tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

request-headers.htm (2924B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <title>CORS - request headers - Access-Control-Allow-Headers</title>
      4 <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
      5 
      6 <script src=/resources/testharness.js></script>
      7 <script src=/resources/testharnessreport.js></script>
      8 <script src=support.js?pipe=sub></script>
      9 
     10 <h1>Request headers</h1>
     11 <div id=log></div>
     12 <script>
     13 
     14 /*
     15 * Request Headers
     16 */
     17 
     18 test(function() {
     19    var client = new XMLHttpRequest()
     20    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print', false)
     21    client.setRequestHeader('x-print', 'unicorn')
     22    client.send(null)
     23 
     24    res = JSON.parse(client.response)
     25    assert_equals(res['x-print'], 'unicorn')
     26 }, 'basic request header')
     27 
     28 test(function() {
     29    var client = new XMLHttpRequest()
     30    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print,', false)
     31    client.setRequestHeader('x-print', 'unicorn')
     32    client.setRequestHeader('content-type', 'text/plain')
     33    client.setRequestHeader('accept', 'test')
     34    client.setRequestHeader('accept-language', 'nn')
     35    client.setRequestHeader('content-language', 'nn')
     36    client.send(null)
     37 
     38    res = JSON.parse(client.response)
     39    assert_equals(res['x-print'], 'unicorn')
     40    assert_equals(res['content-type'], 'text/plain')
     41    assert_equals(res['accept'], 'test')
     42    assert_equals(res['accept-language'], 'nn')
     43    assert_equals(res['content-language'], 'nn')
     44 }, 'Simple request headers need not be in allow-headers')
     45 
     46 test(function() {
     47    var client = new XMLHttpRequest()
     48    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print', false)
     49    client.setRequestHeader('x-print', 'unicorn')
     50    client.setRequestHeader('y-print', 'unicorn')
     51    assert_throws_dom("NetworkError", function() { client.send(null) })
     52 }, 'Unspecified request headers are disallowed')
     53 
     54 test(function() {
     55    var client = new XMLHttpRequest()
     56    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
     57    client.setRequestHeader('x-print', 'unicorn')
     58    client.setRequestHeader('y-print', 'narwhal')
     59    client.send(null)
     60 
     61    res = JSON.parse(client.response)
     62    assert_equals(res['x-print'], 'unicorn')
     63    assert_equals(res['y-print'], 'narwhal')
     64 }, 'Strange allowheaders (case insensitive)')
     65 
     66 test(function() {
     67    var client = new XMLHttpRequest()
     68    assert_throws_dom('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
     69 },
     70 'INVALID_STATE_ERR on setRequestHeader before open()')
     71 
     72 test(function() {
     73    var client = new XMLHttpRequest()
     74    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
     75    client.send()
     76    assert_throws_dom('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
     77 },
     78 'INVALID_STATE_ERR on setRequestHeader after send()')
     79 
     80 </script>