"XHR w/ credentials from cross-site secure server requiring certificate", withCredentials:"true"}, // repeat previous, withCredentials but using a weird method to force preflight // should NOT work since our preflight is anonymous and will fail with our simple server { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", status_check:"!=200", error:"XHR PREFLIGHT from cross-site secure server requiring certificate", withCredentials:"true", method:"XMETHOD"}, ]; function onWindowLoad() { // First, check that resource was loaded into the iframe // This check in fact depends on bug #444165... :) ok(document.iframeWasLoaded, "Loading resource via src-attribute"); function runTest(test) { var xhr = new XMLHttpRequest(); var method = "GET"; if (test.method != null) { method = test.method; } xhr.open(method, test.url); xhr.withCredentials = test.withCredentials; SpecialPowers.wrap(xhr).setRequestHeader("Connection", "Keep-Alive", false); try { xhr.send(); } catch(e) { } xhr.onloadend = function() { var success = eval(xhr.status + test.status_check); ok(success, test.error); if (alltests.length == 0) { SimpleTest.finish(); } else { runTest(alltests.shift()); } }; } runTest(alltests.shift()); } SimpleTest.waitForExplicitFinish(); </script> </body> </html>