From 0508311dd5d080d6869c9fe070127c501fadf74c Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 27 Mar 2017 18:23:00 +0200
Subject: [PATCH] CORS: change userinfo tests due to URL parser changes (#5121)

In particular empty string password is now the same as not having a
password.
---
 cors/redirect-userinfo.htm | 31 ++++++++++---------------------
 1 file changed, 10 insertions(+), 21 deletions(-)

diff --git a/cors/redirect-userinfo.htm b/cors/redirect-userinfo.htm
index 1775d30dfb1250..fd3864d2497a67 100644
--- a/cors/redirect-userinfo.htm
+++ b/cors/redirect-userinfo.htm
@@ -16,27 +16,27 @@ <h1>CORS userinfo redirect handling</h1>
     // Test count for cache busting and easy identifying of request in traffic analyzer
     var num_test = 0
 
-    shouldFail("Disallow redirect with userinfo (//user:pass@)", [
+    shouldFail("Disallow redirect with userinfo (user:pass@)", [
                     CROSSDOMAIN + "resources/cors-makeheader.py?",
                     CROSSDOMAIN.replace("http://", "http://test:test@") + "resources/cors-makeheader.py?"]);
 
-    shouldFail("Disallow redirect with userinfo (//user:@)", [
+    shouldFail("Disallow redirect with userinfo (user:@)", [
                     CROSSDOMAIN + "resources/cors-makeheader.py?",
                     CROSSDOMAIN.replace("http://", "http://user:@") + "resources/cors-makeheader.py?"]);
 
-    shouldFail("Disallow redirect with userinfo (//user@)", [
+    shouldFail("Disallow redirect with userinfo (user@)", [
                     CROSSDOMAIN + "resources/cors-makeheader.py?",
                     CROSSDOMAIN.replace("http://", "http://user:@") + "resources/cors-makeheader.py?"]);
 
-    shouldFail("Disallow redirect with userinfo (//:@)", [
+    shouldPass("Allow redirect without userinfo (:@ is trimmed during URL parsing)", [
                     CROSSDOMAIN + "resources/cors-makeheader.py?",
                     CROSSDOMAIN.replace("http://", "http://:@") + "resources/cors-makeheader.py?"]);
 
-    shouldFail("Disallow redirect with userinfo (//:pass@)", [
+    shouldFail("Disallow redirect with userinfo (:pass@)", [
                     CROSSDOMAIN + "resources/cors-makeheader.py?",
                     CROSSDOMAIN.replace("http://", "http://:pass@") + "resources/cors-makeheader.py?"]);
 
-    shouldPass("Allow redirect with userinfo (//@)", [
+    shouldPass("Allow redirect without userinfo (@ is trimmed during URL parsing)", [
                     CROSSDOMAIN + "resources/cors-makeheader.py?",
                     CROSSDOMAIN.replace("http://", "http://@") + "resources/cors-makeheader.py?"]);
 
@@ -51,12 +51,8 @@ <h1>CORS userinfo redirect handling</h1>
 
             client.open('GET', buildURL(urls, test_id));
 
-            client.onload = t.step_func(function() {
-                assert_false(!!client.response, "Got response");
-            });
-            client.onerror = t.step_func(function(e) {
-                t.done();
-            });
+            client.onload = t.unreached_func();
+            client.onerror = t.step_func_done();
 
             client.send(null)
         });
@@ -73,14 +69,11 @@ <h1>CORS userinfo redirect handling</h1>
 
             client.open('GET', buildURL(urls, test_id));
 
-            client.onreadystatechange = t.step_func(function() {
-                if (client.readyState != client.DONE)
-                    return;
-                assert_true(!!client.response, "Got response");
+            client.onload = t.step_func_done(function() {
                 r = JSON.parse(client.response)
                 assert_equals(r['get_value'], 'last', 'get_value')
-                t.done();
             });
+            client.onerror = t.unreached_func()
             client.send(null)
         });
     }
@@ -88,10 +81,6 @@ <h1>CORS userinfo redirect handling</h1>
     function buildURL(urls, id) {
         var tmp_url;
 
-        if (typeof(urls) == "string") {
-            return urls + "&" + id + "_0";
-        }
-
         for (var i = urls.length; i--; ) {
             if (!tmp_url)
             {