From 146779af2f6cc79eb4d02e351e068824aca3a2ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fernando=20Jim=C3=A9nez=20Moreno?= Date: Sat, 11 Mar 2017 13:09:50 +0100 Subject: [PATCH] Use async XHR and test that non-2XX preflight responses raise errors --- cors/preflight-failure.htm | 54 ++++++++++++++++++++++++++++++ cors/redirect-preflight.htm | 67 +++++++++++-------------------------- 2 files changed, 74 insertions(+), 47 deletions(-) create mode 100644 cors/preflight-failure.htm diff --git a/cors/preflight-failure.htm b/cors/preflight-failure.htm new file mode 100644 index 00000000000000..28caa152b578d9 --- /dev/null +++ b/cors/preflight-failure.htm @@ -0,0 +1,54 @@ + + +CORS - Preflight responds with non-2XX status code + + + + + + +

Preflight responds with non-2XX status code

+ +
+ diff --git a/cors/redirect-preflight.htm b/cors/redirect-preflight.htm index 60328003981bf4..ff64284e90d7a9 100644 --- a/cors/redirect-preflight.htm +++ b/cors/redirect-preflight.htm @@ -19,56 +19,29 @@

Redirect with preflight

var CROSSDOMAIN_URL = CROSSDOMAIN + 'resources/cors-makeheader.py?'; -/* - * Redirection with preflights. - */ -function redir_preflight(code) { - test(function() { - var client = new XMLHttpRequest(); - var redirect = - encodeURIComponent(CROSSDOMAIN_URL + 'headers=x-test&' + req_c++); - - client.open('GET', - CROSSDOMAIN_URL + 'headers=x-test&location=' + redirect - + '&code=' + code + '&preflight=' + code - + '&' + req_c++, - false); - client.setRequestHeader('x-test', 'test'); - assert_throws(null, function() { client.send(null) }); - - }, 'Redirect ' + code + ' on preflight'); -} -redir_preflight(301); -redir_preflight(302); -redir_preflight(303); -redir_preflight(307); -redir_preflight(308); - /* * Redirection after successfull (200) preflight. */ -function redir_after_preflight(code) { - test(function() { - var client = new XMLHttpRequest(); - var redirect = encodeURIComponent( - CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++ - ); - - client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?' - + 'preflight=200&headers=x-test&location=' - + redirect + '&code=' + code + '&' + req_c++, - false); - client.setRequestHeader('x-test', 'test'); - client.send(null); - assert_equals(client.status, 200, "Successfull redirect"); - - }, - 'Allow redirect ' + code + ' after succesful (200) preflight'); +function redir_after_successfull_preflight(code) { + var desc = 'Should allow redirect ' + code + ' after succesful (200) preflight'; + async_test(desc).step(function() { + var client = new XMLHttpRequest(); + var redirect = encodeURIComponent( + CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++ + ); + + client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?' + + 'preflight=200&headers=x-test&location=' + + redirect + '&code=' + code + '&' + req_c++, + true /* async */); + client.setRequestHeader('x-test', 'test'); + client.onreadystatechange = this.step_func(function() { + assert_equals(client.status, 200, 'Successfull redirect'); + this.done(); + }); + client.send(null); + }); } -redir_after_preflight(301); -redir_after_preflight(302); -redir_after_preflight(303); -redir_after_preflight(307); -redir_after_preflight(308); +[301, 302, 303, 307, 308].forEach(redir_after_successfull_preflight);