Opera CORS: Updated and polished the tests a bit
authorOdin Hørthe Omdal <odinho@opera.com>
Fri, 16 Dec 2011 00:50:59 +0100
changeset 17 46cba6fd558c
parent 16 8c4f146655aa
child 18 79828772335d
Opera CORS: Updated and polished the tests a bit
tests/cors/submitted/opera/README.txt
tests/cors/submitted/opera/js/MANIFEST
tests/cors/submitted/opera/js/redirect-preflight.htm
tests/cors/submitted/opera/js/redirect.htm
tests/cors/submitted/opera/js/resources/cors-makeheader.php
tests/cors/submitted/opera/js/status-async.htm
tests/cors/submitted/opera/js/status-basic.htm
tests/cors/submitted/opera/js/status.htm
--- a/tests/cors/submitted/opera/README.txt	Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/README.txt	Fri Dec 16 00:50:59 2011 +0100
@@ -9,6 +9,7 @@
     https://<your domain>
     https://<your domain>:8443
 
+It also needs a web server read/writeable file in ``js/resources/logs.txt''
 
 
 js/
--- a/tests/cors/submitted/opera/js/MANIFEST	Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/MANIFEST	Fri Dec 16 00:50:59 2011 +0100
@@ -5,11 +5,11 @@
 https.htm
 origin.htm
 preflight-cache.htm
+redirect.htm
 redirect-preflight.htm
-redirect.htm
 request.htm
 response.htm
 simple-requests.htm
+status.htm
 status-async.htm
-status-basic.htm
 status-preflight.htm
--- a/tests/cors/submitted/opera/js/redirect-preflight.htm	Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/redirect-preflight.htm	Fri Dec 16 00:50:59 2011 +0100
@@ -24,10 +24,11 @@
     function redir_preflight(code) {
         test(function() {
             var client = new XMLHttpRequest(),
-                redir2 = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+                redirect = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
 
-            client.open('GET', crossdomain + 'resources/cors-makeheader.php?location='
-                               + encodeURIComponent(redir2) + '&' + req_c++,
+            client.open('GET', crossdomain + 'resources/cors-makeheader.php?'
+                               + 'headers=x-test&location=' + encodeURIComponent(redirect)
+                               + '&code=' + code + '&preflight=' + code + '&' + req_c++,
                         false)
             client.setRequestHeader('x-test', 'test')
             assert_throws('NETWORK_ERR', function() { client.send(null) });
@@ -40,20 +41,22 @@
     redir_preflight(303)
     redir_preflight(307)
 
+    /* Even thought the preflight was allowed (200), CORS should not follow
+       a subsequent redirect */
     function redir_after_preflight(code) {
         test(function() {
             var client = new XMLHttpRequest(),
-                redir2 = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+                redirect = crossdomain + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
 
             client.open('GET', crossdomain + 'resources/cors-makeheader.php?'
-                               + 'preflight_safe&headers=x-test&location='
-                               + encodeURIComponent(redir2) + '&' + req_c++,
+                               + 'preflight=200&headers=x-test&location='
+                               + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
                         false)
             client.setRequestHeader('x-test', 'test')
             assert_throws('NETWORK_ERR', function() { client.send(null) });
 
         },
-        'Redirect ' + code + ' after preflight')
+        'Redirect ' + code + ' after succesful preflight')
     }
     redir_after_preflight(301)
     redir_after_preflight(302)
--- a/tests/cors/submitted/opera/js/redirect.htm	Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/redirect.htm	Fri Dec 16 00:50:59 2011 +0100
@@ -157,10 +157,11 @@
     },
     'Remote redirect with Allow-Origin to remote resource with Allow-Origin null')
 
+
     function redir(code) {
         test(function() {
             var client = new XMLHttpRequest(),
-                redir3 = crossdomain + 'resources/cors-makeheader.php?code=' + code + '&' + req_c++,
+                redir3 = crossdomain + 'resources/cors-makeheader.php?get_value=last&' + req_c++,
                 redir2 = crossdomain + 'resources/cors-makeheader.php?code=' + code
                          + '&location=' + encodeURIComponent(redir3) + '&' + req_c++
 
@@ -170,7 +171,8 @@
             client.send(null)
 
             r = JSON.parse(client.response)
-            assert_equals(r['origin'], location.protocol + "//" + location.host)
+            assert_equals(r['origin'], location.protocol + "//" + location.host, "Origin Header")
+            assert_equals(r['get_value'], 'last', 'get_value')
         },
         'Redirect ' + code)
     }
@@ -179,7 +181,6 @@
     redir(302);
     redir(303);
     redir(307);
-
     </script>
  </body>
 </html>
--- a/tests/cors/submitted/opera/js/resources/cors-makeheader.php	Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/resources/cors-makeheader.php	Fri Dec 16 00:50:59 2011 +0100
@@ -13,12 +13,20 @@
 if (isset($_GET['methods']))
     header("Access-Control-Allow-Methods: {$_GET['methods']}");
 
-if (isset($_GET['location'])
-    && !(isset($_GET['preflight_safe'])
-        && $_SERVER['REQUEST_METHOD'] == 'OPTIONS'))
+$code = isset($_GET['code']) ? intval($_GET['code']) : null;
+if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' and isset($_GET['preflight']))
+    $code = intval($_GET['preflight']);
+
+if (isset($_GET['location']))
 {
-    $code = ctype_digit($_GET["code"]) ? $_GET["code"] : "302";
-    header("Location: {$_GET['location']}", true, $code);
+    if ($code === null)
+    	$code = 302;
+
+    if ($code < 400 and $code > 299)
+    {
+        header("Location: {$_GET['location']}", true, $code);
+        die("Redirecting");
+    }
 }
 
 foreach ($_SERVER as $name => $value)
@@ -34,6 +42,9 @@
     }
 }
 
-$headers['get_value'] = $_GET['get_value'];
+$headers['get_value'] = isset($_GET['get_value']) ? $_GET['get_value'] : '';
+
+if ($code)
+    header("HTTP/1.1 {$code} StatusText");
 
 echo json_encode( $headers );
--- a/tests/cors/submitted/opera/js/status-async.htm	Thu Dec 15 19:46:57 2011 +0100
+++ b/tests/cors/submitted/opera/js/status-async.htm	Fri Dec 16 00:50:59 2011 +0100
@@ -12,8 +12,7 @@
       var crossdomain = "http://crosssite." + location.hostname + location.pathname.replace(/\/[^\/]*$/, '/')
 
       function statusRequest(method, code, text, content, type) {
-        var test = async_test(document.title + " ("
-          + method + " " + code + ")")
+        var test = async_test("Status on " + method + " " + code)
         test.step(function() {
           var client = new XMLHttpRequest()
           client.open(method, crossdomain + "resources/status.php?code="
@@ -45,8 +44,7 @@
 
 
       function statusRequestFail(method, code, expect_code, nonsimple) {
-        var test = async_test(document.title + " ("
-            + method + " " + code + ") should fail" + ((nonsimple===true)?' (nonsimple)':''))
+        var test = async_test("Status on " + method + " " + code + ((nonsimple===true)?' (nonsimple)':''))
         if (expect_code === undefined)
           expect_code = code
 
@@ -54,18 +52,25 @@
           var client = new XMLHttpRequest()
 
           client.open(method, crossdomain + "resources/status.php?code="
-            + code + '&headers=x-nonsimple', true)
+            + code + '&headers=x-nonsimple&text=OHAI', true)
 
           if (nonsimple === true)
             client.setRequestHeader('x-nonsimple', true)
 
           client.onreadystatechange = test.step_func(function() {
+            if (client.readyState < client.HEADERS_RECIEVED)
+              return
             assert_equals(client.response, "", "response data")
             assert_equals(client.status, expect_code, "response status")
+            assert_equals(client.statusText, (expect_code == 0 ? "" : "OHAI"), "response statusText")
             if (client.readyState == client.DONE)
               test.done()
           })
 
+          client.onerror = test.step_func(function(e) {
+              assert_unreached("Got error event.")
+          })
+
           client.send()
         })
       }
@@ -73,8 +78,10 @@
       /*                                 expect
                         method     code  status */
       statusRequestFail("GET",     204)
+      statusRequestFail("GET",     400)
       statusRequestFail("HEAD",    401)
       statusRequestFail("POST",    404)
+      statusRequestFail("POST",    500)
 
       /* Preflight response status is not 200, so the algorithm set status to 0. */
       statusRequestFail("PUT",     699,  0)
@@ -83,6 +90,7 @@
       /*                                    "forced"
                                             preflight */
       statusRequestFail("GET",     204,  0, true)
+      statusRequestFail("GET",     400,  0, true)
       statusRequestFail("HEAD",    401,  0, true)
       statusRequestFail("POST",    404,  0, true)
       statusRequestFail("PUT",     699,  0, true)
--- a/tests/cors/submitted/opera/js/status-basic.htm	Thu Dec 15 19:46:57 2011 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,69 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS status/statusText - various responses (async)</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-      var crossdomain = "http://crosssite." + location.hostname + location.pathname.replace(/\/[^\/]*$/, '/')
-
-      function statusRequest(method, code, text, content, type) {
-        var test = async_test(document.title + " (" + method + " " + code + ")")
-        test.step(function() {
-          var client = new XMLHttpRequest()
-          client.open(method, crossdomain + "resources/status.php?code=" + code + "&text=" + text + "&content=" + content + "&type=" + type, true)
-          client.setRequestHeader('Content-Type', 'text/plain')
-
-          client.onload = test.step_func(function() {
-            assert_equals(client.status, code, "status")
-            assert_equals(client.statusText, text, "statusText")
-            assert_equals(client.getResponseHeader("X-Request-Method"), method, "X-Request-Method")
-            if(method != "HEAD") {
-              if(type == "text/xml") {
-                assert_equals(client.responseXML.documentElement.localName, "x")
-              }
-              assert_equals(client.responseText, content)
-            }
-
-            test.done()
-          })
-
-          client.onerror = test.step_func(function(e) {
-              assert_unreached("Got error event.")
-          })
-
-          client.send(null)
-        })
-      }
-
-      statusRequest("GET", 200, 'OK', 'Not today.', '')
-      statusRequest("PUT", 200, 'OK', '<x>402<\/x>', 'text/xml')
-      statusRequest("HEAD", 200, 'OK', 'Nice!', 'text/doesnotmatter')
-      statusRequest("POST", 200, 'OK', '400', 'text/plain')
-      statusRequest("CHICKEN", 200, 'OK', 'bah', '')
-
-
-      function status(code, text) {
-        statusRequest("GET", code, text, text, 'text/plain')
-        statusRequest("HEAD", code, text, text, 'text/plain')
-        statusRequest("POST", code, text, text, 'text/plain')
-        statusRequest("PUT", code, text, text, 'text/plain')
-        statusRequest("CHICKEN", code, text, text, 'text/plain')
-      }
-
-      status(201, "UNICORNSWAM")
-      status(203, "UNICORNSWIN")
-      status(400, "OH HELLO")
-      status(402, "FIVE BUCKS")
-      status(404, "404 NOT FOUND")
-      status(412, "FREE")
-      status(502, "lowercase")
-      status(503, "HOUSTON WE HAVE A")
-      status(699, "WAY OUTTA RANGE")
-    </script>
-  </body>
-</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/js/status.htm	Fri Dec 16 00:50:59 2011 +0100
@@ -0,0 +1,68 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>CORS status</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<pre>
+   allowed  preflight  response  | status |
+   -------  ---------  --------  | ------ |
+ 1      no          x       400  |      0 |
+ 2      no        200         x  |      0 |
+ 3     yes          x       400  |    400 |
+ 4     yes        200       400  |    400 |
+ 5     yes        400         x  |      0 |
+</pre>
+
+<div id=log></div>
+
+<script>
+
+    var counter = 0,
+        crossdomain = location.href
+            .replace('://', '://crosssite.')
+            .replace(/\/[^\/]*$/, '/')
+
+    function testit(allow, preflight, response, status) {
+        var test = async_test(
+            (++counter) + '. ' +
+            (allow ? 'CORS allowed' : 'CORS disallowed') +
+            (preflight ? ', preflight status '+preflight : '') +
+            (response ? ', response status '+response : '') +
+            '.'
+        )
+
+        test.step(function() {
+            var client = new XMLHttpRequest()
+            client.open('GET', crossdomain + 'resources/cors-makeheader.php?' + counter +
+                (allow ? '&headers=x-custom': '&origin=none') +
+                (response ? '&code='+response : '') +
+                (preflight ? '&preflight='+preflight : '')
+            )
+
+            if (preflight)
+                client.setRequestHeader('X-Custom', 'preflight')
+
+            client.onreadystatechange = test.step_func(function(){
+                if (client.readyState > client.OPENED)
+                    assert_equals(client.status, status, "status")
+
+                if (client.readyState == client.DONE)
+                {
+                    test.done()
+                }
+            })
+
+            client.send()
+
+        })
+    }
+
+    /*     allow  pref  resp  status */
+    testit(false, null, 400,  0)
+    testit(false, 200,  null, 0)
+    testit(true,  null, 400,  400)
+    testit(true,  200,  400,  400)
+    testit(true,  400,  null, 0)
+
+</script>