Line 0
LayoutTests/http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html_sec1
|
|
|
1 |
<!DOCTYPE html> |
2 |
<html lang="en"> |
3 |
<head> |
4 |
<meta charset="UTF-8"> |
5 |
<title>Non-Standard Safelisted Headers SHOULD Trigger a Preflight</title> |
6 |
<script src="../resources/js-test-pre.js"></script> |
7 |
</head> |
8 |
<body> |
9 |
<!-- https://fetch.spec.whatwg.org/#cors-safelisted-request-header --> |
10 |
<script> |
11 |
if (window.testRunner) { |
12 |
testRunner.dumpAsText(); |
13 |
testRunner.waitUntilDone(); |
14 |
} |
15 |
|
16 |
var xhr; |
17 |
var url = 'http://localhost:8000/xmlhttprequest/resources/cors-preflight-safelisted-headers-responder.php'; |
18 |
|
19 |
function createReadyStateHandler (description, testNumber) { |
20 |
return function handler (e) { |
21 |
if (xhr.readyState === XMLHttpRequest.DONE) { |
22 |
testPassed(description); |
23 |
nextStep(testNumber); |
24 |
} |
25 |
} |
26 |
} |
27 |
|
28 |
function createOnErrorHandler (description, testNumber) { |
29 |
return function handler (e) { |
30 |
e.preventDefault(); |
31 |
testPassed(description); |
32 |
nextStep(testNumber); |
33 |
} |
34 |
} |
35 |
|
36 |
var abnormalSimpleCorsHeaderValue = "() { :;};" |
37 |
var allAllowedNonAlphanumericCharactersForAcceptHeader = " *./;=" |
38 |
var allAllowedNonAlphanumericCharactersForAcceptAndContentLanguageHeader = " *-.;=" |
39 |
var testCases = [ |
40 |
// Positive test cases with normal headers |
41 |
{ |
42 |
headersToAdd: [{ name : "Accept", value: "text/*" }], |
43 |
explicitlyAllowHeaders: false, |
44 |
shouldCausePreflight: false, |
45 |
description: "Accept header with normal value SHOULD NOT cause a preflight" |
46 |
} |
47 |
,{ |
48 |
headersToAdd: [{ name : "Accept", value: allAllowedNonAlphanumericCharactersForAcceptHeader }], |
49 |
explicitlyAllowHeaders: false, |
50 |
shouldCausePreflight: false, |
51 |
description: "Accept header value with all allowed non-alphanumeric characters SHOULD NOT cause a preflight" |
52 |
} |
53 |
,{ |
54 |
headersToAdd: [{ name : "Accept-Language", value: "en" }], |
55 |
explicitlyAllowHeaders: false, |
56 |
shouldCausePreflight: false, |
57 |
description: "Accept-Language header with normal value SHOULD NOT cause a preflight" |
58 |
} |
59 |
,{ |
60 |
headersToAdd: [{ name : "Accept-Language", value: allAllowedNonAlphanumericCharactersForAcceptAndContentLanguageHeader }], |
61 |
explicitlyAllowHeaders: false, |
62 |
shouldCausePreflight: false, |
63 |
description: "Accept-Language header value with all allowed non-alphanumeric characters SHOULD NOT cause a preflight" |
64 |
} |
65 |
,{ |
66 |
headersToAdd: [{ name : "Content-Language", value: "en" }], |
67 |
explicitlyAllowHeaders: false, |
68 |
shouldCausePreflight: false, |
69 |
description: "Content-Language header with normal value SHOULD NOT cause a preflight" |
70 |
} |
71 |
,{ |
72 |
headersToAdd: [{ name : "Content-Language", value: allAllowedNonAlphanumericCharactersForAcceptAndContentLanguageHeader }], |
73 |
explicitlyAllowHeaders: false, |
74 |
shouldCausePreflight: false, |
75 |
description: "Content-Language header value with all allowed non-alphanumeric characters SHOULD NOT cause a preflight" |
76 |
} |
77 |
// Negative test cases with abnormal headers |
78 |
,{ |
79 |
headersToAdd: [{ name : "Accept", value: abnormalSimpleCorsHeaderValue }], |
80 |
explicitlyAllowHeaders: false, |
81 |
shouldCausePreflight: true, |
82 |
description: "Accept header with abnormal value SHOULD cause a preflight" |
83 |
} |
84 |
,{ |
85 |
headersToAdd: [{ name : "Accept-Language", value: abnormalSimpleCorsHeaderValue }], |
86 |
explicitlyAllowHeaders: false, |
87 |
shouldCausePreflight: true, |
88 |
description: "Accept-Language header with abnormal value SHOULD cause a preflight" |
89 |
} |
90 |
,{ |
91 |
headersToAdd: [{ name : "Content-Language", value: abnormalSimpleCorsHeaderValue }], |
92 |
explicitlyAllowHeaders: false, |
93 |
shouldCausePreflight: true, |
94 |
description: "Content-Language header with abnormal value SHOULD cause a preflight" |
95 |
} |
96 |
,{ |
97 |
headersToAdd: [{ name : "Accept", value: "text/*" }, { name : "Accept-Language", value: "en" }, { name : "Content-Language", value: abnormalSimpleCorsHeaderValue }], |
98 |
explicitlyAllowHeaders: false, |
99 |
shouldCausePreflight: true, |
100 |
description: "Accept header with normal value, Accept-Language header with normal value, and Content-Language header with abnormal value SHOULD cause a preflight" |
101 |
} |
102 |
,{ |
103 |
headersToAdd: [{ name : "Accept", value: "text/*" }, { name : "Accept", value: abnormalSimpleCorsHeaderValue }], |
104 |
explicitlyAllowHeaders: false, |
105 |
shouldCausePreflight: true, |
106 |
description: "Accept header with normal value and then another Accept header with abnormal value SHOULD cause a preflight" |
107 |
} |
108 |
// Positive test cases with abnormal headers |
109 |
,{ |
110 |
headersToAdd: [{ name : "Accept", value: abnormalSimpleCorsHeaderValue }], |
111 |
explicitlyAllowHeaders: true, |
112 |
shouldCausePreflight: true, |
113 |
description: "Accept header with abnormal value and explicitly allowed headers SHOULD be allowed" |
114 |
} |
115 |
,{ |
116 |
headersToAdd: [{ name : "Content-Language", value: abnormalSimpleCorsHeaderValue }], |
117 |
explicitlyAllowHeaders: true, |
118 |
shouldCausePreflight: true, |
119 |
description: "Content-Language header with abnormal value and explicitly allowed headers SHOULD be allowed" |
120 |
} |
121 |
,{ |
122 |
headersToAdd: [{ name : "Accept", value: "text/*" }, { name : "Accept-Language", value: "en" }, { name : "Content-Language", value: abnormalSimpleCorsHeaderValue }], |
123 |
explicitlyAllowHeaders: true, |
124 |
shouldCausePreflight: true, |
125 |
description: "Accept header with normal value, Accept-Language header with normal value, Content-Language header with abnormal value, and explicitly allowed headers SHOULD be allowed" |
126 |
} |
127 |
,{ |
128 |
headersToAdd: [{ name : "Accept", value: "text/*" }, { name : "Accept", value: abnormalSimpleCorsHeaderValue }], |
129 |
explicitlyAllowHeaders: true, |
130 |
shouldCausePreflight: true, |
131 |
description: "Accept header with normal value, then another Accept header with abnormal value, and explicitly allowed headers SHOULD be allowed" |
132 |
} |
133 |
]; |
134 |
|
135 |
function runTestCase(testNumber) { |
136 |
var testCase = testCases[testNumber]; |
137 |
xhr = new XMLHttpRequest(); |
138 |
xhr.open('GET', url + (testCase.explicitlyAllowHeaders ? "/?explicitlyAllowHeaders=true" : ""), true); |
139 |
for (var i = 0; i < testCase.headersToAdd.length; i++) { |
140 |
xhr.setRequestHeader(testCase.headersToAdd[i].name, testCase.headersToAdd[i].value); |
141 |
} |
142 |
if (testCase.shouldCausePreflight && !testCase.explicitlyAllowHeaders) |
143 |
xhr.onerror = createOnErrorHandler(testCase.description, testNumber); |
144 |
else |
145 |
xhr.onreadystatechange = createReadyStateHandler(testCase.description, testNumber); |
146 |
xhr.send(); |
147 |
} |
148 |
|
149 |
function nextStep (testNumber) { |
150 |
if (testNumber === (testCases.length - 1)) { |
151 |
if (window.testRunner) |
152 |
testRunner.notifyDone(); |
153 |
} else |
154 |
runTestCase(testNumber + 1); |
155 |
} |
156 |
|
157 |
runTestCase(0); |
158 |
</script> |
159 |
</body> |
160 |
</html> |