--- a/tests/cors/submitted/opera/README.txt Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/README.txt Fri Dec 16 00:50:59 2011 +0100
@@ -9,6 +9,7 @@
https://<your domain>
https://<your domain>:8443
+It also needs a web server read/writeable file in ``js/resources/logs.txt''
js/
--- a/tests/cors/submitted/opera/js/MANIFEST Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/MANIFEST Fri Dec 16 00:50:59 2011 +0100
@@ -5,11 +5,11 @@
https.htm
origin.htm
preflight-cache.htm
+redirect.htm
redirect-preflight.htm
-redirect.htm
request.htm
response.htm
simple-requests.htm
+status.htm
status-async.htm
-status-basic.htm
status-preflight.htm
--- a/tests/cors/submitted/opera/js/redirect-preflight.htm Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/redirect-preflight.htm Fri Dec 16 00:50:59 2011 +0100
@@ -24,10 +24,11 @@
function redir_preflight(code) {
test(function() {
var client = new XMLHttpRequest(),
- redir2 = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+ redirect = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
- client.open('GET', crossdomain + 'resources/cors-makeheader.php?location='
- + encodeURIComponent(redir2) + '&' + req_c++,
+ client.open('GET', crossdomain + 'resources/cors-makeheader.php?'
+ + 'headers=x-test&location=' + encodeURIComponent(redirect)
+ + '&code=' + code + '&preflight=' + code + '&' + req_c++,
false)
client.setRequestHeader('x-test', 'test')
assert_throws('NETWORK_ERR', function() { client.send(null) });
@@ -40,20 +41,22 @@
redir_preflight(303)
redir_preflight(307)
+ /* Even thought the preflight was allowed (200), CORS should not follow
+ a subsequent redirect */
function redir_after_preflight(code) {
test(function() {
var client = new XMLHttpRequest(),
- redir2 = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+ redirect = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
client.open('GET', crossdomain + 'resources/cors-makeheader.php?'
- + 'preflight_safe&headers=x-test&location='
- + encodeURIComponent(redir2) + '&' + req_c++,
+ + 'preflight=200&headers=x-test&location='
+ + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
false)
client.setRequestHeader('x-test', 'test')
assert_throws('NETWORK_ERR', function() { client.send(null) });
},
- 'Redirect ' + code + ' after preflight')
+ 'Redirect ' + code + ' after succesful preflight')
}
redir_after_preflight(301)
redir_after_preflight(302)
--- a/tests/cors/submitted/opera/js/redirect.htm Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/redirect.htm Fri Dec 16 00:50:59 2011 +0100
@@ -157,10 +157,11 @@
},
'Remote redirect with Allow-Origin to remote resource with Allow-Origin null')
+
function redir(code) {
test(function() {
var client = new XMLHttpRequest(),
- redir3 = crossdomain + 'resources/cors-makeheader.php?code=' + code + '&' + req_c++,
+ redir3 = crossdomain + 'resources/cors-makeheader.php?get_value=last&' + req_c++,
redir2 = crossdomain + 'resources/cors-makeheader.php?code=' + code
+ '&location=' + encodeURIComponent(redir3) + '&' + req_c++
@@ -170,7 +171,8 @@
client.send(null)
r = JSON.parse(client.response)
- assert_equals(r['origin'], location.protocol + "//" + location.host)
+ assert_equals(r['origin'], location.protocol + "//" + location.host, "Origin Header")
+ assert_equals(r['get_value'], 'last', 'get_value')
},
'Redirect ' + code)
}
@@ -179,7 +181,6 @@
redir(302);
redir(303);
redir(307);
-
</script>
</body>
</html>
--- a/tests/cors/submitted/opera/js/resources/cors-makeheader.php Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/resources/cors-makeheader.php Fri Dec 16 00:50:59 2011 +0100
@@ -13,12 +13,20 @@
if (isset($_GET['methods']))
header("Access-Control-Allow-Methods: {$_GET['methods']}");
-if (isset($_GET['location'])
- && !(isset($_GET['preflight_safe'])
- && $_SERVER['REQUEST_METHOD'] == 'OPTIONS'))
+$code = isset($_GET['code']) ? intval($_GET['code']) : null;
+if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' and isset($_GET['preflight']))
+ $code = intval($_GET['preflight']);
+
+if (isset($_GET['location']))
{
- $code = ctype_digit($_GET["code"]) ? $_GET["code"] : "302";
- header("Location: {$_GET['location']}", true, $code);
+ if ($code === null)
+ $code = 302;
+
+ if ($code < 400 and $code > 299)
+ {
+ header("Location: {$_GET['location']}", true, $code);
+ die("Redirecting");
+ }
}
foreach ($_SERVER as $name => $value)
@@ -34,6 +42,9 @@
}
}
-$headers['get_value'] = $_GET['get_value'];
+$headers['get_value'] = isset($_GET['get_value']) ? $_GET['get_value'] : '';
+
+if ($code)
+ header("HTTP/1.1 {$code} StatusText");
echo json_encode( $headers );
--- a/tests/cors/submitted/opera/js/status-async.htm Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/status-async.htm Fri Dec 16 00:50:59 2011 +0100
@@ -12,8 +12,7 @@
var crossdomain = "http://crosssite." + location.hostname + location.pathname.replace(/\/[^\/]*$/, '/')
function statusRequest(method, code, text, content, type) {
- var test = async_test(document.title + " ("
- + method + " " + code + ")")
+ var test = async_test("Status on " + method + " " + code)
test.step(function() {
var client = new XMLHttpRequest()
client.open(method, crossdomain + "resources/status.php?code="
@@ -45,8 +44,7 @@
function statusRequestFail(method, code, expect_code, nonsimple) {
- var test = async_test(document.title + " ("
- + method + " " + code + ") should fail" + ((nonsimple===true)?' (nonsimple)':''))
+ var test = async_test("Status on " + method + " " + code + ((nonsimple===true)?' (nonsimple)':''))
if (expect_code === undefined)
expect_code = code
@@ -54,18 +52,25 @@
var client = new XMLHttpRequest()
client.open(method, crossdomain + "resources/status.php?code="
- + code + '&headers=x-nonsimple', true)
+ + code + '&headers=x-nonsimple&text=OHAI', true)
if (nonsimple === true)
client.setRequestHeader('x-nonsimple', true)
client.onreadystatechange = test.step_func(function() {
+ if (client.readyState < client.HEADERS_RECIEVED)
+ return
assert_equals(client.response, "", "response data")
assert_equals(client.status, expect_code, "response status")
+ assert_equals(client.statusText, (expect_code == 0 ? "" : "OHAI"), "response statusText")
if (client.readyState == client.DONE)
test.done()
})
+ client.onerror = test.step_func(function(e) {
+ assert_unreached("Got error event.")
+ })
+
client.send()
})
}
@@ -73,8 +78,10 @@
/* expect
method code status */
statusRequestFail("GET", 204)
+ statusRequestFail("GET", 400)
statusRequestFail("HEAD", 401)
statusRequestFail("POST", 404)
+ statusRequestFail("POST", 500)
/* Preflight response status is not 200, so the algorithm set status to 0. */
statusRequestFail("PUT", 699, 0)
@@ -83,6 +90,7 @@
/* "forced"
preflight */
statusRequestFail("GET", 204, 0, true)
+ statusRequestFail("GET", 400, 0, true)
statusRequestFail("HEAD", 401, 0, true)
statusRequestFail("POST", 404, 0, true)
statusRequestFail("PUT", 699, 0, true)
--- a/tests/cors/submitted/opera/js/status-basic.htm Thu Dec 15 19:46:57 2011 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,69 +0,0 @@
-<!doctype html>
-<html>
- <head>
- <title>XMLHttpRequest: CORS status/statusText - various responses (async)</title>
- <script src="/resources/testharness.js"></script>
- <script src="/resources/testharnessreport.js"></script>
- </head>
- <body>
- <p>This shouldn't be tested inside a tunnel.</p>
- <div id="log"></div>
- <script>
- var crossdomain = "http://crosssite." + location.hostname + location.pathname.replace(/\/[^\/]*$/, '/')
-
- function statusRequest(method, code, text, content, type) {
- var test = async_test(document.title + " (" + method + " " + code + ")")
- test.step(function() {
- var client = new XMLHttpRequest()
- client.open(method, crossdomain + "resources/status.php?code=" + code + "&text=" + text + "&content=" + content + "&type=" + type, true)
- client.setRequestHeader('Content-Type', 'text/plain')
-
- client.onload = test.step_func(function() {
- assert_equals(client.status, code, "status")
- assert_equals(client.statusText, text, "statusText")
- assert_equals(client.getResponseHeader("X-Request-Method"), method, "X-Request-Method")
- if(method != "HEAD") {
- if(type == "text/xml") {
- assert_equals(client.responseXML.documentElement.localName, "x")
- }
- assert_equals(client.responseText, content)
- }
-
- test.done()
- })
-
- client.onerror = test.step_func(function(e) {
- assert_unreached("Got error event.")
- })
-
- client.send(null)
- })
- }
-
- statusRequest("GET", 200, 'OK', 'Not today.', '')
- statusRequest("PUT", 200, 'OK', '<x>402<\/x>', 'text/xml')
- statusRequest("HEAD", 200, 'OK', 'Nice!', 'text/doesnotmatter')
- statusRequest("POST", 200, 'OK', '400', 'text/plain')
- statusRequest("CHICKEN", 200, 'OK', 'bah', '')
-
-
- function status(code, text) {
- statusRequest("GET", code, text, text, 'text/plain')
- statusRequest("HEAD", code, text, text, 'text/plain')
- statusRequest("POST", code, text, text, 'text/plain')
- statusRequest("PUT", code, text, text, 'text/plain')
- statusRequest("CHICKEN", code, text, text, 'text/plain')
- }
-
- status(201, "UNICORNSWAM")
- status(203, "UNICORNSWIN")
- status(400, "OH HELLO")
- status(402, "FIVE BUCKS")
- status(404, "404 NOT FOUND")
- status(412, "FREE")
- status(502, "lowercase")
- status(503, "HOUSTON WE HAVE A")
- status(699, "WAY OUTTA RANGE")
- </script>
- </body>
-</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/js/status.htm Fri Dec 16 00:50:59 2011 +0100
@@ -0,0 +1,68 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>CORS status</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<pre>
+ allowed preflight response | status |
+ ------- --------- -------- | ------ |
+ 1 no x 400 | 0 |
+ 2 no 200 x | 0 |
+ 3 yes x 400 | 400 |
+ 4 yes 200 400 | 400 |
+ 5 yes 400 x | 0 |
+</pre>
+
+<div id=log></div>
+
+<script>
+
+ var counter = 0,
+ crossdomain = location.href
+ .replace('://', '://crosssite.')
+ .replace(/\/[^\/]*$/, '/')
+
+ function testit(allow, preflight, response, status) {
+ var test = async_test(
+ (++counter) + '. ' +
+ (allow ? 'CORS allowed' : 'CORS disallowed') +
+ (preflight ? ', preflight status '+preflight : '') +
+ (response ? ', response status '+response : '') +
+ '.'
+ )
+
+ test.step(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', crossdomain + 'resources/cors-makeheader.php?' + counter +
+ (allow ? '&headers=x-custom': '&origin=none') +
+ (response ? '&code='+response : '') +
+ (preflight ? '&preflight='+preflight : '')
+ )
+
+ if (preflight)
+ client.setRequestHeader('X-Custom', 'preflight')
+
+ client.onreadystatechange = test.step_func(function(){
+ if (client.readyState > client.OPENED)
+ assert_equals(client.status, status, "status")
+
+ if (client.readyState == client.DONE)
+ {
+ test.done()
+ }
+ })
+
+ client.send()
+
+ })
+ }
+
+ /* allow pref resp status */
+ testit(false, null, 400, 0)
+ testit(false, 200, null, 0)
+ testit(true, null, 400, 400)
+ testit(true, 200, 400, 400)
+ testit(true, 400, null, 0)
+
+</script>