test_CrossSiteXHR_origin.html (5510B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8"> 5 <title>Test for Cross Site XMLHttpRequest</title> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <p id="display"> 11 <iframe id=loader></iframe> 12 </p> 13 <div id="content" style="display: none"> 14 15 </div> 16 <pre id="test"> 17 <script class="testbody" type="application/javascript"> 18 19 SimpleTest.waitForExplicitFinish(); 20 SimpleTest.requestLongerTimeout(2); 21 22 var origins = 23 [{ server: 'http://example.org' }, 24 { server: 'http://example.org:80', 25 origin: 'http://example.org' 26 }, 27 { server: 'http://sub1.test1.example.org' }, 28 { server: 'http://test2.example.org:8000' }, 29 { server: 'http://sub1.\xe4lt.example.org:8000', 30 origin: 'http://sub1.xn--lt-uia.example.org:8000' 31 }, 32 { server: 'http://sub2.\xe4lt.example.org', 33 origin: 'http://sub2.xn--lt-uia.example.org' 34 }, 35 { server: 'http://ex\xe4mple.test', 36 origin: 'http://xn--exmple-cua.test' 37 }, 38 { server: 'http://xn--exmple-cua.test' }, 39 { server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae', 40 origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp' 41 }, 42 { origin: 'null', 43 file: 'http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs' 44 }, 45 ]; 46 47 //['https://example.com:443'], 48 //['https://sub1.test1.example.com:443'], 49 50 51 function initTest() { 52 // Allow all cookies, then do the actual test initialization 53 SpecialPowers.pushPrefEnv({ 54 "set": [ 55 // Some of this test relies on redirecting to data: URLs from http. 56 ["network.allow_redirect_to_data", true], 57 ] 58 }).then(initTestCallback); 59 } 60 61 function initTestCallback() { 62 window.addEventListener("message", function(e) { 63 gen.next(e.data); 64 }); 65 66 gen = runTest(); 67 gen.next(); 68 } 69 70 function* runTest() { 71 var loader = document.getElementById('loader'); 72 var loaderWindow = loader.contentWindow; 73 loader.onload = function () { gen.next() }; 74 75 // Test preflight-less requests 76 basePath = "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?" 77 baseURL = "http://mochi.test:8888" + basePath; 78 79 for (originEntry of origins) { 80 origin = originEntry.origin || originEntry.server; 81 82 loader.src = originEntry.file || 83 (originEntry.server + "/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html"); 84 yield undefined; 85 86 var isNullOrigin = origin == "null"; 87 88 port = /:\d+/; 89 passTests = [ 90 origin, 91 "*", 92 " \t " + origin + "\t \t", 93 "\t \t* \t ", 94 ]; 95 failTests = [ 96 "", 97 " ", 98 port.test(origin) ? origin.replace(port, "") 99 : origin + ":1234", 100 port.test(origin) ? origin.replace(port, ":") 101 : origin + ":", 102 origin + ".", 103 origin + "/", 104 origin + "#", 105 origin + "?", 106 origin + "\\", 107 origin + "%", 108 origin + "@", 109 origin + "/hello", 110 "foo:bar@" + origin, 111 "* " + origin, 112 origin + " " + origin, 113 "allow <" + origin + ">", 114 "<" + origin + ">", 115 "<*>", 116 origin.substr(0, 5) == "https" ? origin.replace("https", "http") 117 : origin.replace("http", "https"), 118 origin.replace("://", "://www."), 119 origin.replace("://", ":// "), 120 origin.replace(/\/[^.]+\./, "/"), 121 ]; 122 123 if (isNullOrigin) { 124 passTests = ["*", "\t \t* \t ", "null"]; 125 failTests = failTests.filter(function(v) { return v != origin }); 126 } 127 128 for (allowOrigin of passTests) { 129 req = { 130 url: baseURL + 131 "allowOrigin=" + escape(allowOrigin) + 132 "&origin=" + escape(origin), 133 method: "GET", 134 }; 135 loaderWindow.postMessage(JSON.stringify(req), isNullOrigin ? "*" : origin); 136 137 res = JSON.parse(yield); 138 is(res.didFail, false, "shouldn't have failed for " + allowOrigin); 139 is(res.status, 200, "wrong status for " + allowOrigin); 140 is(res.statusText, "OK", "wrong status text for " + allowOrigin); 141 is(res.responseXML, 142 "<res>hello pass</res>", 143 "wrong responseXML in test for " + allowOrigin); 144 is(res.responseText, "<res>hello pass</res>\n", 145 "wrong responseText in test for " + allowOrigin); 146 is(res.events.join(","), 147 "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend", 148 "wrong responseText in test for " + allowOrigin); 149 } 150 151 for (allowOrigin of failTests) { 152 req = { 153 url: baseURL + "allowOrigin=" + escape(allowOrigin), 154 method: "GET", 155 }; 156 loaderWindow.postMessage(JSON.stringify(req), isNullOrigin ? "*" : origin); 157 158 res = JSON.parse(yield); 159 is(res.didFail, true, "should have failed for " + allowOrigin); 160 is(res.responseText, "", "should have no text for " + allowOrigin); 161 is(res.status, 0, "should have no status for " + allowOrigin); 162 is(res.statusText, "", "wrong status text for " + allowOrigin); 163 is(res.responseXML, null, "should have no XML for " + allowOrigin); 164 is(res.events.join(","), 165 "opening,rs1,sending,loadstart,rs4,error,loadend", 166 "wrong events in test for " + allowOrigin); 167 is(res.progressEvents, 0, 168 "wrong events in test for " + allowOrigin); 169 } 170 } 171 172 SimpleTest.finish(); 173 } 174 175 addLoadEvent(initTest); 176 177 </script> 178 </pre> 179 </body> 180 </html>