--- a/tests/cors/access-control-and-redirects.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-<p>Tests that redirects between origins are never allowed, even when access control is involved.</p>
-<p>Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.</p>
-
-<pre id="console"></pre>
-<script>
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
-}
-
-function runTest(url, expectSyncSuccess, expectAsyncSuccess)
-{
- log("Testing " + url + " (sync)");
- log("Expecting success: " + expectSyncSuccess);
-
- var req = new XMLHttpRequest();
- req.open("GET", url, false);
-
- try {
- req.send(null);
- log((expectSyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
- } catch (ex) {
- log((expectSyncSuccess ? "FAIL" : "PASS") + ": " + ex);
- }
-
- log("Testing " + url + "(async)");
- log("Expecting success: " + expectAsyncSuccess);
-
- req = new XMLHttpRequest();
- req.open("GET", url, true);
- req.onload = function() {
- log((expectAsyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
- nextTest();
- }
- req.onerror = function() {
- log((expectAsyncSuccess ? "FAIL" : "PASS") + ": " + req.status);
- nextTest();
- }
- req.send(null);
-}
-
-var tests = [
- ["/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
- ["http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
- ["http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false]
-]
-
-var currentTest = 0;
-
-function nextTest() {
- if (currentTest < tests.length)
- runTest.apply(null, tests[currentTest++]);
- else if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-nextTest();
-</script>
--- a/tests/cors/access-control-basic-allow-access-control-origin-header-data-url.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-window.addEventListener("message", function(evt) {
- if (evt.data == "done") {
- layoutTestController.notifyDone();
- return;
- }
-
- log(evt.data);
-}, false);
-</script>
-<iframe src='data:text/html,
-<script>
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
- } catch(e) {
- parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in open. [" + e.message + "].", "*");
- return;
- }
-
- try {
- xhr.send();
- } catch(e) {
- parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in send. [" + e.message + "].", "*");
- return;
- }
-
- parent.postMessage(xhr.responseText, "*");
-})();
-parent.postMessage("done", "*");
-</script>'>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-access-control-origin-header.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send();
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-async.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function processStateChange()
-{
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
-}
-
-function errorHandler()
-{
- log("FAIL: Network error.");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-var xhr = new XMLHttpRequest;
-xhr.onreadystatechange = processStateChange;
-xhr.onerror = errorHandler;
-
-xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", true);
-xhr.send();
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache-invalidation-by-header.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
- log("FAIL: Network error. ");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCacheInvalidationByHeader.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
- // Temp file removed. We can start the test now.
- if (xhr.readyState == xhr.DONE) {
- firstRequest();
- }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: First request complete");
- secondRequest();
- }
- }
-
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
- xhr.send();
-}
-
-function secondRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: Second request complete");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- }
-
- // Send a header not included in the inital cache.
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
- xhr.setRequestHeader("x-webkit-test", "headerValue");
- xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache-invalidation-by-method.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
- log("FAIL: Network error. ");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCacheInvalidationByMethod.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
- // Temp file removed. We can start the test now.
- if (xhr.readyState == xhr.DONE) {
- firstRequest();
- }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: First request complete");
- secondRequest();
- }
- }
-
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
- xhr.send();
-}
-
-function secondRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: Second request complete");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- }
-
- // Send a method not included in the initial cache.
- xhr.open("XMETHOD", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
- xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache-timeout.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
- log("FAIL: Network error. ");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCacheTimeout.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
- // Temp file removed. We can start the test now.
- if (xhr.readyState == xhr.DONE) {
- firstRequest();
- }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: First request complete");
- setTimeout(secondRequest, 3000); // 5 seconds
- }
- }
-
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
- xhr.send();
-}
-
-function secondRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: Second request complete")
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- }
-
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
- xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
- log("FAIL: Network error. ");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCache.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
- // reset-temp-file.php reports an error on failure, for debugging problems with BuildBot setup.
- if (xhr.responseText.length > 0)
- log(xhr.responseText);
-
- // Temp file removed. We can start the test now.
- if (xhr.readyState == xhr.DONE) {
- firstRequest();
- }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: First request complete");
- secondRequest();
- }
- }
-
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
- xhr.send();
-}
-
-function secondRequest()
-{
- xhr.onreadystatechange = function()
- {
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- log("PASS: Second request complete");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- }
-
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
- xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-star.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send();
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-
-if (window.layoutTestController)
- layoutTestController.notifyDone();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send();
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-
-if (window.layoutTestController)
- layoutTestController.notifyDone();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-denied-preflight-cache.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-<html>
-<body>
-<p>Test async xhr preflight cache denial. If this test passes, there should be a single PASS below.</p>
-<script>
- if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
- }
-
- var console_messages = document.createElement("ul");
- document.body.appendChild(console_messages);
-
- function log(message)
- {
- var item = document.createElement("li");
- item.appendChild(document.createTextNode(message));
- console_messages.appendChild(item);
- }
-
- xhr = new XMLHttpRequest;
- xhr.onreadystatechange = processStateChange;
- try {
- xhr.open("FOO", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi");
- xhr.send();
- } catch (e) {
- log("Got exception.");
- }
-
- function processStateChange() {
- if (xhr.readyState == 1)
- log("PASS");
- else if (xhr.readyState == 4) {
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- }
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-denied.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send();
- } catch(e) {
- log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-get-fail-non-simple.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,38 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- // Non-whitelisted method
- xhr.setRequestHeader("x-webkit", "foobar");
-
- // This is going to fail because the cgi script is not prepared for an OPTIONS request.
- try {
- xhr.send();
- } catch(e) {
- log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-non-simple-allow-async.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,41 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function processStateChange()
-{
- if (xhr.readyState == xhr.DONE) {
- log(xhr.responseText);
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
-}
-
-function errorHandler()
-{
- log("FAIL: Network error.");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-var xhr = new XMLHttpRequest;
-xhr.onreadystatechange = processStateChange;
-xhr.onerror = errorHandler;
-
-xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", true);
-xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
-xhr.send("PASS: PUT data received");
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-non-simple-allow.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
-
- try {
- xhr.send("PASS: PUT data received");
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-non-simple-deny-cached.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- xhr.setRequestHeader("Content-Type", "text/plain");
-
- try {
- xhr.send("PASS: PUT data received");
- } catch(e) {
- log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'send'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. GET cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- xhr.setRequestHeader("Content-Type", "application/xml");
-
- try {
- xhr.send("FAIL: PUT data received");
- log("FAIL: Exception not thrown. Cross-domain access was allowed, even though content type was not on white list.");
- log(xhr.responseText);
- } catch(e) {
- log("PASS: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
- return;
- }
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-post-fail-non-simple-content-type.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-var xhr = new XMLHttpRequest;
-
-(function() {
- try {
- xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-options-not-supported.cgi", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
- return;
- }
-
- // Content-Type is a simple header, but only if the type is one that could be sent via form submission already.
- xhr.setRequestHeader("Content-Type", "application/xml");
-
- // This is going to fail because the cgi script is not prepared to serve an OPTIONS request.
- try {
- xhr.send(null);
- log("FAIL: Cross-domain access was not denied in 'send'.");
- } catch(e) {
- log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
- return;
- }
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-whitelist-request-headers.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
- if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
- function log(message)
- {
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
- }
-
- try {
- var xhr = new XMLHttpRequest;
- xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-request-headers.cgi", false);
- xhr.setRequestHeader("Accept", "*");
- xhr.setRequestHeader("Accept-Language", "ru");
- xhr.setRequestHeader("Content-Language", "ru");
- xhr.setRequestHeader("Content-Type", "text/plain");
- xhr.send("");
-
- log(xhr.responseText);
- } catch (ex) {
- log("Unexpected exception: " + ex);
- }
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-whitelist-response-headers.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
- if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
- function log(message)
- {
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
- }
-
- var xhr;
-
- function testAllowed(name)
- {
- if (xhr.getResponseHeader(name))
- log("PASS: Response header " + name + " allowed.");
- else
- log("FAIL: Response header " + name + " not allowed.");
- }
-
- function testDenied(name)
- {
- if (!xhr.getResponseHeader(name))
- log("PASS: Response header " + name + " denied.");
- else
- log("FAIL: Response header " + name + " not denied.");
- }
-
-
- xhr = new XMLHttpRequest;
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-response-headers.cgi", false);
- xhr.send();
-
- // Test getResponseHeader()
- testAllowed("cache-control");
- testAllowed("content-language");
- testAllowed("content-type");
- testAllowed("expires");
- testAllowed("last-modified");
- testAllowed("pragma");
- testDenied("x-webkit");
-
- // Test getAllResponseHeaders()
- if (!xhr.getAllResponseHeaders().match("foobar"))
- log("PASS: Non-whitelisted headers not passed to getAllResponseHeaders().");
- else
- log("FAIL: Non-whitelisted headers passed to getAllResponseHeaders().");
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-async-header-denied.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,64 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-(function() {
- var xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
- xhr.send(null);
- } catch(e) {
- log("FAIL: Unable to reset server state: [" + e.message + "].");
- return;
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", true);
- xhr.setRequestHeader("X-NON-STANDARD", "filler");
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
- return;
- }
-
- xhr.onerror = function() {
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
- try {
- xhr.send(null);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
- }
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
- }
-
- log(xhr.responseText);
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
-
- xhr.onreadystatechange = function() {
- if (xhr.readyState == 4 && xhr.status == 200)
- log("FAIL: Cross-domain access allowed in first send without throwing an exception");
- }
-
- xhr.send(null);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-async-method-denied.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-(function() {
- var xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
- xhr.send(null);
- } catch(e) {
- log("FAIL: Unable to reset server state: [" + e.message + "].");
- return;
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", true);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
- return;
- }
-
- xhr.onerror = function() {
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
- try {
- xhr.send(null);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
- }
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
- }
-
- log(xhr.responseText);
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
-
- xhr.onreadystatechange = function() {
- if (xhr.readyState == 4 && xhr.status == 200)
- log("FAIL: Cross-domain access allowed in first send without throwing an exception");
- }
-
- xhr.send(null);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-async-not-supported.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-(function() {
- var xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
- xhr.send(null);
- } catch(e) {
- log("FAIL: Unable to reset server state: [" + e.message + "].");
- return;
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", true);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
- return;
- }
-
- xhr.onerror = function() {
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
- try {
- xhr.send(null);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
- }
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
- }
-
- log(xhr.responseText);
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
-
- xhr.onreadystatechange = function() {
- if (xhr.readyState == 4 && xhr.status == 200)
- log("FAIL: Cross-domain access allowed in first send without throwing an exception");
- }
-
- xhr.send("");
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-credential-async.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-try {
- var xhr = new XMLHttpRequest;
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
- xhr.onerror = function (e) {
- log("FAILED: received error");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- };
- xhr.onreadystatechange = function () {
- if (xhr.readyState == 4) {
- log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- };
- xhr.send();
-} catch(e) {
- log("FAILED: got exception " + e.message);
-}
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-credential-sync.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-try {
- var xhr = new XMLHttpRequest;
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
- xhr.onerror = function (e) {
- log("FAILED: received error");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- };
- xhr.onreadystatechange = function () {
- if (xhr.readyState == 4) {
- log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- };
- xhr.send();
-} catch(e) {
- log("FAILED: got exception " + e.message);
-}
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-headers-async.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
-<script>
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
-}
-
-function resetStatus()
-{
- var req = new XMLHttpRequest;
- req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
- req.send();
-}
-
-function sendRequest()
-{
- var req = new XMLHttpRequest;
- req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php");
- req.setRequestHeader("X-Custom-Header", "foobar");
- req.onerror = function() {
- document.body.appendChild(document.createTextNode("FAIL: onerror called"));
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- req.onload = function() {
- document.body.appendChild(document.createTextNode(req.responseText));
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- req.send();
-}
-
-resetStatus();
-sendRequest();
-</script>
--- a/tests/cors/access-control-preflight-headers-sync.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
-<script>
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-function resetStatus()
-{
- var req = new XMLHttpRequest;
- req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
- req.send();
-}
-
-function sendRequest()
-{
- try {
- var req = new XMLHttpRequest;
- req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php", false);
- req.setRequestHeader("X-Custom-Header", "foobar");
- req.send();
- document.write("<xmp>" + req.responseText + "</xmp>");
- } catch (ex) {
- document.write("<xmp>" + ex + "</xmp>");
- }
-}
-
-resetStatus();
-sendRequest();
-</script>
--- a/tests/cors/access-control-preflight-sync-header-denied.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
- xhr.send(null);
- } catch(e) {
- log("FAIL: Unable to reset server state: [" + e.message + "].");
- return;
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", false);
- xhr.setRequestHeader("X-NON-STANDARD", "filler");
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send(null);
- log("FAIL: Cross-domain access allowed in first send without throwing an exception");
- return;
- } catch(e) {
- // Eat the exception.
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send(null);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-sync-method-denied.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
- xhr.send(null);
- } catch(e) {
- log("FAIL: Unable to reset server state: [" + e.message + "].");
- return;
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send(null);
- log("FAIL: Cross-domain access allowed in first send without throwing an exception");
- return;
- } catch(e) {
- // Eat the exception.
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send(null);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-sync-not-supported.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
- document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
-(function() {
- var xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
- xhr.send(null);
- } catch(e) {
- log("FAIL: Unable to reset server state: [" + e.message + "].");
- return;
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send(null);
- log("FAIL: Cross-domain access allowed in first send without throwing an exception");
- return;
- } catch(e) {
- // Eat the exception.
- }
-
- xhr = new XMLHttpRequest();
-
- try {
- xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
- return;
- }
-
- try {
- xhr.send(null);
- } catch(e) {
- log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
- return;
- }
-
- log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-response-with-body-sync.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-<html>
-<body>
-<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
-Body from cross origin preflight response is prepended to the actual response body.</p>
-<div id=result>Running test...</div>
-<script>
-
- if (window.layoutTestController)
- layoutTestController.dumpAsText();
-
- window.onload = function() {
- var xhr = new XMLHttpRequest();
- xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php", false);
- xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
- xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
- xhr.send(null);
-
- document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
- };
-
-</script>
-
-</body>
-</html>
--- a/tests/cors/access-control-response-with-body.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-<html>
-<body>
-<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
-Body from cross origin preflight response is prepended to the actual response body.</p>
-<div id=result>Running test...</div>
-<script>
-
- if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
- }
-
- window.onload = function() {
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange=function() {
- if (xhr.readyState==4) {
- document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
- if (window.layoutTestController)
- layoutTestController.notifyDone();
- }
- };
-
- xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php");
- xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
- xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
- xhr.send(null);
- };
-
-</script>
-
-</body>
-</html>
--- a/tests/cors/access-control-sandboxed-iframe-allow.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-<html>
-<script>
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.dumpChildFramesAsText();
-}
-
-</script>
-<body>
- <p>This test verifies that sandboxed iframe has XmlHttpRequest access
- to the server that accepts all domains. It will print "PASS" on success.</p>
-
- <iframe sandbox="allow-scripts" src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html" style="width: 500px;">
- </iframe>
-
-</body>
-</html>
--- a/tests/cors/access-control-sandboxed-iframe-denied-without-wildcard.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-<html>
-<script>
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.dumpChildFramesAsText();
-}
-
-</script>
-<body>
-
- <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access to
- its server with "Access-Control-Allow-Origin" set to its own origin (127.0.0.1).</p>
-
- <p>This test will print "PASS" on success.</p>
-
- <iframe sandbox="allow-scripts"
- src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html" style="width: 500px;">
- </iframe>
-
-</body>
-</html>
--- a/tests/cors/access-control-sandboxed-iframe-denied.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-<html>
-<script>
-
-if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.dumpChildFramesAsText();
-}
-
-</script>
-
-<body>
- <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access
- to its server. It will print "PASS" on success.</p>
-
- <iframe sandbox="allow-scripts"
- src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html" style="width: 500px;">
- </iframe>
-</body>
-</html>
--- a/tests/cors/resources/access-control-allow-with-body.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-<?php
- header("Access-control-allow-headers: X-Requested-With");
- header("Access-control-max-age: 0");
- header("Access-control-allow-origin: *");
- header("Access-control-allow-methods: *");
- header("Vary: Accept-Encoding");
- header("Content-Type: text/plain");
-
- print "echo"
-?>
--- a/tests/cors/resources/access-control-basic-allow-access-control-origin-header.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Cache-Control: no-cache, no-store\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
-print "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
--- a/tests/cors/resources/access-control-basic-allow-print-headers.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Cache-Control: no-store\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-foreach (keys %ENV) {
- if ($_ =~ "HTTP_") {
- print $_ . ": " . $ENV{$_} . "\n";
- }
-}
--- a/tests/cors/resources/access-control-basic-allow-star.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-basic-allow.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Credentials: true\n";
-print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-basic-denied.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n\n";
-
-print "FAIL: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-basic-get-fail-non-simple.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-my $request;
-
-if ($ENV{'REQUEST_METHOD'} eq "GET") {
- print "Content-Type: text/plain\n";
- print "Access-Control-Allow-Credentials: true\n";
- print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
- print "FAIL: Cross-domain access allowed.\n";
-}
--- a/tests/cors/resources/access-control-basic-non-get-allow.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-my $request;
-
-if ($ENV{'REQUEST_METHOD'} eq "OPTIONS") {
- print "Content-Type: text/plain\n";
- print "Access-Control-Allow-Credentials: true\n";
- print "Access-Control-Allow-Methods: PUT\n";
- print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-} elsif ($ENV{'REQUEST_METHOD'} eq "PUT") {
- print "Content-Type: text/plain\n";
- print "Access-Control-Allow-Credentials: true\n";
- print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
- print "PASS: Cross-domain access allowed.\n";
- read(STDIN, $request, $ENV{'CONTENT_LENGTH'}) || die "Could not read in content.\n";
- print $request;
-} else {
- print "Content-Type: text/plain\n\n";
- print "Wrong method: " . $ENV{'REQUEST_METHOD'} . "\n";
-}
--- a/tests/cors/resources/access-control-basic-options-not-supported.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Cache-Control: no-store\n";
-
-# Allow simple requests, but deny preflight.
-if ($ENV{'REQUEST_METHOD'} ne "OPTIONS") {
- print "Access-Control-Allow-Credentials: true\n";
- print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n";
-}
-
-print "\n";
--- a/tests/cors/resources/access-control-basic-post-fail-non-simple.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-my $request;
-
-if ($ENV{'REQUEST_METHOD'} eq "POST") {
- print "Content-Type: text/plain\n";
- print "Access-Control-Allow-Credentials: true\n";
- print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
- print "FAIL: Cross-domain access allowed.\n";
-}
--- a/tests/cors/resources/access-control-basic-preflight-cache-invalidation.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
-
-function fail()
-{
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Allow-Headers: x-webkit-test");
- echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
- exit();
-}
-
-function setState($newState, $file)
-{
- file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
- if (!file_exists($file)) {
- return "Uninitialized";
- }
- return file_get_contents($file);
-}
-
-$state = getState($tmpFile);
-
-if ($state == "Uninitialized") {
- if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Max-Age: 10"); // 10 seconds
- setState("OptionsSent", $tmpFile);
- } else {
- fail();
- }
-} else if ($state == "OptionsSent") {
- if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "PASS: First PUT request.";
- setState("FirstPUTSent", $tmpFile);
- } else {
- fail();
- }
-} else if ($state == "FirstPUTSent") {
- if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT, XMETHOD");
- header("Access-Control-Allow-Headers: x-webkit-test");
- setState("SecondOPTIONSSent", $tmpFile);
- } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "FAIL: Second PUT request sent without preflight";
- }
-} else if ($state == "SecondOPTIONSSent") {
- if ($_SERVER['REQUEST_METHOD'] == "PUT" || $_SERVER['REQUEST_METHOD'] == "XMETHOD") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "PASS: Second OPTIONS request was sent.";
- } else {
- fail();
- }
-} else {
- fail();
-}
-?>
--- a/tests/cors/resources/access-control-basic-preflight-cache-timeout.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
-
-function fail()
-{
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Allow-Headers: x-webkit-test");
- echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
- exit();
-}
-
-function setState($newState, $file)
-{
- file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
- if (!file_exists($file)) {
- return "Uninitialized";
- }
- return file_get_contents($file);
-}
-
-$state = getState($tmpFile);
-
-if ($state == "Uninitialized") {
- if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Allow-Headers: x-webkit-test");
- header("Access-Control-Max-Age: 1"); // 1 second
- setState("OptionsSent", $tmpFile);
- } else {
- fail();
- }
-} else if ($state == "OptionsSent") {
- if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "PASS: First PUT request.";
- setState("FirstPUTSent", $tmpFile);
- } else {
- fail();
- }
-} else if ($state == "FirstPUTSent") {
- if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Allow-Headers: x-webkit-test");
- setState("SecondOPTIONSSent", $tmpFile);
- } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "FAIL: Second PUT request sent without preflight";
- }
-} else if ($state == "SecondOPTIONSSent") {
- if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "PASS: Second OPTIONS request was sent.";
- } else {
- fail();
- }
-} else {
- fail();
-}
-?>
--- a/tests/cors/resources/access-control-basic-preflight-cache.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
-
-function fail()
-{
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Allow-Headers: x-webkit-test");
- echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
- exit();
-}
-
-function setState($newState, $file)
-{
- file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
- if (!file_exists($file)) {
- return "Uninitialized";
- }
- return file_get_contents($file);
-}
-
-$state = getState($tmpFile);
-
-if ($state == "Uninitialized") {
- if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Allow-Headers: x-webkit-test");
- header("Access-Control-Max-Age: 10"); // 10 seconds
- setState("OptionsSent", $tmpFile);
- } else {
- fail();
- }
-} else if ($state == "OptionsSent") {
- if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "PASS: First PUT request.";
- setState("FirstPUTSent", $tmpFile);
- } else {
- fail();
- }
-} else if ($state == "FirstPUTSent") {
- if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "PASS: Second PUT request. Preflight worked";
- } else if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: PUT");
- header("Access-Control-Allow-Headers: x-webkit-test");
- setState("FAILSecondOPTIONSSent", $tmpFile);
- }
-} else if ($state == "FAILSecondOPTIONSSent") {
- if ($_SERVER['REQUEST_METHOD'] == "PUT") {
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- echo "FAIL: Second OPTIONS request was sent. Preflight failed";
- } else {
- fail();
- }
-} else {
- fail();
-}
-?>
--- a/tests/cors/resources/access-control-basic-whitelist-request-headers.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Cache-Control: no-store\n";
-
-# This should be a simple request, deny preflight.
-if ($ENV{'REQUEST_METHOD'} eq "POST") {
- print "Access-Control-Allow-Credentials: true\n";
- print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
- print "Accept: $ENV{'HTTP_ACCEPT'}\n";
- print "Accept-Language: $ENV{'HTTP_ACCEPT_LANGUAGE'}\n";
- print "Content-Language: $ENV{'HTTP_CONTENT_LANGUAGE'}\n";
- print "Content-Type: $ENV{'CONTENT_TYPE'}\n";
-} else {
- print "\n";
-}
--- a/tests/cors/resources/access-control-basic-whitelist-response-headers.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-# in whitelist
-print "content-type: text/plain\n";
-print "cache-control: no cache\n";
-print "content-language: en\n";
-print "expires: Fri, 30 Oct 1998 14:19:41 GMT\n";
-print "last-modified: Tue, 15 Nov 1994 12:45:26 GMT\n";
-print "pragma: no-cache\n";
-
-# not in whitelist
-print "x-webkit: foobar\n";
-
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-preflight-denied-xsrf.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,67 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/xsrf.txt";
-
-function fail($state)
-{
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Allow-Credentials: true");
- header("Access-Control-Allow-Methods: GET");
- header("Access-Control-Max-Age: 1");
- echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n";
- exit();
-}
-
-function setState($newState, $file)
-{
- file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
- $state = NULL;
- if (file_exists($file))
- $state = file_get_contents($file);
- return $state ? $state : "Uninitialized";
-}
-
-$state = getState($tmpFile);
-
-if ($_SERVER['REQUEST_METHOD'] == "GET"
- && $_GET['state'] == "reset") {
- if (file_exists($tmpFile)) unlink($tmpFile);
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Max-Age: 1");
- echo "Server state reset.\n";
-} else if ($state == "Uninitialized") {
- if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
- if ($_GET['state'] == "method" || $_GET['state'] == "header") {
- header("Access-Control-Allow-Methods: GET");
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Max-Age: 1");
- }
- echo("FAIL: This request should not be displayed.\n");
- setState("Denied", $tmpFile);
- } else {
- fail($state);
- }
-} else if ($state == "Denied") {
- if ($_SERVER['REQUEST_METHOD'] == "GET"
- && $_GET['state'] == "complete") {
- unlink($tmpFile);
- header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
- header("Access-Control-Max-Age: 1");
- echo "PASS: Request successfully blocked.\n";
- } else {
- setState("Deny Ignored", $tmpFile);
- fail($state);
- }
-} else if ($state == "Deny Ignored") {
- unlink($tmpFile);
- fail($state);
-} else {
- if (file_exists($tmpFile)) unlink($tmpFile);
- fail("Unknown");
-}
-?>
--- a/tests/cors/resources/access-control-sandboxed-iframe-allow-iframe.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-
-document.getElementById('console').innerHTML = (function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi", false);
- } catch(e) {
- return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
- }
-
- try {
- xhr.send();
- } catch(e) {
- return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'send'. [" + e.message + "].";
- }
-
- return xhr.responseText;
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/resources/access-control-sandboxed-iframe-allow.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Credentials: true\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Sandboxed iframe XHR access allowed.\n";
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied-iframe.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-
-document.getElementById('console').innerHTML = (function() {
- var xhr = new XMLHttpRequest;
-
-
- try {
- xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi", false);
- } catch(e) {
- return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
- }
-
- try {
- xhr.send();
- } catch(e) {
- return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "].";
- }
-
- return xhr.responseText;
-})();
-
-</script>
-</body>
-</html>
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-
-document.getElementById('console').innerHTML = (function() {
- var xhr = new XMLHttpRequest;
-
- try {
- xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi", false);
- } catch(e) {
- return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
- }
-
- try {
- xhr.send();
- } catch(e) {
- return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "].";
- }
-
- return xhr.responseText;
-})();
-
-</script>
-</body>
-</html>
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Credentials: true\n";
-print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
-print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied.cgi Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n\n";
-
-print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- a/tests/cors/resources/basic-auth/.svn/all-wcprops Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 98
-/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
-END
-access-control-auth-basic.php
-K 25
-svn:wc:ra_dav:version-url
-V 128
-/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php
-END
-basic-auth.php
-K 25
-svn:wc:ra_dav:version-url
-V 113
-/repository/webkit/!svn/ver/24227/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/basic-auth.php
-END
--- a/tests/cors/resources/basic-auth/.svn/entries Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,96 +0,0 @@
-10
-
-dir
-102004
-http://svn.webkit.org/repository/webkit/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
-http://svn.webkit.org/repository/webkit
-
-
-
-2010-04-28T16:29:22.915186Z
-58409
-jchaffraix@webkit.org
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-268f45cc-cd09-0410-ab3c-d52691b4dbfc
-�
-access-control-auth-basic.php
-file
-
-
-
-
-2011-11-14T21:09:08.417946Z
-1342b2f90905a7f1b2fa19ac807a00af
-2010-04-28T16:29:22.915186Z
-58409
-jchaffraix@webkit.org
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-630
-�
-basic-auth.php
-file
-
-
-
-
-2011-11-14T21:09:08.417946Z
-a82ea42c784b9b663e54196755ab7112
-2007-07-12T04:17:17.612601Z
-24227
-ap
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-377
-�
--- a/tests/cors/resources/basic-auth/.svn/text-base/access-control-auth-basic.php.svn-base Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-<?php
-
-header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
-header("Access-Control-Allow-Credentials: true");
-header("Access-Control-Allow-Methods: PUT");
-
-if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
- if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
- header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
- header('HTTP/1.0 401 Unauthorized');
- echo 'Authentication canceled';
- exit;
- } else {
- echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
- }
-}
-?>
--- a/tests/cors/resources/basic-auth/.svn/text-base/basic-auth.php.svn-base Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-<?php
- if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
- header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
- header('HTTP/1.0 401 Unauthorized');
- echo 'Authentication canceled';
- exit;
- } else {
- echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
- }
-?>
--- a/tests/cors/resources/basic-auth/access-control-auth-basic.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-<?php
-
-header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
-header("Access-Control-Allow-Credentials: true");
-header("Access-Control-Allow-Methods: PUT");
-
-if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
- if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
- header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
- header('HTTP/1.0 401 Unauthorized');
- echo 'Authentication canceled';
- exit;
- } else {
- echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
- }
-}
-?>
--- a/tests/cors/resources/basic-auth/basic-auth.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-<?php
- if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
- header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
- header('HTTP/1.0 401 Unauthorized');
- echo 'Authentication canceled';
- exit;
- } else {
- echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
- }
-?>
--- a/tests/cors/resources/no-custom-header.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$stateFile = sys_get_temp_dir() . "/access-control-preflight-headers-status";
-
-function setState($newState, $file)
-{
- file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
- if (!file_exists($file)) {
- return "";
- }
- return file_get_contents($file);
-}
-
-header("Access-Control-Allow-Origin: *");
-header("Access-Control-Allow-Headers: X-Custom-Header");
-header("Access-Control-Max-Age: 0");
-
-if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
- if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
- setState("FAIL", $stateFile);
- else
- setState("PASS", $stateFile);
-} else {
- if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
- echo getState($stateFile);
- else
- echo "FAIL - no header in actual request";
-}
-?>
--- a/tests/cors/resources/redirect.php Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
-<?php
- $url = $_GET['url'];
- header("Location: $url");
-?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-and-redirects.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,63 @@
+<p>Tests that redirects between origins are never allowed, even when access control is involved.</p>
+<p>Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.</p>
+
+<pre id="console"></pre>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
+}
+
+function runTest(url, expectSyncSuccess, expectAsyncSuccess)
+{
+ log("Testing " + url + " (sync)");
+ log("Expecting success: " + expectSyncSuccess);
+
+ var req = new XMLHttpRequest();
+ req.open("GET", url, false);
+
+ try {
+ req.send(null);
+ log((expectSyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
+ } catch (ex) {
+ log((expectSyncSuccess ? "FAIL" : "PASS") + ": " + ex);
+ }
+
+ log("Testing " + url + "(async)");
+ log("Expecting success: " + expectAsyncSuccess);
+
+ req = new XMLHttpRequest();
+ req.open("GET", url, true);
+ req.onload = function() {
+ log((expectAsyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
+ nextTest();
+ }
+ req.onerror = function() {
+ log((expectAsyncSuccess ? "FAIL" : "PASS") + ": " + req.status);
+ nextTest();
+ }
+ req.send(null);
+}
+
+var tests = [
+ ["/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
+ ["http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
+ ["http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false]
+]
+
+var currentTest = 0;
+
+function nextTest() {
+ if (currentTest < tests.length)
+ runTest.apply(null, tests[currentTest++]);
+ else if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+nextTest();
+</script>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header-data-url.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,48 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+window.addEventListener("message", function(evt) {
+ if (evt.data == "done") {
+ layoutTestController.notifyDone();
+ return;
+ }
+
+ log(evt.data);
+}, false);
+</script>
+<iframe src='data:text/html,
+<script>
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
+ } catch(e) {
+ parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in open. [" + e.message + "].", "*");
+ return;
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in send. [" + e.message + "].", "*");
+ return;
+ }
+
+ parent.postMessage(xhr.responseText, "*");
+})();
+parent.postMessage("done", "*");
+</script>'>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,34 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-async.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,40 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function processStateChange()
+{
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+}
+
+function errorHandler()
+{
+ log("FAIL: Network error.");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var xhr = new XMLHttpRequest;
+xhr.onreadystatechange = processStateChange;
+xhr.onerror = errorHandler;
+
+xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", true);
+xhr.send();
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-invalidation-by-header.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,74 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+ log("FAIL: Network error. ");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCacheInvalidationByHeader.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+ // Temp file removed. We can start the test now.
+ if (xhr.readyState == xhr.DONE) {
+ firstRequest();
+ }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: First request complete");
+ secondRequest();
+ }
+ }
+
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+ xhr.send();
+}
+
+function secondRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: Second request complete");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ }
+
+ // Send a header not included in the inital cache.
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+ xhr.setRequestHeader("x-webkit-test", "headerValue");
+ xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-invalidation-by-method.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,73 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+ log("FAIL: Network error. ");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCacheInvalidationByMethod.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+ // Temp file removed. We can start the test now.
+ if (xhr.readyState == xhr.DONE) {
+ firstRequest();
+ }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: First request complete");
+ secondRequest();
+ }
+ }
+
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+ xhr.send();
+}
+
+function secondRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: Second request complete");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ }
+
+ // Send a method not included in the initial cache.
+ xhr.open("XMETHOD", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+ xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-timeout.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,72 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+ log("FAIL: Network error. ");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCacheTimeout.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+ // Temp file removed. We can start the test now.
+ if (xhr.readyState == xhr.DONE) {
+ firstRequest();
+ }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: First request complete");
+ setTimeout(secondRequest, 3000); // 5 seconds
+ }
+ }
+
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
+ xhr.send();
+}
+
+function secondRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: Second request complete")
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ }
+
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
+ xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,76 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+ log("FAIL: Network error. ");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCache.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+ // reset-temp-file.php reports an error on failure, for debugging problems with BuildBot setup.
+ if (xhr.responseText.length > 0)
+ log(xhr.responseText);
+
+ // Temp file removed. We can start the test now.
+ if (xhr.readyState == xhr.DONE) {
+ firstRequest();
+ }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: First request complete");
+ secondRequest();
+ }
+ }
+
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
+ xhr.send();
+}
+
+function secondRequest()
+{
+ xhr.onreadystatechange = function()
+ {
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ log("PASS: Second request complete");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ }
+
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
+ xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-star.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+
+if (window.layoutTestController)
+ layoutTestController.notifyDone();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+
+if (window.layoutTestController)
+ layoutTestController.notifyDone();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-denied-preflight-cache.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,39 @@
+<html>
+<body>
+<p>Test async xhr preflight cache denial. If this test passes, there should be a single PASS below.</p>
+<script>
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ var console_messages = document.createElement("ul");
+ document.body.appendChild(console_messages);
+
+ function log(message)
+ {
+ var item = document.createElement("li");
+ item.appendChild(document.createTextNode(message));
+ console_messages.appendChild(item);
+ }
+
+ xhr = new XMLHttpRequest;
+ xhr.onreadystatechange = processStateChange;
+ try {
+ xhr.open("FOO", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi");
+ xhr.send();
+ } catch (e) {
+ log("Got exception.");
+ }
+
+ function processStateChange() {
+ if (xhr.readyState == 1)
+ log("PASS");
+ else if (xhr.readyState == 4) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ }
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-denied.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,34 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-get-fail-non-simple.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,38 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ // Non-whitelisted method
+ xhr.setRequestHeader("x-webkit", "foobar");
+
+ // This is going to fail because the cgi script is not prepared for an OPTIONS request.
+ try {
+ xhr.send();
+ } catch(e) {
+ log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-non-simple-allow-async.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,41 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function processStateChange()
+{
+ if (xhr.readyState == xhr.DONE) {
+ log(xhr.responseText);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+}
+
+function errorHandler()
+{
+ log("FAIL: Network error.");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var xhr = new XMLHttpRequest;
+xhr.onreadystatechange = processStateChange;
+xhr.onerror = errorHandler;
+
+xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", true);
+xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
+xhr.send("PASS: PUT data received");
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-non-simple-allow.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,36 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
+
+ try {
+ xhr.send("PASS: PUT data received");
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-non-simple-deny-cached.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,52 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ xhr.setRequestHeader("Content-Type", "text/plain");
+
+ try {
+ xhr.send("PASS: PUT data received");
+ } catch(e) {
+ log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. GET cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ xhr.setRequestHeader("Content-Type", "application/xml");
+
+ try {
+ xhr.send("FAIL: PUT data received");
+ log("FAIL: Exception not thrown. Cross-domain access was allowed, even though content type was not on white list.");
+ log(xhr.responseText);
+ } catch(e) {
+ log("PASS: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+ return;
+ }
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-post-fail-non-simple-content-type.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+var xhr = new XMLHttpRequest;
+
+(function() {
+ try {
+ xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-options-not-supported.cgi", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ // Content-Type is a simple header, but only if the type is one that could be sent via form submission already.
+ xhr.setRequestHeader("Content-Type", "application/xml");
+
+ // This is going to fail because the cgi script is not prepared to serve an OPTIONS request.
+ try {
+ xhr.send(null);
+ log("FAIL: Cross-domain access was not denied in 'send'.");
+ } catch(e) {
+ log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+ return;
+ }
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-whitelist-request-headers.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,28 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ function log(message)
+ {
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+ }
+
+ try {
+ var xhr = new XMLHttpRequest;
+ xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-request-headers.cgi", false);
+ xhr.setRequestHeader("Accept", "*");
+ xhr.setRequestHeader("Accept-Language", "ru");
+ xhr.setRequestHeader("Content-Language", "ru");
+ xhr.setRequestHeader("Content-Type", "text/plain");
+ xhr.send("");
+
+ log(xhr.responseText);
+ } catch (ex) {
+ log("Unexpected exception: " + ex);
+ }
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-whitelist-response-headers.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,52 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ function log(message)
+ {
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+ }
+
+ var xhr;
+
+ function testAllowed(name)
+ {
+ if (xhr.getResponseHeader(name))
+ log("PASS: Response header " + name + " allowed.");
+ else
+ log("FAIL: Response header " + name + " not allowed.");
+ }
+
+ function testDenied(name)
+ {
+ if (!xhr.getResponseHeader(name))
+ log("PASS: Response header " + name + " denied.");
+ else
+ log("FAIL: Response header " + name + " not denied.");
+ }
+
+
+ xhr = new XMLHttpRequest;
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-response-headers.cgi", false);
+ xhr.send();
+
+ // Test getResponseHeader()
+ testAllowed("cache-control");
+ testAllowed("content-language");
+ testAllowed("content-type");
+ testAllowed("expires");
+ testAllowed("last-modified");
+ testAllowed("pragma");
+ testDenied("x-webkit");
+
+ // Test getAllResponseHeaders()
+ if (!xhr.getAllResponseHeaders().match("foobar"))
+ log("PASS: Non-whitelisted headers not passed to getAllResponseHeaders().");
+ else
+ log("FAIL: Non-whitelisted headers passed to getAllResponseHeaders().");
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-async-header-denied.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,64 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+(function() {
+ var xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Unable to reset server state: [" + e.message + "].");
+ return;
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", true);
+ xhr.setRequestHeader("X-NON-STANDARD", "filler");
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+ return;
+ }
+
+ xhr.onerror = function() {
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+ try {
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+ }
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+ }
+
+ log(xhr.responseText);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+
+ xhr.onreadystatechange = function() {
+ if (xhr.readyState == 4 && xhr.status == 200)
+ log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+ }
+
+ xhr.send(null);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-async-method-denied.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,63 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+(function() {
+ var xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Unable to reset server state: [" + e.message + "].");
+ return;
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", true);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+ return;
+ }
+
+ xhr.onerror = function() {
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+ try {
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+ }
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+ }
+
+ log(xhr.responseText);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+
+ xhr.onreadystatechange = function() {
+ if (xhr.readyState == 4 && xhr.status == 200)
+ log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+ }
+
+ xhr.send(null);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-async-not-supported.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,63 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+(function() {
+ var xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Unable to reset server state: [" + e.message + "].");
+ return;
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", true);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+ return;
+ }
+
+ xhr.onerror = function() {
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+ try {
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+ }
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+ }
+
+ log(xhr.responseText);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+
+ xhr.onreadystatechange = function() {
+ if (xhr.readyState == 4 && xhr.status == 200)
+ log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+ }
+
+ xhr.send("");
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-credential-async.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+try {
+ var xhr = new XMLHttpRequest;
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
+ xhr.onerror = function (e) {
+ log("FAILED: received error");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ };
+ xhr.onreadystatechange = function () {
+ if (xhr.readyState == 4) {
+ log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ };
+ xhr.send();
+} catch(e) {
+ log("FAILED: got exception " + e.message);
+}
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-credential-sync.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+try {
+ var xhr = new XMLHttpRequest;
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
+ xhr.onerror = function (e) {
+ log("FAILED: received error");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ };
+ xhr.onreadystatechange = function () {
+ if (xhr.readyState == 4) {
+ log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ };
+ xhr.send();
+} catch(e) {
+ log("FAILED: got exception " + e.message);
+}
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-headers-async.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,35 @@
+<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function resetStatus()
+{
+ var req = new XMLHttpRequest;
+ req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
+ req.send();
+}
+
+function sendRequest()
+{
+ var req = new XMLHttpRequest;
+ req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php");
+ req.setRequestHeader("X-Custom-Header", "foobar");
+ req.onerror = function() {
+ document.body.appendChild(document.createTextNode("FAIL: onerror called"));
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ req.onload = function() {
+ document.body.appendChild(document.createTextNode(req.responseText));
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ req.send();
+}
+
+resetStatus();
+sendRequest();
+</script>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-headers-sync.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,28 @@
+<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+function resetStatus()
+{
+ var req = new XMLHttpRequest;
+ req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
+ req.send();
+}
+
+function sendRequest()
+{
+ try {
+ var req = new XMLHttpRequest;
+ req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php", false);
+ req.setRequestHeader("X-Custom-Header", "foobar");
+ req.send();
+ document.write("<xmp>" + req.responseText + "</xmp>");
+ } catch (ex) {
+ document.write("<xmp>" + ex + "</xmp>");
+ }
+}
+
+resetStatus();
+sendRequest();
+</script>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-sync-header-denied.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,62 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Unable to reset server state: [" + e.message + "].");
+ return;
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", false);
+ xhr.setRequestHeader("X-NON-STANDARD", "filler");
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send(null);
+ log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+ return;
+ } catch(e) {
+ // Eat the exception.
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-sync-method-denied.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,61 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Unable to reset server state: [" + e.message + "].");
+ return;
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send(null);
+ log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+ return;
+ } catch(e) {
+ // Eat the exception.
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-sync-not-supported.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,61 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+(function() {
+ var xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Unable to reset server state: [" + e.message + "].");
+ return;
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send(null);
+ log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+ return;
+ } catch(e) {
+ // Eat the exception.
+ }
+
+ xhr = new XMLHttpRequest();
+
+ try {
+ xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send(null);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-response-with-body-sync.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,24 @@
+<html>
+<body>
+<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
+Body from cross origin preflight response is prepended to the actual response body.</p>
+<div id=result>Running test...</div>
+<script>
+
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ window.onload = function() {
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php", false);
+ xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+ xhr.send(null);
+
+ document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
+ };
+
+</script>
+
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-response-with-body.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,32 @@
+<html>
+<body>
+<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
+Body from cross origin preflight response is prepended to the actual response body.</p>
+<div id=result>Running test...</div>
+<script>
+
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ window.onload = function() {
+ var xhr = new XMLHttpRequest();
+ xhr.onreadystatechange=function() {
+ if (xhr.readyState==4) {
+ document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ };
+
+ xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php");
+ xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+ xhr.send(null);
+ };
+
+</script>
+
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-sandboxed-iframe-allow.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,18 @@
+<html>
+<script>
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+}
+
+</script>
+<body>
+ <p>This test verifies that sandboxed iframe has XmlHttpRequest access
+ to the server that accepts all domains. It will print "PASS" on success.</p>
+
+ <iframe sandbox="allow-scripts" src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html" style="width: 500px;">
+ </iframe>
+
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-sandboxed-iframe-denied-without-wildcard.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,22 @@
+<html>
+<script>
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+}
+
+</script>
+<body>
+
+ <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access to
+ its server with "Access-Control-Allow-Origin" set to its own origin (127.0.0.1).</p>
+
+ <p>This test will print "PASS" on success.</p>
+
+ <iframe sandbox="allow-scripts"
+ src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html" style="width: 500px;">
+ </iframe>
+
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-sandboxed-iframe-denied.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,19 @@
+<html>
+<script>
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+}
+
+</script>
+
+<body>
+ <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access
+ to its server. It will print "PASS" on success.</p>
+
+ <iframe sandbox="allow-scripts"
+ src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html" style="width: 500px;">
+ </iframe>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-allow-with-body.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,10 @@
+<?php
+ header("Access-control-allow-headers: X-Requested-With");
+ header("Access-control-max-age: 0");
+ header("Access-control-allow-origin: *");
+ header("Access-control-allow-methods: *");
+ header("Vary: Accept-Encoding");
+ header("Content-Type: text/plain");
+
+ print "echo"
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,9 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Cache-Control: no-cache, no-store\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
+print "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-print-headers.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,12 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Cache-Control: no-store\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+foreach (keys %ENV) {
+ if ($_ =~ "HTTP_") {
+ print $_ . ": " . $ENV{$_} . "\n";
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-star.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,7 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,8 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Credentials: true\n";
+print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-denied.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,6 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n\n";
+
+print "FAIL: Cross-domain access allowed.\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-get-fail-non-simple.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,11 @@
+#!/usr/bin/perl -wT
+use strict;
+
+my $request;
+
+if ($ENV{'REQUEST_METHOD'} eq "GET") {
+ print "Content-Type: text/plain\n";
+ print "Access-Control-Allow-Credentials: true\n";
+ print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+ print "FAIL: Cross-domain access allowed.\n";
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-non-get-allow.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,22 @@
+#!/usr/bin/perl -wT
+use strict;
+
+my $request;
+
+if ($ENV{'REQUEST_METHOD'} eq "OPTIONS") {
+ print "Content-Type: text/plain\n";
+ print "Access-Control-Allow-Credentials: true\n";
+ print "Access-Control-Allow-Methods: PUT\n";
+ print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+} elsif ($ENV{'REQUEST_METHOD'} eq "PUT") {
+ print "Content-Type: text/plain\n";
+ print "Access-Control-Allow-Credentials: true\n";
+ print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+ print "PASS: Cross-domain access allowed.\n";
+ read(STDIN, $request, $ENV{'CONTENT_LENGTH'}) || die "Could not read in content.\n";
+ print $request;
+} else {
+ print "Content-Type: text/plain\n\n";
+ print "Wrong method: " . $ENV{'REQUEST_METHOD'} . "\n";
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-options-not-supported.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,12 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Cache-Control: no-store\n";
+
+# Allow simple requests, but deny preflight.
+if ($ENV{'REQUEST_METHOD'} ne "OPTIONS") {
+ print "Access-Control-Allow-Credentials: true\n";
+ print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n";
+}
+
+print "\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-post-fail-non-simple.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,11 @@
+#!/usr/bin/perl -wT
+use strict;
+
+my $request;
+
+if ($ENV{'REQUEST_METHOD'} eq "POST") {
+ print "Content-Type: text/plain\n";
+ print "Access-Control-Allow-Credentials: true\n";
+ print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+ print "FAIL: Cross-domain access allowed.\n";
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache-invalidation.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,73 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
+
+function fail()
+{
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
+ exit();
+}
+
+function setState($newState, $file)
+{
+ file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+ if (!file_exists($file)) {
+ return "Uninitialized";
+ }
+ return file_get_contents($file);
+}
+
+$state = getState($tmpFile);
+
+if ($state == "Uninitialized") {
+ if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Max-Age: 10"); // 10 seconds
+ setState("OptionsSent", $tmpFile);
+ } else {
+ fail();
+ }
+} else if ($state == "OptionsSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "PASS: First PUT request.";
+ setState("FirstPUTSent", $tmpFile);
+ } else {
+ fail();
+ }
+} else if ($state == "FirstPUTSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT, XMETHOD");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ setState("SecondOPTIONSSent", $tmpFile);
+ } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "FAIL: Second PUT request sent without preflight";
+ }
+} else if ($state == "SecondOPTIONSSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "PUT" || $_SERVER['REQUEST_METHOD'] == "XMETHOD") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "PASS: Second OPTIONS request was sent.";
+ } else {
+ fail();
+ }
+} else {
+ fail();
+}
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache-timeout.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,74 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
+
+function fail()
+{
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
+ exit();
+}
+
+function setState($newState, $file)
+{
+ file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+ if (!file_exists($file)) {
+ return "Uninitialized";
+ }
+ return file_get_contents($file);
+}
+
+$state = getState($tmpFile);
+
+if ($state == "Uninitialized") {
+ if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ header("Access-Control-Max-Age: 1"); // 1 second
+ setState("OptionsSent", $tmpFile);
+ } else {
+ fail();
+ }
+} else if ($state == "OptionsSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "PASS: First PUT request.";
+ setState("FirstPUTSent", $tmpFile);
+ } else {
+ fail();
+ }
+} else if ($state == "FirstPUTSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ setState("SecondOPTIONSSent", $tmpFile);
+ } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "FAIL: Second PUT request sent without preflight";
+ }
+} else if ($state == "SecondOPTIONSSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "PASS: Second OPTIONS request was sent.";
+ } else {
+ fail();
+ }
+} else {
+ fail();
+}
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,74 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
+
+function fail()
+{
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
+ exit();
+}
+
+function setState($newState, $file)
+{
+ file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+ if (!file_exists($file)) {
+ return "Uninitialized";
+ }
+ return file_get_contents($file);
+}
+
+$state = getState($tmpFile);
+
+if ($state == "Uninitialized") {
+ if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ header("Access-Control-Max-Age: 10"); // 10 seconds
+ setState("OptionsSent", $tmpFile);
+ } else {
+ fail();
+ }
+} else if ($state == "OptionsSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "PASS: First PUT request.";
+ setState("FirstPUTSent", $tmpFile);
+ } else {
+ fail();
+ }
+} else if ($state == "FirstPUTSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "PASS: Second PUT request. Preflight worked";
+ } else if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: PUT");
+ header("Access-Control-Allow-Headers: x-webkit-test");
+ setState("FAILSecondOPTIONSSent", $tmpFile);
+ }
+} else if ($state == "FAILSecondOPTIONSSent") {
+ if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ echo "FAIL: Second OPTIONS request was sent. Preflight failed";
+ } else {
+ fail();
+ }
+} else {
+ fail();
+}
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-whitelist-request-headers.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Cache-Control: no-store\n";
+
+# This should be a simple request, deny preflight.
+if ($ENV{'REQUEST_METHOD'} eq "POST") {
+ print "Access-Control-Allow-Credentials: true\n";
+ print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+ print "Accept: $ENV{'HTTP_ACCEPT'}\n";
+ print "Accept-Language: $ENV{'HTTP_ACCEPT_LANGUAGE'}\n";
+ print "Content-Language: $ENV{'HTTP_CONTENT_LANGUAGE'}\n";
+ print "Content-Type: $ENV{'CONTENT_TYPE'}\n";
+} else {
+ print "\n";
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-whitelist-response-headers.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+#!/usr/bin/perl -wT
+use strict;
+
+# in whitelist
+print "content-type: text/plain\n";
+print "cache-control: no cache\n";
+print "content-language: en\n";
+print "expires: Fri, 30 Oct 1998 14:19:41 GMT\n";
+print "last-modified: Tue, 15 Nov 1994 12:45:26 GMT\n";
+print "pragma: no-cache\n";
+
+# not in whitelist
+print "x-webkit: foobar\n";
+
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-preflight-denied-xsrf.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,67 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/xsrf.txt";
+
+function fail($state)
+{
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Allow-Credentials: true");
+ header("Access-Control-Allow-Methods: GET");
+ header("Access-Control-Max-Age: 1");
+ echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n";
+ exit();
+}
+
+function setState($newState, $file)
+{
+ file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+ $state = NULL;
+ if (file_exists($file))
+ $state = file_get_contents($file);
+ return $state ? $state : "Uninitialized";
+}
+
+$state = getState($tmpFile);
+
+if ($_SERVER['REQUEST_METHOD'] == "GET"
+ && $_GET['state'] == "reset") {
+ if (file_exists($tmpFile)) unlink($tmpFile);
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Max-Age: 1");
+ echo "Server state reset.\n";
+} else if ($state == "Uninitialized") {
+ if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+ if ($_GET['state'] == "method" || $_GET['state'] == "header") {
+ header("Access-Control-Allow-Methods: GET");
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Max-Age: 1");
+ }
+ echo("FAIL: This request should not be displayed.\n");
+ setState("Denied", $tmpFile);
+ } else {
+ fail($state);
+ }
+} else if ($state == "Denied") {
+ if ($_SERVER['REQUEST_METHOD'] == "GET"
+ && $_GET['state'] == "complete") {
+ unlink($tmpFile);
+ header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+ header("Access-Control-Max-Age: 1");
+ echo "PASS: Request successfully blocked.\n";
+ } else {
+ setState("Deny Ignored", $tmpFile);
+ fail($state);
+ }
+} else if ($state == "Deny Ignored") {
+ unlink($tmpFile);
+ fail($state);
+} else {
+ if (file_exists($tmpFile)) unlink($tmpFile);
+ fail("Unknown");
+}
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-allow-iframe.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,25 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+
+document.getElementById('console').innerHTML = (function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi", false);
+ } catch(e) {
+ return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'send'. [" + e.message + "].";
+ }
+
+ return xhr.responseText;
+})();
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-allow.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,8 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Credentials: true\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Sandboxed iframe XHR access allowed.\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-iframe.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,27 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+
+document.getElementById('console').innerHTML = (function() {
+ var xhr = new XMLHttpRequest;
+
+
+ try {
+ xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi", false);
+ } catch(e) {
+ return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "].";
+ }
+
+ return xhr.responseText;
+})();
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,26 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+
+document.getElementById('console').innerHTML = (function() {
+ var xhr = new XMLHttpRequest;
+
+ try {
+ xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi", false);
+ } catch(e) {
+ return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
+ }
+
+ try {
+ xhr.send();
+ } catch(e) {
+ return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "].";
+ }
+
+ return xhr.responseText;
+})();
+
+</script>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,8 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Credentials: true\n";
+print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied.cgi Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,6 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n\n";
+
+print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/all-wcprops Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+K 25
+svn:wc:ra_dav:version-url
+V 98
+/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
+END
+access-control-auth-basic.php
+K 25
+svn:wc:ra_dav:version-url
+V 128
+/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php
+END
+basic-auth.php
+K 25
+svn:wc:ra_dav:version-url
+V 113
+/repository/webkit/!svn/ver/24227/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/basic-auth.php
+END
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/entries Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,96 @@
+10
+
+dir
+102004
+http://svn.webkit.org/repository/webkit/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
+http://svn.webkit.org/repository/webkit
+
+
+
+2010-04-28T16:29:22.915186Z
+58409
+jchaffraix@webkit.org
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+268f45cc-cd09-0410-ab3c-d52691b4dbfc
+�
+access-control-auth-basic.php
+file
+
+
+
+
+2011-11-14T21:09:08.417946Z
+1342b2f90905a7f1b2fa19ac807a00af
+2010-04-28T16:29:22.915186Z
+58409
+jchaffraix@webkit.org
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+630
+�
+basic-auth.php
+file
+
+
+
+
+2011-11-14T21:09:08.417946Z
+a82ea42c784b9b663e54196755ab7112
+2007-07-12T04:17:17.612601Z
+24227
+ap
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+377
+�
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/text-base/access-control-auth-basic.php.svn-base Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+<?php
+
+header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
+header("Access-Control-Allow-Credentials: true");
+header("Access-Control-Allow-Methods: PUT");
+
+if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
+ if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Authentication canceled';
+ exit;
+ } else {
+ echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+ }
+}
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/text-base/basic-auth.php.svn-base Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,10 @@
+<?php
+ if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Authentication canceled';
+ exit;
+ } else {
+ echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+ }
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/access-control-auth-basic.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+<?php
+
+header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
+header("Access-Control-Allow-Credentials: true");
+header("Access-Control-Allow-Methods: PUT");
+
+if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
+ if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Authentication canceled';
+ exit;
+ } else {
+ echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+ }
+}
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/basic-auth.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,10 @@
+<?php
+ if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Authentication canceled';
+ exit;
+ } else {
+ echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+ }
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/no-custom-header.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,34 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$stateFile = sys_get_temp_dir() . "/access-control-preflight-headers-status";
+
+function setState($newState, $file)
+{
+ file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+ if (!file_exists($file)) {
+ return "";
+ }
+ return file_get_contents($file);
+}
+
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Headers: X-Custom-Header");
+header("Access-Control-Max-Age: 0");
+
+if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
+ if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
+ setState("FAIL", $stateFile);
+ else
+ setState("PASS", $stateFile);
+} else {
+ if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
+ echo getState($stateFile);
+ else
+ echo "FAIL - no header in actual request";
+}
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/redirect.php Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,4 @@
+<?php
+ $url = $_GET['url'];
+ header("Location: $url");
+?>