Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

<!doctype html>
<html>
<head>
<title>XMLHttpRequest: send() - Redirect to CORS-enabled resource</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<div id="log"></div>
<script>
function extractBody(body) {
if (body === null) {
return { body: "", type: "NO" };
}
if (typeof body === "string") {
return { body: body, type: "text/plain;charset=UTF-8" };
}
if (body instanceof Uint8Array) {
const arr = Array.prototype.slice.call(body);
return { body: String.fromCharCode.apply(null, arr), type: "NO" }
}
return { body: "EXTRACT NOT IMPLEMENTED", type: "EXTRACT NOT IMPLEMENTED" }
}
function redirect(code, name = code, method = "GET", body = null, explicitType = null, safelistContentType = false) {
async_test(t => {
let { body: expectedBody, type: expectedType } = extractBody(body);
if (explicitType !== null) {
expectedType = explicitType;
}
let expectedMethod = method;
if (((code === "301" || code === "302") && method === "POST") || (code === "303" && method !== "GET" && method !== "HEAD")) {
expectedMethod = "GET";
expectedBody = "";
expectedType = "NO";
}
const client = new XMLHttpRequest();
client.onreadystatechange = t.step_func(() => {
if (client.readyState === 4) {
if ((expectedMethod === "GET" && expectedType === "NO") || explicitType !== "application/x-pony" || safelistContentType) {
assert_equals(client.status, 200);
assert_equals(client.getResponseHeader("x-request-method"), expectedMethod);
assert_equals(client.getResponseHeader("x-request-content-type"), expectedType);
assert_equals(client.getResponseHeader("x-request-data"), expectedBody);
} else {
// "application/x-pony" is not safelisted by corsenabled.py -> network error
assert_equals(client.status, 0);
assert_equals(client.statusText, "");
assert_equals(client.responseText, "");
assert_equals(client.responseXML, null);
}
t.done();
}
});
let safelist = "";
if (safelistContentType) {
safelist = "?safelist_content_type";
}
client.open(method, "resources/redirect.py?location="+encodeURIComponent("http://www2."+location.host+(location.pathname.replace(/[^\/]+$/, ''))+'resources/corsenabled.py')+safelist+"&code=" + code);
if (explicitType !== null) {
client.setRequestHeader("Content-Type", explicitType);
}
client.send(body);
}, document.title + " (" + name + ")");
}
// corsenabled.py safelists methods GET, POST, PUT, and FOO
redirect("301")
redirect("301", "301 GET with explicit Content-Type", "GET", null, "application/x-pony")
redirect("301", "301 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true)
redirect("303", "303 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true)
redirect("302")
redirect("303")
redirect("302", "302 FOO with string and explicit Content-Type safelisted", "FOO", "test", "application/x-pony", true)
redirect("303", "303 FOO with string and explicit Content-Type safelisted", "FOO", "test", "application/x-pony", true)
redirect("307")
redirect("307", "307 post with null", "POST", null)
redirect("307", "307 post with string", "POST", "hello")
redirect("307", "307 post with typed array", "POST", new Uint8Array([65, 66, 67]))
redirect("301", "301 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
redirect("301", "301 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/x-pony", true)
redirect("302", "302 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
redirect("307", "307 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
redirect("307", "307 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
redirect("308", "308 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
redirect("308", "308 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
redirect("308", "308 FOO with string and explicit Content-Type text/plain", "FOO", "yoyo", "text/plain")
redirect("308", "308 FOO with string and explicit Content-Type multipart/form-data", "FOO", "yoyo", "multipart/form-data")
redirect("308", "308 FOO with string and explicit Content-Type safelisted", "FOO", "yoyo", "application/thunderstorm", true)
redirect("307", "307 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/thunderstorm", true)
</script>
</body>
</html>