basic.htm (2043B)
1 <!DOCTYPE html> 2 <meta charset=utf-8> 3 <title>Basic CORS</title> 4 <link rel=help href=https://fetch.spec.whatwg.org/> 5 <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com"> 6 7 <script src=/resources/testharness.js></script> 8 <script src=/resources/testharnessreport.js></script> 9 <script src=/common/utils.js></script> 10 <script src=support.js?pipe=sub></script> 11 <div id=log></div> 12 13 <script> 14 function cors(desc, scheme, subdomain = "", port = location.port) { 15 const sameorigin = !scheme; 16 const base = 17 sameorigin ? "" : `${scheme}://${subdomain}${location.hostname}:${port}${dirname(location.pathname)}`; 18 19 async_test((t) => { 20 const client = new XMLHttpRequest(); 21 client.open("GET", `${base}resources/cors-makeheader.py?get_value=hest_er_best&origin=none&${token()}`); 22 client.send(); 23 24 client.onload = t.step_func_done(() => { 25 assert_true(sameorigin, "Cross origin request must be rejected."); 26 assert_true(client.response.includes("hest_er_best"), "Got response"); 27 }); 28 client.onerror = t.step_func_done(() => { 29 assert_false(sameorigin, "Same origin request must be accepted."); 30 }); 31 }, `${desc}, origin: none`); 32 33 async_test((t) => { 34 const client = new XMLHttpRequest(); 35 client.open("GET", `${base}resources/cors-makeheader.py?get_value=hest_er_best&${token()}`); 36 client.send(); 37 38 client.onload = t.step_func_done(() => { 39 assert_true(client.response.includes("hest_er_best"), "Got response"); 40 }); 41 client.onerror = t.unreached_func("Should be accepted"); 42 }, `${desc}, origin: echo`); 43 } 44 45 cors("Same domain basic usage"); 46 cors("Cross domain basic usage", "http", "www1."); 47 cors("Same domain different port", "http", undefined, PORT); 48 49 cors("Cross domain different port", "http", "www1.", PORT); 50 51 cors("Cross domain different protocol", "https", "www1.", PORTS); 52 53 cors("Same domain different protocol different port", "https", undefined, PORTS); 54 55 </script>