test_CrossSiteXHR_origin.html

Enable keyboard shortcuts

<!DOCTYPE HTML>

<html>

<head>

  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">

  <title>Test for Cross Site XMLHttpRequest</title>

  <script src="/tests/SimpleTest/SimpleTest.js"></script>

  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />

</head>

<body>

<p id="display">

<iframe id=loader></iframe>

</p>

<div id="content" style="display: none">

</div>

<pre id="test">

<script class="testbody" type="application/javascript">

SimpleTest.waitForExplicitFinish();

SimpleTest.requestLongerTimeout(2);

var origins =

  [{ server: 'http://example.org' },

   { server: 'http://example.org:80',

     origin: 'http://example.org'

},

   { server: 'http://sub1.test1.example.org' },

   { server: 'http://test2.example.org:8000' },

   { server: 'http://sub1.\xe4lt.example.org:8000',

     origin: 'http://sub1.xn--lt-uia.example.org:8000'

},

   { server: 'http://sub2.\xe4lt.example.org',

     origin: 'http://sub2.xn--lt-uia.example.org'

},

   { server: 'http://ex\xe4mple.test',

     origin: 'http://xn--exmple-cua.test'

},

   { server: 'http://xn--exmple-cua.test' },

   { server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae',

     origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp'

},

   { origin: 'null',

     file: 'http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs'

},

];

   //['https://example.com:443'],

   //['https://sub1.test1.example.com:443'],

function initTest() {

  // Allow all cookies, then do the actual test initialization

  SpecialPowers.pushPrefEnv({

    "set": [

      // Some of this test relies on redirecting to data: URLs from http.

      ["network.allow_redirect_to_data", true],

  }).then(initTestCallback);

function initTestCallback() {

  window.addEventListener("message", function(e) {

    gen.next(e.data);

});

  gen = runTest();

  gen.next();

function* runTest() {

  var loader = document.getElementById('loader');

  var loaderWindow = loader.contentWindow;

  loader.onload = function () { gen.next() };

  // Test preflight-less requests

  basePath = "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?"

  baseURL = "http://mochi.test:8888" + basePath;

  for (originEntry of origins) {

    origin = originEntry.origin || originEntry.server;

    loader.src = originEntry.file ||

                 (originEntry.server + "/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html");

    yield undefined;

    var isNullOrigin = origin == "null";

    port = /:\d+/;

    passTests = [

      origin,

      "*",

      " \t " + origin + "\t \t",

      "\t \t* \t ",

];

    failTests = [

"",

      " ",

      port.test(origin) ? origin.replace(port, "")

                        : origin + ":1234",

      port.test(origin) ? origin.replace(port, ":")

                        : origin + ":",

      origin + ".",

      origin + "/",

      origin + "#",

      origin + "?",

      origin + "\\",

      origin + "%",

      origin + "@",

      origin + "/hello",

      "foo:bar@" + origin,

      "* " + origin,

      origin + " " + origin,

      "allow <" + origin + ">",

      "<" + origin + ">",

      "<*>",

      origin.substr(0, 5) == "https" ? origin.replace("https", "http")

                                     : origin.replace("http", "https"),

      origin.replace("://", "://www."),

      origin.replace("://", ":// "),

      origin.replace(/\/[^.]+\./, "/"),

];

    if (isNullOrigin) {

      passTests = ["*", "\t \t* \t ", "null"];

      failTests = failTests.filter(function(v) { return v != origin });

    for (allowOrigin of passTests) {

      req = {

        url: baseURL +

             "allowOrigin=" + escape(allowOrigin) +

             "&origin=" + escape(origin),

        method: "GET",

};

      loaderWindow.postMessage(JSON.stringify(req), isNullOrigin ? "*" : origin);

      res = JSON.parse(yield);

      is(res.didFail, false, "shouldn't have failed for " + allowOrigin);

      is(res.status, 200, "wrong status for " + allowOrigin);

      is(res.statusText, "OK", "wrong status text for " + allowOrigin);

      is(res.responseXML,

         "<res>hello pass</res>",

         "wrong responseXML in test for " + allowOrigin);

      is(res.responseText, "<res>hello pass</res>\n",

         "wrong responseText in test for " + allowOrigin);

      is(res.events.join(","),

         "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",

         "wrong responseText in test for " + allowOrigin);

    for (allowOrigin of failTests) {

      req = {

        url: baseURL + "allowOrigin=" + escape(allowOrigin),

        method: "GET",

};

      loaderWindow.postMessage(JSON.stringify(req), isNullOrigin ? "*" : origin);

      res = JSON.parse(yield);

      is(res.didFail, true, "should have failed for " + allowOrigin);

      is(res.responseText, "", "should have no text for " + allowOrigin);

      is(res.status, 0, "should have no status for " + allowOrigin);

      is(res.statusText, "", "wrong status text for " + allowOrigin);

      is(res.responseXML, null, "should have no XML for " + allowOrigin);

      is(res.events.join(","),

         "opening,rs1,sending,loadstart,rs4,error,loadend",

         "wrong events in test for " + allowOrigin);

      is(res.progressEvents, 0,

         "wrong events in test for " + allowOrigin);

  SimpleTest.finish();

addLoadEvent(initTest);

</script>

</pre>

</body>

</html>