| <!doctype html> |
| <html> |
| <head> |
| <title>XMLHttpRequest: send() - Redirect to CORS-enabled resource</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <div id="log"></div> |
| <script> |
| function extractBody(body) { |
| if (body === null) { |
| return { body: "", type: "NO" }; |
| } |
| if (typeof body == "string") { |
| return { body: body, type: "text/plain;charset=UTF-8" }; |
| } |
| if (body instanceof Uint8Array) { |
| var arr = Array.prototype.slice.call(body); |
| return { body: String.fromCharCode.apply(null, arr), type: "NO" } |
| } |
| return { body: "EXTRACT NOT IMPLEMENTED", type: "EXTRACT NOT IMPLEMENTED" } |
| } |
| |
| function redirect(code, name = code, method = "GET", body = null, explicitType = null, safelistContentType = false) { |
| async_test(t => { |
| var client = new XMLHttpRequest() |
| client.onreadystatechange = t.step_func(() => { |
| if (client.readyState == 4) { |
| if (explicitType !== "application/x-pony" || safelistContentType) { |
| var { body: expectedBody, type: expectedType } = extractBody(body); |
| if (explicitType !== null) { |
| expectedType = explicitType |
| } |
| if (((code === "301" || code === "302") && method === "POST") || code === "303") { |
| method = "GET" |
| expectedBody = "" |
| } |
| assert_equals(client.status, 200); |
| assert_equals(client.getResponseHeader("x-request-method"), method); |
| assert_equals(client.getResponseHeader("x-request-content-type"), expectedType); |
| assert_equals(client.getResponseHeader("x-request-data"), expectedBody); |
| } else { |
| // "application/x-pony" is not safelisted by corsenabled.py -> network error |
| assert_equals(client.status, 0) |
| assert_equals(client.statusText, "") |
| assert_equals(client.responseText, "") |
| assert_equals(client.responseXML, null) |
| } |
| t.done(); |
| } |
| }) |
| let safelist = "" |
| if (safelistContentType) { |
| safelist = "?safelist_content_type" |
| } |
| client.open(method, "resources/redirect.py?location="+encodeURIComponent("http://www2."+location.host+(location.pathname.replace(/[^\/]+$/, ''))+'resources/corsenabled.py')+safelist+"&code=" + code) |
| if (explicitType !== null) { |
| client.setRequestHeader("Content-Type", explicitType) |
| } |
| client.send(body) |
| }, document.title + " (" + name + ")") |
| } |
| redirect("301") |
| redirect("301", "301 GET with explicit Content-Type", "GET", null, "application/x-pony") |
| redirect("301", "301 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true) |
| redirect("302") |
| redirect("303") |
| // The following disabled subtests except for the second one all use special |
| // request methods for which Cobalt specifically disallows. |
| // redirect("303", "303 LALA with string and explicit Content-Type safelisted", "LALA", "test", "application/x-pony", true) |
| redirect("307") |
| redirect("307", "307 post with null", "POST", null) |
| redirect("307", "307 post with string", "POST", "hello") |
| redirect("307", "307 post with typed array", "POST", new Uint8Array([65, 66, 67])) |
| redirect("301", "301 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| // This test is a special use case under which we handle differently from spec. |
| // redirect("301", "301 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/x-pony", true) |
| redirect("302", "302 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| redirect("307", "307 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| // redirect("307", "307 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony") |
| redirect("308", "308 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| // redirect("308", "308 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony") |
| // redirect("308", "308 FOO with string and explicit Content-Type text/plain", "FOO", "yoyo", "text/plain") |
| // redirect("308", "308 FOO with string and explicit Content-Type multipart/form-data", "FOO", "yoyo", "multipart/form-data") |
| // redirect("308", "308 FOO with string and explicit Content-Type safelisted", "FOO", "yoyo", "application/thunderstorm", true) |
| redirect("307", "307 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/thunderstorm", true) |
| </script> |
| </body> |
| </html> |