[ tor-browser ].git.dasho

cors-expose-star.sub.any.js (2254B)
      1 // META: script=../fetch/api/resources/utils.js
      2 
      3 const url = "http://{{host}}:{{ports[http][1]}}" + dirname(location.pathname) + "resources/top.txt",
      4      sharedHeaders = "?pipe=header(Access-Control-Expose-Headers,*)|header(Test,X)|header(*,whoa)|"
      5 
      6 async_test(function() {
      7  const headers = "header(Access-Control-Allow-Origin,*)"
      8  var client = new XMLHttpRequest();
      9  client.open("GET", url + sharedHeaders + headers);
     10  client.send();
     11  client.onreadystatechange = this.step_func(function () {
     12    if (this.readyState == this.HEADERS_RECEIVED) {
     13      assert_equals(client.getResponseHeader("test"), "X");
     14      assert_equals(client.getResponseHeader("set-cookie"), null);
     15      assert_equals(client.getResponseHeader("*"), "whoa");
     16      this.done();
     17    }
     18  });
     19 }, "Basic Access-Control-Expose-Headers: * support")
     20 
     21 async_test(function() {
     22  const origin = location.origin, // assuming an ASCII origin
     23        headers = "header(Access-Control-Allow-Origin," + origin + ")|header(Access-Control-Allow-Credentials,true)"
     24  var client = new XMLHttpRequest();
     25  client.open("GET", url + sharedHeaders + headers);
     26  client.withCredentials = true;
     27  client.send();
     28  client.onreadystatechange = this.step_func(function () {
     29    if (this.readyState == this.HEADERS_RECEIVED) {
     30      assert_equals(client.getResponseHeader("content-type"), "text/plain"); // safelisted
     31      assert_equals(client.getResponseHeader("test"), null);
     32      assert_equals(client.getResponseHeader("set-cookie"), null);
     33      assert_equals(client.getResponseHeader("*"), "whoa");
     34      this.done();
     35    }
     36  });
     37 }, "* for credentialed fetches only matches literally")
     38 
     39 async_test(function() {
     40  const headers =  "header(Access-Control-Allow-Origin,*)|header(Access-Control-Expose-Headers,set-cookie\\,*)"
     41  var client = new XMLHttpRequest();
     42  client.open("GET", url + sharedHeaders + headers);
     43  client.send();
     44  client.onreadystatechange = this.step_func(function () {
     45    if (this.readyState == this.HEADERS_RECEIVED) {
     46      assert_equals(client.getResponseHeader("test"), "X");
     47      assert_equals(client.getResponseHeader("set-cookie"), null);
     48      assert_equals(client.getResponseHeader("*"), "whoa");
     49      this.done();
     50    }
     51  });
     52 }, "* can be one of several values")
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE