tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

fetch-request-xhr-iframe.https.html (6789B)


      1 <script src="/common/get-host-info.sub.js"></script>
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/test-helpers.sub.js?pipe=sub"></script>
      4 <script>
      5 var host_info = get_host_info();
      6 
      7 function get_boundary(headers) {
      8  var reg = new RegExp('multipart\/form-data; boundary=(.*)');
      9  for (var i = 0; i < headers.length; ++i) {
     10    if (headers[i][0] != 'content-type') {
     11      continue;
     12    }
     13    var regResult = reg.exec(headers[i][1]);
     14    if (!regResult) {
     15      continue;
     16    }
     17    return regResult[1];
     18  }
     19  return '';
     20 }
     21 
     22 function xhr_send(url_base, method, data, with_credentials) {
     23  return new Promise(function(resolve, reject) {
     24      var xhr = new XMLHttpRequest();
     25      xhr.onload = function() {
     26        resolve(JSON.parse(xhr.response));
     27      };
     28      xhr.onerror = function() {
     29        reject('XHR should succeed.');
     30      };
     31      xhr.responseType = 'text';
     32      if (with_credentials) {
     33        xhr.withCredentials = true;
     34      }
     35      xhr.open(method, url_base + '/sample?test', true);
     36      xhr.send(data);
     37    });
     38 }
     39 
     40 function get_sorted_header_name_list(headers) {
     41  var header_names = [];
     42  var idx, name;
     43 
     44  for (idx = 0; idx < headers.length; ++idx) {
     45    name = headers[idx][0];
     46    // The `Accept-Language` header is optional; its presence should not
     47    // influence test results.
     48    //
     49    // > 4. If request’s header list does not contain `Accept-Language`, user
     50    // >    agents should append `Accept-Language`/an appropriate value to
     51    // >    request's header list.
     52    //
     53    // https://fetch.spec.whatwg.org/#fetching
     54    if (name === 'accept-language') {
     55      continue;
     56    }
     57 
     58    header_names.push(name);
     59  }
     60  header_names.sort();
     61  return header_names;
     62 }
     63 
     64 function get_header_test() {
     65  return xhr_send(host_info['HTTPS_ORIGIN'], 'GET', '', false)
     66    .then(function(response) {
     67        assert_array_equals(
     68          get_sorted_header_name_list(response.headers),
     69          ["accept"],
     70          'event.request has the expected headers for same-origin GET.');
     71      });
     72 }
     73 
     74 function post_header_test() {
     75  return xhr_send(host_info['HTTPS_ORIGIN'], 'POST', '', false)
     76    .then(function(response) {
     77        assert_array_equals(
     78          get_sorted_header_name_list(response.headers),
     79          ["accept", "content-type"],
     80          'event.request has the expected headers for same-origin POST.');
     81      });
     82 }
     83 
     84 function cross_origin_get_header_test() {
     85  return xhr_send(host_info['HTTPS_REMOTE_ORIGIN'], 'GET', '', false)
     86    .then(function(response) {
     87        assert_array_equals(
     88          get_sorted_header_name_list(response.headers),
     89          ["accept"],
     90          'event.request has the expected headers for cross-origin GET.');
     91      });
     92 }
     93 
     94 function cross_origin_post_header_test() {
     95  return xhr_send(host_info['HTTPS_REMOTE_ORIGIN'], 'POST', '', false)
     96    .then(function(response) {
     97        assert_array_equals(
     98          get_sorted_header_name_list(response.headers),
     99          ["accept", "content-type"],
    100          'event.request has the expected headers for cross-origin POST.');
    101      });
    102 }
    103 
    104 function string_test() {
    105  return xhr_send(host_info['HTTPS_ORIGIN'], 'POST', 'test string', false)
    106    .then(function(response) {
    107        assert_equals(response.method, 'POST');
    108        assert_equals(response.body, 'test string');
    109      });
    110 }
    111 
    112 function blob_test() {
    113  return xhr_send(host_info['HTTPS_ORIGIN'], 'POST', new Blob(['test blob']),
    114                  false)
    115    .then(function(response) {
    116        assert_equals(response.method, 'POST');
    117        assert_equals(response.body, 'test blob');
    118      });
    119 }
    120 
    121 function custom_method_test() {
    122  return xhr_send(host_info['HTTPS_ORIGIN'], 'XXX', 'test string xxx', false)
    123    .then(function(response) {
    124        assert_equals(response.method, 'XXX');
    125        assert_equals(response.body, 'test string xxx');
    126      });
    127 }
    128 
    129 function options_method_test() {
    130  return xhr_send(host_info['HTTPS_ORIGIN'], 'OPTIONS', 'test string xxx', false)
    131    .then(function(response) {
    132        assert_equals(response.method, 'OPTIONS');
    133        assert_equals(response.body, 'test string xxx');
    134      });
    135 }
    136 
    137 function form_data_test() {
    138    var formData = new FormData();
    139    formData.append('sample string', '1234567890');
    140    formData.append('sample blob', new Blob(['blob content']));
    141    formData.append('sample file', new File(['file content'], 'file.dat'));
    142    return xhr_send(host_info['HTTPS_ORIGIN'], 'POST', formData, false)
    143    .then(function(response) {
    144        assert_equals(response.method, 'POST');
    145        var boundary = get_boundary(response.headers);
    146        var expected_body =
    147          '--' + boundary + '\r\n' +
    148          'Content-Disposition: form-data; name="sample string"\r\n' +
    149          '\r\n' +
    150          '1234567890\r\n' +
    151          '--' + boundary + '\r\n' +
    152          'Content-Disposition: form-data; name="sample blob"; ' +
    153          'filename="blob"\r\n' +
    154          'Content-Type: application/octet-stream\r\n' +
    155          '\r\n' +
    156          'blob content\r\n' +
    157          '--' + boundary + '\r\n' +
    158          'Content-Disposition: form-data; name="sample file"; ' +
    159          'filename="file.dat"\r\n' +
    160          'Content-Type: application/octet-stream\r\n' +
    161          '\r\n' +
    162          'file content\r\n' +
    163          '--' + boundary + '--\r\n';
    164        assert_equals(response.body, expected_body, "form data response content is as expected");
    165      });
    166 }
    167 
    168 function mode_credentials_test() {
    169  return xhr_send(host_info['HTTPS_ORIGIN'], 'GET', '', false)
    170    .then(function(response){
    171        assert_equals(response.mode, 'cors');
    172        assert_equals(response.credentials, 'same-origin');
    173        return xhr_send(host_info['HTTPS_ORIGIN'], 'GET', '', true);
    174      })
    175    .then(function(response){
    176        assert_equals(response.mode, 'cors');
    177        assert_equals(response.credentials, 'include');
    178        return xhr_send(host_info['HTTPS_REMOTE_ORIGIN'], 'GET', '', false);
    179      })
    180    .then(function(response){
    181        assert_equals(response.mode, 'cors');
    182        assert_equals(response.credentials, 'same-origin');
    183        return xhr_send(host_info['HTTPS_REMOTE_ORIGIN'], 'GET', '', true);
    184      })
    185    .then(function(response){
    186        assert_equals(response.mode, 'cors');
    187        assert_equals(response.credentials, 'include');
    188      });
    189 }
    190 
    191 function data_url_test() {
    192  return new Promise(function(resolve, reject) {
    193        var xhr = new XMLHttpRequest();
    194        xhr.onload = function() {
    195          resolve(xhr.response);
    196        };
    197        xhr.onerror = function() {
    198          reject('XHR should succeed.');
    199        };
    200        xhr.responseType = 'text';
    201        xhr.open('GET', 'data:text/html,Foobar', true);
    202        xhr.send();
    203      })
    204    .then(function(data) {
    205        assert_equals(data, 'Foobar');
    206      });
    207 }
    208 </script>