third_party/web_platform_tests/XMLHttpRequest/cobalt_trunk_send-redirect-to-cors.htm - cobalt - Git at Google

 <!doctype html>
 <html>
   <head>
     <title>XMLHttpRequest: send() - Redirect to CORS-enabled resource</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
   </head>
   <body>
     <div id="log"></div>
     <script>
       function extractBody(body) {
         if (body === null) {
           return { body: "", type: "NO" };
         }
         if (typeof body == "string") {
           return { body: body, type: "text/plain;charset=UTF-8" };
         }
         if (body instanceof Uint8Array) {
           var arr = Array.prototype.slice.call(body);
           return { body: String.fromCharCode.apply(null, arr), type: "NO" }
         }
         return { body: "EXTRACT NOT IMPLEMENTED", type: "EXTRACT NOT IMPLEMENTED" }
       }

       function redirect(code, name = code, method = "GET", body = null, explicitType = null, safelistContentType = false) {
         async_test(t => {
           var client = new XMLHttpRequest()
           client.onreadystatechange = t.step_func(() => {
             if (client.readyState == 4) {
               if (explicitType !== "application/x-pony" || safelistContentType) {
                 var { body: expectedBody, type: expectedType } = extractBody(body);
                 if (explicitType !== null) {
                   expectedType = explicitType
                 }
                 if (((code === "301" || code === "302") && method === "POST") || code === "303") {
                   method = "GET"
                   expectedBody = ""
                 }
                 assert_equals(client.status, 200);
                 assert_equals(client.getResponseHeader("x-request-method"), method);
                 assert_equals(client.getResponseHeader("x-request-content-type"), expectedType);
                 assert_equals(client.getResponseHeader("x-request-data"), expectedBody);
               } else {
                 // "application/x-pony" is not safelisted by corsenabled.py -> network error
                 assert_equals(client.status, 0)
                 assert_equals(client.statusText, "")
                 assert_equals(client.responseText, "")
                 assert_equals(client.responseXML, null)
               }
               t.done();
             }
           })
           let safelist = ""
           if (safelistContentType) {
             safelist = "?safelist_content_type"
           }
           client.open(method, "resources/redirect.py?location="+encodeURIComponent("http://www2."+location.host+(location.pathname.replace(/[^\/]+$/, ''))+'resources/corsenabled.py')+safelist+"&code=" + code)
           if (explicitType !== null) {
             client.setRequestHeader("Content-Type", explicitType)
           }
           client.send(body)
         }, document.title + " (" + name + ")")
       }
       redirect("301")
       redirect("301", "301 GET with explicit Content-Type", "GET", null, "application/x-pony")
       redirect("301", "301 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true)
       redirect("302")
       redirect("303")
       // The following disabled subtests except for the second one all use special
       // request methods for which Cobalt specifically disallows.
       // redirect("303", "303 LALA with string and explicit Content-Type safelisted", "LALA", "test", "application/x-pony", true)
       redirect("307")
       redirect("307", "307 post with null", "POST", null)
       redirect("307", "307 post with string", "POST", "hello")
       redirect("307", "307 post with typed array", "POST", new Uint8Array([65, 66, 67]))
       redirect("301", "301 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
       // This test is a special use case under which we handle differently from spec.
       // redirect("301", "301 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/x-pony", true)
       redirect("302", "302 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
       redirect("307", "307 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
       // redirect("307", "307 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
       redirect("308", "308 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
       // redirect("308", "308 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
       // redirect("308", "308 FOO with string and explicit Content-Type text/plain", "FOO", "yoyo", "text/plain")
       // redirect("308", "308 FOO with string and explicit Content-Type multipart/form-data", "FOO", "yoyo", "multipart/form-data")
       // redirect("308", "308 FOO with string and explicit Content-Type safelisted", "FOO", "yoyo", "application/thunderstorm", true)
       redirect("307", "307 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/thunderstorm", true)
     </script>
   </body>
 </html>
	<!doctype html>
	<html>
	<head>
	<title>XMLHttpRequest: send() - Redirect to CORS-enabled resource</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	</head>
	<body>
	<div id="log"></div>
	<script>
	function extractBody(body) {
	if (body === null) {
	return { body: "", type: "NO" };
	}
	if (typeof body == "string") {
	return { body: body, type: "text/plain;charset=UTF-8" };
	}
	if (body instanceof Uint8Array) {
	var arr = Array.prototype.slice.call(body);
	return { body: String.fromCharCode.apply(null, arr), type: "NO" }
	}
	return { body: "EXTRACT NOT IMPLEMENTED", type: "EXTRACT NOT IMPLEMENTED" }
	}

	function redirect(code, name = code, method = "GET", body = null, explicitType = null, safelistContentType = false) {
	async_test(t => {
	var client = new XMLHttpRequest()
	client.onreadystatechange = t.step_func(() => {
	if (client.readyState == 4) {
	if (explicitType !== "application/x-pony" \|\| safelistContentType) {
	var { body: expectedBody, type: expectedType } = extractBody(body);
	if (explicitType !== null) {
	expectedType = explicitType
	}
	if (((code === "301" \|\| code === "302") && method === "POST") \|\| code === "303") {
	method = "GET"
	expectedBody = ""
	}
	assert_equals(client.status, 200);
	assert_equals(client.getResponseHeader("x-request-method"), method);
	assert_equals(client.getResponseHeader("x-request-content-type"), expectedType);
	assert_equals(client.getResponseHeader("x-request-data"), expectedBody);
	} else {
	// "application/x-pony" is not safelisted by corsenabled.py -> network error
	assert_equals(client.status, 0)
	assert_equals(client.statusText, "")
	assert_equals(client.responseText, "")
	assert_equals(client.responseXML, null)
	}
	t.done();
	}
	})
	let safelist = ""
	if (safelistContentType) {
	safelist = "?safelist_content_type"
	}
	client.open(method, "resources/redirect.py?location="+encodeURIComponent("http://www2."+location.host+(location.pathname.replace(/[^\/]+$/, ''))+'resources/corsenabled.py')+safelist+"&code=" + code)
	if (explicitType !== null) {
	client.setRequestHeader("Content-Type", explicitType)
	}
	client.send(body)
	}, document.title + " (" + name + ")")
	}
	redirect("301")
	redirect("301", "301 GET with explicit Content-Type", "GET", null, "application/x-pony")
	redirect("301", "301 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true)
	redirect("302")
	redirect("303")
	// The following disabled subtests except for the second one all use special
	// request methods for which Cobalt specifically disallows.
	// redirect("303", "303 LALA with string and explicit Content-Type safelisted", "LALA", "test", "application/x-pony", true)
	redirect("307")
	redirect("307", "307 post with null", "POST", null)
	redirect("307", "307 post with string", "POST", "hello")
	redirect("307", "307 post with typed array", "POST", new Uint8Array([65, 66, 67]))
	redirect("301", "301 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
	// This test is a special use case under which we handle differently from spec.
	// redirect("301", "301 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/x-pony", true)
	redirect("302", "302 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
	redirect("307", "307 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
	// redirect("307", "307 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
	redirect("308", "308 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony")
	// redirect("308", "308 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony")
	// redirect("308", "308 FOO with string and explicit Content-Type text/plain", "FOO", "yoyo", "text/plain")
	// redirect("308", "308 FOO with string and explicit Content-Type multipart/form-data", "FOO", "yoyo", "multipart/form-data")
	// redirect("308", "308 FOO with string and explicit Content-Type safelisted", "FOO", "yoyo", "application/thunderstorm", true)
	redirect("307", "307 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/thunderstorm", true)
	</script>
	</body>
	</html>