response-headers.htm (4040B)
1 <!DOCTYPE html> 2 <meta charset=utf-8> 3 <title>CORS - Response headers</title> 4 <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com"> 5 6 <script src=/resources/testharness.js></script> 7 <script src=/resources/testharnessreport.js></script> 8 <script src=support.js?pipe=sub></script> 9 10 <h1>Response headers</h1> 11 <div id=log></div> 12 <script> 13 14 /* 15 * Response Headers 16 */ 17 18 function check_response_header(head, value, desc) { 19 test(function() { 20 var client = new XMLHttpRequest() 21 client.open('GET', CROSSDOMAIN + 'resources/cors-headers.asis', false) 22 client.send(null) 23 24 if (typeof value === 'function') 25 value(client, head) 26 else 27 assert_equals(client.getResponseHeader(head), value, head) 28 }, 29 desc) 30 } 31 check_response_header('X-Custom-Header-Comma', '1, 2', 'getResponseHeader: Expose Access-Control-Expose-Headers (x-custom-header-comma)') 32 check_response_header('X-Second-Expose', 'flyingpig', 'getResponseHeader: Expose second Access-Control-Expose-Headers (x-second-expose)') 33 check_response_header(' x-custom-header', null, 'getResponseHeader: Don\'t trim whitespace') 34 check_response_header('x-custom-header-bytes', "\xE2\x80\xA6", 'getResponseHeader: x-custom-header bytes') 35 check_response_header('Date', 36 function(client, head) { assert_true(client.getResponseHeader(head).length > 2) }, 37 'getResponseHeader: Exposed server field readable (Date)') 38 39 function default_readable(head, value) { 40 check_response_header(head, value, 'getResponseHeader: '+head+': readable by default') 41 } 42 default_readable("Cache-Control", "no-cache"); 43 default_readable("Content-Language", "nn"); 44 default_readable("Expires", "Thu, 01 Dec 1994 16:00:00 GMT"); 45 default_readable("Last-Modified", "Thu, 01 Dec 1994 10:00:00 GMT"); 46 default_readable("Pragma", "no-cache"); 47 default_readable("Content-Length", "4"); 48 default_readable("Content-Type", "text/plain"); 49 50 51 function default_unreadable(head) { 52 check_response_header(head, null, 'getResponseHeader: '+head+': unreadable by default') 53 } 54 default_unreadable("Server") 55 default_unreadable("X-Powered-By") 56 57 58 async_test("getResponseHeader: Combined testing of cors response headers") 59 .step(function() 60 { 61 var client = new XMLHttpRequest(); 62 client.open("GET", CROSSDOMAIN + 'resources/cors-headers.asis') 63 window.c=client; 64 client.onreadystatechange = this.step_func(function() 65 { 66 if (client.readyState == 1) 67 { 68 assert_equals(client.getResponseHeader("x-custom-header"), null, 'x-custom-header') 69 } 70 if (client.readyState > 1) 71 { 72 assert_equals(client.getResponseHeader("x-custom-header"), "test, test", 'x-custom-header') 73 assert_equals(client.getResponseHeader("x-custom-header-empty"), "", 'x-custom-header-empty') 74 assert_equals(client.getResponseHeader("set-cookie"), null) 75 assert_equals(client.getResponseHeader("set-cookie2"), null) 76 assert_equals(client.getResponseHeader("x-non-existent-header"), null) 77 assert_equals(client.getResponseHeader("x-nonexposed"), null) 78 } 79 if (client.readyState == 4) 80 { 81 this.done() 82 } 83 }) 84 client.send() 85 }) 86 87 test(function() { 88 var client = new XMLHttpRequest() 89 client.open('GET', CROSSDOMAIN + 'resources/cors-headers.asis', false) 90 client.send(null) 91 assert_equals(client.getResponseHeader("x-custom-header"), "test, test", 'x-custom-header') 92 assert_equals(client.getResponseHeader("x-nonexposed"), null, 'x-nonexposed') 93 }, "getResponse: don't expose x-nonexposed") 94 95 test(function() { 96 var client = new XMLHttpRequest() 97 client.open('GET', CROSSDOMAIN + 'resources/cors-headers.asis', false) 98 client.send(null) 99 100 h = client.getAllResponseHeaders().toLowerCase() 101 assert_true( h.indexOf('x-custom-header') >= 0, 'x-custom-header present') 102 assert_true( h.indexOf('x-nonexposed') === -1, 'x-nonexposed not present') 103 }, "getAllResponseHeaders: don't expose x-nonexposed") 104 105 </script>