| <!DOCTYPE html> |
| <meta charset=utf-8> |
| <title>CORS - request headers - Access-Control-Allow-Headers</title> |
| <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com"> |
| |
| <script src=/resources/testharness.js></script> |
| <script src=/resources/testharnessreport.js></script> |
| <script src=support.js?pipe=sub></script> |
| |
| <h1>Request headers</h1> |
| <div id=log></div> |
| <script> |
| |
| /* |
| * Request Headers |
| */ |
| |
| async_test(function() { |
| var client = new XMLHttpRequest() |
| client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print', true) |
| client.setRequestHeader('x-print', 'unicorn') |
| client.onload = this.step_func(function(e){ |
| res = JSON.parse(client.response) |
| assert_equals(res['x-print'], 'unicorn') |
| this.done() |
| }) |
| client.onerror = this.step_func(function(e){ |
| assert_unreached("should succeed") |
| }) |
| client.send(null) |
| |
| }, 'basic request header') |
| |
| async_test(function() { |
| var client = new XMLHttpRequest() |
| client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print,', true) |
| client.setRequestHeader('x-print', 'unicorn') |
| client.setRequestHeader('content-type', 'text/plain') |
| client.setRequestHeader('accept', 'test') |
| client.setRequestHeader('accept-language', 'nn') |
| client.setRequestHeader('content-language', 'nn') |
| client.onload = this.step_func(function(e){ |
| res = JSON.parse(client.response) |
| assert_equals(res['x-print'], 'unicorn') |
| assert_equals(res['content-type'], 'text/plain') |
| assert_equals(res['accept'], 'test') |
| assert_equals(res['accept-language'], 'nn') |
| assert_equals(res['content-language'], 'nn') |
| this.done() |
| }) |
| client.onerror = this.step_func(function(e){ |
| assert_unreached("should succeed") |
| }) |
| client.send(null) |
| }, 'Simple request headers need not be in allow-headers') |
| |
| async_test(function() { |
| var client = new XMLHttpRequest() |
| client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print', true) |
| client.setRequestHeader('x-print', 'unicorn') |
| client.setRequestHeader('y-print', 'unicorn') |
| client.onerror = this.step_func(function(e){ |
| this.done() |
| }) |
| client.onload = this.step_func(function(e){ |
| assert_unreached("should not succeed") |
| }) |
| client.send() |
| }, 'Unspecified request headers are disallowed') |
| |
| async_test(function() { |
| var client = new XMLHttpRequest() |
| client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', true) |
| client.setRequestHeader('x-print', 'unicorn') |
| client.setRequestHeader('y-print', 'narwhal') |
| client.onload = this.step_func(function(e){ |
| res = JSON.parse(client.response) |
| assert_equals(res['x-print'], 'unicorn') |
| assert_equals(res['y-print'], 'narwhal') |
| this.done() |
| }) |
| client.onerror = this.step_func(function(e){ |
| assert_unreached("should succeed") |
| }) |
| client.send(null) |
| |
| }, 'Strange allowheaders (case insensitive)') |
| |
| test(function() { |
| var client = new XMLHttpRequest() |
| assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') }) |
| }, |
| 'INVALID_STATE_ERR on setRequestHeader before open()') |
| |
| test(function() { |
| var client = new XMLHttpRequest() |
| client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', true) |
| client.send() |
| assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') }) |
| }, |
| 'INVALID_STATE_ERR on setRequestHeader after send()') |
| |
| </script> |