blob: 5bd0c7bb25ff82e8efd0a38df422196fab2d5e3c [file] [log] [blame]
<!doctype html>
<html>
<head>
<title>XMLHttpRequest: send() - Redirect to CORS-enabled resource</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<div id="log"></div>
<script>
function extractBody(body) {
if (body === null) {
return { body: "", type: "NO" };
}
if (typeof body == "string") {
return { body: body, type: "text/plain;charset=UTF-8" };
}
if (body instanceof Uint8Array) {
var arr = Array.prototype.slice.call(body);
return { body: String.fromCharCode.apply(null, arr), type: "NO" }
}
return { body: "EXTRACT NOT IMPLEMENTED", type: "EXTRACT NOT IMPLEMENTED" }
}
function redirect(code, name = code, method = "GET", body = null, explicitType = null, safelistContentType = false) {
async_test(t => {
var client = new XMLHttpRequest()
client.onreadystatechange = t.step_func(() => {
if (client.readyState == 4) {
if (explicitType !== "application/x-pony" || safelistContentType) {
var { body: expectedBody, type: expectedType } = extractBody(body);
if (explicitType !== null) {
expectedType = explicitType
}
if (((code === "301" || code === "302") && method === "POST") || code === "303") {
method = "GET"
expectedBody = ""
}
assert_equals(client.status, 200);
assert_equals(client.getResponseHeader("x-request-method"), method);
assert_equals(client.getResponseHeader("x-request-content-type"), expectedType);
assert_equals(client.getResponseHeader("x-request-data"), expectedBody);
} else {
// "application/x-pony" is not safelisted by corsenabled.py -> network error
assert_equals(client.status, 0)
assert_equals(client.statusText, "")
assert_equals(client.responseText, "")
assert_equals(client.responseXML, null)
}
t.done();
}
})
let safelist = ""
if (safelistContentType) {
safelist = "?safelist_content_type"
}
client.open(method, "resources/redirect.py?location="+encodeURIComponent("http://www2."+location.host+(location.pathname.replace(/[^\/]+$/, ''))+'resources/corsenabled.py')+safelist+"&code=" + code)
if (explicitType !== null) {
client.setRequestHeader("Content-Type", explicitType)
}
client.send(body)
}, document.title + " (" + name + ")")
}
redirect("301")
redirect("301", "301 GET with explicit Content-Type", "GET", null, "application/x-pony")
redirect("301", "301 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true)
redirect("302")
redirect("303")
// The following disabled subtests except for the second one all use special
// request methods for which Cobalt specifically disallows.
// redirect("303", "303 LALA with string and explicit Content-Type safelisted", "LALA", "test", "application/x-pony", true)
redirect("307")
redirect("307", "307 post with null", "POST", null)
redirect("307", "307 post with string", "POST", "hello")
redirect("307", "307 post with typed array", "POST", new Uint8Array([65, 66, 67]))
redirect("301", "301 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
// This test is a special use case under which we handle differently from spec.
// redirect("301", "301 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/x-pony", true)
redirect("302", "302 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
redirect("307", "307 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
// redirect("307", "307 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
redirect("308", "308 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
// redirect("308", "308 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
// redirect("308", "308 FOO with string and explicit Content-Type text/plain", "FOO", "yoyo", "text/plain")
// redirect("308", "308 FOO with string and explicit Content-Type multipart/form-data", "FOO", "yoyo", "multipart/form-data")
// redirect("308", "308 FOO with string and explicit Content-Type safelisted", "FOO", "yoyo", "application/thunderstorm", true)
redirect("307", "307 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/thunderstorm", true)
</script>
</body>
</html>