CORS, Opera: Lots of small changes
authorOdin Hørthe Omdal <odinho@opera.com>
Sun, 04 Nov 2012 17:35:08 +0100
changeset 80 f80641f4740c
parent 79 66dd77e95c2f
child 81 accf695c1223
CORS, Opera: Lots of small changes
tests/cors/submitted/opera/js/MANIFEST
tests/cors/submitted/opera/js/credentials-flag.htm
tests/cors/submitted/opera/js/errors-sync.htm
tests/cors/submitted/opera/js/https.htm
tests/cors/submitted/opera/js/preflight-cache.htm
tests/cors/submitted/opera/js/redirect.htm
tests/cors/submitted/opera/js/request.htm
tests/cors/submitted/opera/js/resources/.hgignore
tests/cors/submitted/opera/js/resources/checkandremovefromlog.php
tests/cors/submitted/opera/js/resources/cors-headers.php
tests/cors/submitted/opera/js/resources/log.php
tests/cors/submitted/opera/js/resources/preflight.php
tests/cors/submitted/opera/js/response.htm
tests/cors/submitted/opera/js/simple-requests.htm
tests/cors/submitted/opera/staging/MANIFEST
tests/cors/submitted/opera/staging/basic.htm
tests/cors/submitted/opera/staging/credentials-flag.htm
tests/cors/submitted/opera/staging/origin.htm
tests/cors/submitted/opera/staging/preflight-cache.htm
tests/cors/submitted/opera/staging/redirect-preflight.htm
tests/cors/submitted/opera/staging/request-headers.htm
tests/cors/submitted/opera/staging/resources/.hgignore
tests/cors/submitted/opera/staging/resources/checkandremovefromlog.php
tests/cors/submitted/opera/staging/resources/cors-cookie.php
tests/cors/submitted/opera/staging/resources/cors-headers.php
tests/cors/submitted/opera/staging/resources/log.php
tests/cors/submitted/opera/staging/resources/preflight.php
tests/cors/submitted/opera/staging/response-headers.htm
tests/cors/submitted/opera/staging/simple-requests.htm
tests/cors/submitted/opera/staging/status-async.htm
tests/cors/submitted/opera/staging/status-preflight.htm
tests/cors/submitted/opera/staging/status.htm
tests/cors/submitted/opera/staging/support.js
tests/cors/submitted/opera/staging/testrunner.html
--- a/tests/cors/submitted/opera/js/MANIFEST	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/js/MANIFEST	Sun Nov 04 17:35:08 2012 +0100
@@ -1,16 +1,6 @@
-basic.htm
 credentials-flag.htm
-errors-async.htm
 errors-sync.htm
 https.htm
-origin.htm
-preflight-cache.htm
 redirect.htm
-redirect-preflight.htm
 request.htm
 response.htm
-simple-requests.htm
-status.htm
-status-async.htm
-status-errors.htm
-status-preflight.htm
--- a/tests/cors/submitted/opera/js/credentials-flag.htm	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,115 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - withCredentials</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    var url = CROSSDOMAIN + 'resources/cors-cookie.php?ident='
-
-
-    /*
-     * widthCredentials
-     */
-// XXX Do some https tests here as well
-    test(function () {
-        var id = new Date().getTime(),
-            client = new XMLHttpRequest()
-        client.open("GET", url + id, false)
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE");
-
-        client.open("GET", url + id, false)
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE")
-    }, 'Don\'t send cookie by default');
-
-    test(function () {
-        var id = new Date().getTime(),
-            client = new XMLHttpRequest()
-
-        client.open("GET", url + id, false)
-        client.withCredentials = true
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE");
-
-        /* We have cookie, but the browser shouldn't send */
-        client.open("GET", url + id, false)
-        client.withCredentials = false
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE")
-
-        /* Reads and deletes the cookie */
-        client.open("GET", url + id, false)
-        client.withCredentials = true
-        client.send(null)
-        assert_equals(client.response, "COOKIE")
-    }, 'Don\'t send cookie part 2');
-
-    test(function () {
-        var id = new Date().getTime(),
-            client = new XMLHttpRequest()
-
-        /* Shouldn't set the response cookie */
-        client.open("GET", url + id, false)
-        client.withCredentials = false
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE");
-
-        /* Sets the cookie */
-        client.open("GET", url + id, false)
-        client.withCredentials = true
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE")
-
-        /* Reads and deletes the cookie */
-        client.open("GET", url + id, false)
-        client.withCredentials = true
-        client.send(null)
-        assert_equals(client.response, "COOKIE")
-    }, 'Don\'t obey Set-Cookie when withCredentials=false');
-
-    function test_response_header(allow) {
-        test(function () {
-            var client = new XMLHttpRequest()
-            client.open('GET',
-                CROSSDOMAIN + 'resources/cors-makeheader.php?credentials=' + allow,
-                false)
-            client.withCredentials = true;
-            assert_throws(null, function() { client.send() }, 'send')
-        }, 'Access-Control-Allow-Credentials: ' + allow + ' => should throw NETWORK_ERR (sync)')
-
-        var resp_test = async_test('Access-Control-Allow-Credentials: ' + allow + ' => should trigger onerror (async)')
-        resp_test.step(function() {
-            var client = new XMLHttpRequest()
-            client.open('GET',
-                CROSSDOMAIN + 'resources/cors-makeheader.php?credentials=' + allow,
-                true)
-            client.withCredentials = true;
-            client.onload = resp_test.step_func(function() {
-                assert_unreached("onload")
-            })
-            client.onerror = resp_test.step_func(function () {
-                assert_equals(client.readyState, client.DONE, 'readyState')
-                resp_test.done()
-            })
-            client.send()
-        })
-    }
-
-    test_response_header('TRUE')
-    test_response_header('True')
-    test_response_header('"true"')
-    test_response_header('false')
-    test_response_header('1')
-    test_response_header('0')
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/errors-sync.htm	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - errors (sync)</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    /*
-     * Error checking
-     */
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?origin=none', false)
-        assert_throws(null, function() { client.send() }, 'send');
-        assert_equals(client.status, 0, "status")
-        assert_equals(client.readyState, client.DONE, "readyState")
-    }, 'Failed sync cross origin request')
-
-    var t = async_test('Failed sync cross origin request: onreadystatechange')
-    t.step(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?origin=none', false)
-        client.onreadystatechange = t.step_func(function() {
-            assert_equals(client.status, 0, "status")
-            if (client.readyState == client.DONE)
-                t.done()
-        })
-        assert_throws(null, function() { client.send() }, 'send');
-    });
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/https.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/js/https.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -1,93 +1,90 @@
 <!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - https</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    var crossdomain = SUBDOMAIN + "." + location.hostname
-    var url = "https://" + crossdomain + dirname(location.pathname)
-
-    /*
-     * HTTPS
-     */
-    function testit(url, desc) {
-        console.log("opnar " + url, desc)
-        test(function() {
-            var client = new XMLHttpRequest()
-            client.open('GET', url, false)
-            client.send(null)
-
-            assert_equals(client.response, 'TEST', 'response')
-        }, desc + " (sync)")
+<meta charset=utf-8>
+<title>CORS - https</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
 
-        var async = async_test(desc + " (async)")
-        async.step(function () {
-            var client = new XMLHttpRequest()
-            client.open('GET', url, true)
-            client.onload = async.step_func(function() {
-                assert_equals(client.response, 'TEST', 'response')
-                async.done()
-            })
-            client.onerror = async.step_func(function() {
-                assert_unreached('Got onerror')
-                async.done()
-            })
-            client.send(null)
-        })
-
-    }
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
 
-    testit('http://' + location.host + dirname(location.pathname) + 'resources/cors-headers.php',
-        'http same domain basic usage')
-    testit('https://' + location.host + dirname(location.pathname) + 'resources/cors-headers.php',
-        'https same domain basic usage')
-
-    testit(url + 'resources/cors-headers.php',
-        'https crossdomain basic usage')
+<h1>CORS over HTTPS</h1>
+<div id=log></div>
+<script>
 
-    testit('http://' + location.hostname + ":" + PORT + dirname(location.pathname) + 'resources/cors-headers.php',
-        'http same domain different port')
-    testit('https://' + location.hostname + ":" + PORTS + dirname(location.pathname) + 'resources/cors-headers.php',
-        'https same domain different port')
+var crossdomain = SUBDOMAIN + "." + location.hostname
+var url = "https://" + crossdomain + dirname(location.pathname)
 
-    testit('http://' + crossdomain + ":" + PORT + dirname(location.pathname) + 'resources/cors-headers.php',
-        'http crossdomain different port')
-    testit('https://' + crossdomain + ":" + PORTS + dirname(location.pathname) + 'resources/cors-headers.php',
-        'https crossdomain different port')
+/*
+ * HTTPS
+ */
+function testit(url, desc) {
+    console.log("opnar " + url, desc)
+    test(function() {
+        var client = new XMLHttpRequest()
+        client.open('GET', url, false)
+        client.send(null)
+
+        assert_equals(client.response, 'TEST', 'response')
+    }, desc + " (sync)")
+
+    var async = async_test(desc + " (async)")
+    async.step(function () {
+        var client = new XMLHttpRequest()
+        client.open('GET', url, true)
+        client.onload = async.step_func(function() {
+            assert_equals(client.response, 'TEST', 'response')
+            async.done()
+        })
+        client.onerror = async.step_func(function() {
+            assert_unreached('Got onerror')
+            async.done()
+        })
+        client.send(null)
+    })
+
+}
+
+testit('http://' + location.host + dirname(location.pathname) + 'resources/cors-headers.php',
+    'http same domain basic usage')
+testit('https://' + location.host + dirname(location.pathname) + 'resources/cors-headers.php',
+    'https same domain basic usage')
+
+testit(url + 'resources/cors-headers.php',
+    'https crossdomain basic usage')
+
+testit('http://' + location.hostname + ":" + PORT + dirname(location.pathname) + 'resources/cors-headers.php',
+    'http same domain different port')
+testit('https://' + location.hostname + ":" + PORTS + dirname(location.pathname) + 'resources/cors-headers.php',
+    'https same domain different port')
+
+testit('http://' + crossdomain + ":" + PORT + dirname(location.pathname) + 'resources/cors-headers.php',
+    'http crossdomain different port')
+testit('https://' + crossdomain + ":" + PORTS + dirname(location.pathname) + 'resources/cors-headers.php',
+    'https crossdomain different port')
 
 
-    test(function () {
-        var client = new XMLHttpRequest()
-        client.open("GET", url + '/resources/cors-cookie.php', false)
-        client.withCredentials = true
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE");
-
-        client.open("GET", url + '/resources/cors-cookie.php', false)
-        client.withCredentials = true
-        client.send(null)
-        assert_equals(client.response, "COOKIE");
-    }, 'https cross-origin cookie');
+test(function () {
+    var client = new XMLHttpRequest()
+    client.open("GET", url + '/resources/cors-cookie.php', false)
+    client.withCredentials = true
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE");
 
-    test(function () {
-        var client = new XMLHttpRequest()
-        client.open("GET", url + '/resources/cors-cookie.php', false)
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE");
+    client.open("GET", url + '/resources/cors-cookie.php', false)
+    client.withCredentials = true
+    client.send(null)
+    assert_equals(client.response, "COOKIE");
+}, 'https cross-origin cookie');
 
-        client.open("GET", url + '/resources/cors-cookie.php', false)
-        client.send(null)
-        assert_equals(client.response, "NO_COOKIE")
-    }, 'https don\'t send cookie by default');
+test(function () {
+    var client = new XMLHttpRequest()
+    client.open("GET", url + '/resources/cors-cookie.php', false)
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE");
 
+    client.open("GET", url + '/resources/cors-cookie.php', false)
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE")
+}, "https don't send cookie by default");
 
-    </script>
- </body>
-</html>
+</script>
--- a/tests/cors/submitted/opera/js/preflight-cache.htm	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,144 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - preflight cache</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    /*
-     * Cache
-     */
-
-    function did_preflight(expect, client, ident, settings) {
-        if(!settings)
-            settings = {}
-
-        set = {
-            method: 'method' in settings ? settings.method : 'GET',
-            extra: 'extra' in settings ? '&' + settings.extra : ''
-        }
-
-        client.open(set.method,
-                CROSSDOMAIN + 'resources/preflight.php?ident=' + ident + set.extra,
-                false)
-        client.setRequestHeader('x-print', ident)
-        client.send()
-
-        client.open('GET', 'resources/checkandremovefromlog.php?ident=' + ident, false)
-        client.send()
-        assert_equals(client.response, expect === true ? '1' : '0', "did preflight")
-    }
-
-    /*
-     * Should run preflight
-     */
-    var test_c = 0;
-
-    test(function() {
-        test_c++;
-        var time = new Date().getTime()
-        var client = new XMLHttpRequest()
-        did_preflight(true, client, test_c + '_' + time)
-    },
-    'Test preflight')
-
-    test(function() {
-        test_c++;
-        var time = new Date().getTime()
-        var client = new XMLHttpRequest()
-
-        did_preflight(true,  client, test_c + '_' + time)
-        did_preflight(false, client, test_c + '_' + time)
-    },
-    'preflight for x-print should be cached')
-
-    test(function() {
-        test_c++;
-        var time = new Date().getTime()
-        var client = new XMLHttpRequest()
-
-        did_preflight(true, client, test_c + '_' + time, {extra:'max_age=0'})
-        did_preflight(true, client, test_c + '_' + time, {extra:'max_age=0'})
-    },
-    'age = 0, should not be cached')
-
-    test(function() {
-        test_c++;
-        var time = new Date().getTime()
-        var client = new XMLHttpRequest()
-
-        did_preflight(true, client, test_c + '_' + time, {extra:'max_age=-1'})
-        did_preflight(true, client, test_c + '_' + time, {extra:'max_age=-1'})
-    },
-    'age = -1, should not be cached')
-
-    ;(function() {
-        test_c++;
-        var test = async_test("preflight first request, second from cache, wait, third should preflight again", { timeout: 6000 }),
-            time = new Date().getTime(),
-            dothing = function (url, msg, set_request, func) {
-                client = new XMLHttpRequest(),
-                client.open('GET', url + test_c + "_" + time, true)
-                if (set_request)
-                    client.setRequestHeader('x-print', msg)
-                client.onreadystatechange = test.step_func(function() {
-                    if(client.readyState >= 4) {
-                        assert_equals(client.response, msg, "response")
-                        if (func)
-                            test.step(func)
-                    }
-                })
-                client.onerror = test.step_func(function(e) {
-                    assert_unreached("Got unexpected error event on the XHR object")
-                })
-                client.send()
-            }
-
-        test.step(function() {
-            /* First cycle, gets x-print into the cache, with timeout 1 */
-            dothing(CROSSDOMAIN + 'resources/preflight.php?max_age=1&ident=',
-            'first', true, function(){
-                test = test;
-
-                /* Check if we did a preflight like we expected */
-                dothing('resources/checkandremovefromlog.php?1&ident=',
-                '1', false, function(){
-                    test = test;
-                    dothing(CROSSDOMAIN + 'resources/preflight.php?max_age=1&ident=',
-                    'second', true, function() {
-                        test = test;
-
-                        /* Check that we didn't do a preflight (hasn't gone 1 second yet) */
-                        dothing('resources/checkandremovefromlog.php?2&ident=',
-                        '0', false, function(){
-                            test = test;
-
-                            /* Wait until the preflight cache age is old (and thus cleared) */
-                            setTimeout(test.step_func(function(){
-                                dothing(CROSSDOMAIN + 'resources/preflight.php?max_age=1&ident=',
-                                'third', true, function(){
-                                    test = test;
-
-                                    /* Expect that we did indeed do a preflight */
-                                    dothing('resources/checkandremovefromlog.php?3&ident=',
-                                    '1', false, function(){
-                                        test.done()
-                                    })
-                                })
-                            }), 1500)
-                        })
-                    })
-                })
-            })
-        })
-    })();
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/redirect.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/js/redirect.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -1,45 +1,42 @@
 <!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - redirect</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer
-
-    /*
-     * Redirection
-     */
+<title>XMLHttpRequest: CORS - redirect</title>
 
-    function redir(code) {
-        test(function() {
-            var client = new XMLHttpRequest(),
-                redir3 = CROSSDOMAIN + 'resources/cors-makeheader.php?get_value=last&' + req_c++,
-                redir2 = CROSSDOMAIN + 'resources/cors-makeheader.php?code=' + code
-                         + '&location=' + encodeURIComponent(redir3) + '&' + req_c++
-
-            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?location='
-                               + encodeURIComponent(redir2) + '&' + req_c++,
-                        false)
-            client.send(null)
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
 
-            r = JSON.parse(client.response)
-            assert_equals(r['origin'], 'null', 'Origin Header')
-            assert_equals(r['get_value'], 'last', 'get_value')
-        },
-        'Redirect ' + code)
-    }
+<div id=log></div>
+<script>
+// XXX Badly needs review XXX
 
-    redir(301);
-    redir(302);
-    redir(303);
-    redir(307);
-    </script>
- </body>
-</html>
+
+var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer
+
+/*
+ * Redirection
+ */
+
+function redir(code) {
+    test(function() {
+        var client = new XMLHttpRequest(),
+            redir3 = CROSSDOMAIN + 'resources/cors-makeheader.php?origin=*&get_value=last&' + req_c++,
+            redir2 = CROSSDOMAIN + 'resources/cors-makeheader.php?origin=*&code=' + code
+                     + '&location=' + encodeURIComponent(redir3) + '&' + req_c++
+
+        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?origin=*&location='
+                           + encodeURIComponent(redir2) + '&' + req_c++,
+                    false)
+        client.send(null)
+
+        r = JSON.parse(client.response)
+        assert_equals(r['origin'], 'null', 'Origin Header')
+        assert_equals(r['get_value'], 'last', 'get_value')
+    },
+    'Redirect ' + code)
+}
+
+redir(301);
+redir(302);
+redir(303);
+redir(307);
+</script>
--- a/tests/cors/submitted/opera/js/request.htm	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,82 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - request</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    /*
-     * Request Headers
-     */
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-print', false)
-        client.setRequestHeader('x-print', 'unicorn')
-        client.send(null)
-
-        res = JSON.parse(client.response)
-        assert_equals(res['x-print'], 'unicorn')
-    }, 'basic request header')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-print,', false)
-        client.setRequestHeader('x-print', 'unicorn')
-        client.setRequestHeader('content-type', 'text/plain')
-        client.setRequestHeader('accept', 'test')
-        client.setRequestHeader('accept-language', 'nn')
-        client.setRequestHeader('content-language', 'nn')
-        client.send(null)
-
-        res = JSON.parse(client.response)
-        assert_equals(res['x-print'], 'unicorn')
-        assert_equals(res['content-type'], 'text/plain')
-        assert_equals(res['accept'], 'test')
-        assert_equals(res['accept-language'], 'nn')
-        assert_equals(res['content-language'], 'nn')
-    }, 'simple request headers need not be in allow-headers')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-print', false)
-        client.setRequestHeader('x-print', 'unicorn')
-        client.setRequestHeader('y-print', 'unicorn')
-        assert_throws(null, function() { client.send(null) })
-    }, 'NETWORK_ERR on disallowed request header')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
-        client.setRequestHeader('x-print', 'unicorn')
-        client.setRequestHeader('y-print', 'narwhal')
-        client.send(null)
-
-        res = JSON.parse(client.response)
-        assert_equals(res['x-print'], 'unicorn')
-        assert_equals(res['y-print'], 'narwhal')
-    }, 'Strange allowheaders')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
-    },
-    'INVALID_STATE_ERR on setRequestHeader before open()')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
-        client.send()
-        assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
-    },
-    'INVALID_STATE_ERR on setRequestHeader after send()')
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/resources/.hgignore	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-logs.txt
--- a/tests/cors/submitted/opera/js/resources/checkandremovefromlog.php	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<?php
-  $file_name = 'logs.txt';
-  $ident = isset($_GET['ident']) ? $_GET['ident'] : NULL;
-  $buffer = '';
-  $obj;
-
-  $file = fopen($file_name,'r+');
-
-  if (filesize($file_name))
-  {
-    $buffer = fread($file, filesize($file_name));
-
-    if ($buffer)
-      $obj = json_decode($buffer);
-  }
-
-  if (isset($ident))
-    if ($obj->$ident)
-    {
-      print "1";
-
-      unset($obj->$ident);
-
-      $buffer = json_encode($obj);
-
-      rewind($file);
-      ftruncate($file, 0);
-      fwrite($file, $buffer);
-    }
-    else
-      print "0";
-
-  fclose($file);
-?>
--- a/tests/cors/submitted/opera/js/resources/cors-headers.php	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-<?php
- header("Access-Control-Allow-Origin: *");
- header("Access-Control-Expose-Headers: X-Custom-Header, X-Custom-Header-Empty, X-Custom-Header-Comma, X-Custom-Header-Bytes");
- header("Access-Control-Expose-Headers: X-Second-Expose", false);
- header("Access-Control-Expose-Headers: Date", false);
-
- header("Content-Type: text/plain");
-
- header("X-Custom-Header: test");
- header("X-Custom-Header: test");
- header("Set-Cookie: test1=t1;max-age=2");
- header("Set-Cookie2: test2=t2;Max-Age=2");
- header("X-Custom-Header-Empty:");
- header("X-Custom-Header-Comma: 1");
- header("X-Custom-Header-Comma: 2", false);
- header("X-Custom-Header-Bytes: …");
- header("X-Nonexposed: unicorn");
- header("X-Second-Expose: flyingpig");
-
- /* Simple response headers */
- header("Cache-Control: no-cache");
- header("Content-Language: nn");
- header("Expires: Thu, 01 Dec 1994 16:00:00 GMT");
- header("Last-Modified: Thu, 01 Dec 1994 10:00:00 GMT");
- header("Pragma: no-cache");
-
- echo "TEST";
-?>
--- a/tests/cors/submitted/opera/js/resources/log.php	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-<?php
-  $file_name = 'logs.txt';
-  $ident = isset($_GET['ident']) ? $_GET['ident'] : NULL;
-  $buffer = '';
-  $obj;
-
-  $file = fopen($file_name, 'c+');
-
-  if (filesize($file_name))
-  {
-    $buffer = fread($file, filesize($file_name));
-
-    if ($buffer)
-      $obj = json_decode($buffer);
-  }
-
-  if (isset($ident))
-    if (!$obj->$ident)
-      $obj->$ident = true;
-
-  $buffer = json_encode($obj);
-
-  rewind($file);
-  ftruncate($file, 0);
-  fwrite($file, $buffer);
-  fclose($file);
-?>
--- a/tests/cors/submitted/opera/js/resources/preflight.php	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-<?php
-header("Content-Type: text/plain");
-
-if($_SERVER['REQUEST_METHOD'] == 'OPTIONS')
-{
-    if(!isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
-	die("ERROR: No access-control-request-method in preflight!");
-
-    header("Access-Control-Allow-Headers: x-print, " .
-            "{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
-
-    if (isset($_GET['max_age']))
-        header("Access-Control-Max-Age: {$_GET['max_age']}");
-
-    include("log.php");
-}
-header("Access-Control-Allow-Origin: *");
-
-$p = isset($_SERVER['HTTP_X_PRINT']) ? $_SERVER['HTTP_X_PRINT'] : "NO";
-echo $p;
--- a/tests/cors/submitted/opera/js/response.htm	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,111 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - Response headers</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    /*
-     * Response Headers
-     */
-
-    function check_response_header(head, value, desc) {
-        test(function() {
-            var client = new XMLHttpRequest()
-            client.open('GET', CROSSDOMAIN + 'resources/cors-headers.php', false)
-            client.send(null)
-
-            if (typeof value === 'function')
-                value(client, head)
-            else
-                assert_equals(client.getResponseHeader(head), value, head)
-        },
-        desc)
-    }
-    check_response_header('X-Custom-Header-Comma', '1, 2', 'getResponseHeader: Expose Access-Control-Expose-Headers (x-custom-header-comma)')
-    check_response_header('X-Second-Expose', 'flyingpig', 'getResponseHeader: Expose second Access-Control-Expose-Headers (x-second-expose)')
-    check_response_header(' x-custom-header', null, 'getResponseHeader: Don\'t trim whitespace')
-    check_response_header('x-custom-header-bytes', "\xE2\x80\xA6", 'getResponseHeader: x-custom-header bytes')
-    check_response_header('Date',
-        function(client, head) { assert_true(client.getResponseHeader(head).length > 2) },
-        'getResponseHeader: Exposed server field readable (Date)')
-
-    function default_readable(head, value) {
-        check_response_header(head, value, 'getResponseHeader: '+head+': readable by default')
-    }
-    default_readable("Cache-Control", "no-cache");
-    default_readable("Content-Language", "nn");
-    default_readable("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");
-    default_readable("Last-Modified", "Thu, 01 Dec 1994 10:00:00 GMT");
-    default_readable("Pragma", "no-cache");
-
-
-    function default_unreadable(head) {
-        check_response_header(head, null, 'getResponseHeader: '+head+': unreadable by default')
-    }
-    default_unreadable("Server")
-    default_unreadable("X-Powered-By")
-
-
-    ;(function ()
-    { /* Don't pollute with variable "test" */
-        var test = async_test("getResponseHeader: Combined testing of cors response headers")
-        test.step(function()
-        {
-            var client = new XMLHttpRequest();
-            client.open("GET", CROSSDOMAIN + 'resources/cors-headers.php')
-            window.c=client;
-            client.onreadystatechange = function()
-            {
-                test.step(function()
-                {
-                    if(client.readyState == 1)
-                    {
-                        assert_equals(client.getResponseHeader("x-custom-header"), null, 'x-custom-header')
-                    }
-                    if(client.readyState > 1)
-                    {
-                        assert_equals(client.getResponseHeader("x-custom-header"), "test", 'x-custom-header')
-                        assert_equals(client.getResponseHeader("x-custom-header-empty"), "", 'x-custom-header-empty')
-                        assert_equals(client.getResponseHeader("set-cookie"), null)
-                        assert_equals(client.getResponseHeader("set-cookie2"), null)
-                        assert_equals(client.getResponseHeader("x-non-existent-header"), null)
-                        assert_equals(client.getResponseHeader("x-nonexposed"), null)
-                    }
-                    if(client.readyState == 4)
-                    {
-                        test.done()
-                    }
-                })
-            }
-            client.send(null)
-        })
-    })();
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-headers.php', false)
-        client.send(null)
-        assert_equals(client.getResponseHeader("x-custom-header"), "test", 'x-custom-header')
-        assert_equals(client.getResponseHeader("x-nonexposed"), null, 'x-nonexposed')
-    }, 'getResponse: don\'t expose x-nonexposed')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-headers.php', false)
-        client.send(null)
-
-        h = client.getAllResponseHeaders().toLowerCase()
-        assert_true( h.indexOf('x-custom-header') >= 0, 'x-custom-header present')
-        assert_true( h.indexOf('x-nonexposed') === -1, 'x-nonexposed not present')
-    }, 'getAllResponseHeaders: don\'t expose x-nonexposed')
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/simple-requests.htm	Thu Nov 01 18:22:00 2012 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - simple requests</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    /*
-     * Simple requests that shouldn't trigger preflight
-     */
-
-    var test_c = 0;
-
-    function check_simple(method, headers)
-    {
-        test(function() {
-            var time = new Date().getTime(),
-                client = new XMLHttpRequest()
-            test_c++
-            client.open(method, CROSSDOMAIN + 'resources/preflight.php?ident='
-                                + test_c + time, false)
-            for (head in headers)
-                client.setRequestHeader(head, headers[head])
-            client.send("data")
-            assert_equals(client.getResponseHeader('content-type'), "text/plain")
-            if (method == 'HEAD')
-                assert_equals(client.response, '', 'response')
-            else
-                assert_equals(client.response, 'NO', 'response')
-
-            client.open('GET', 'resources/checkandremovefromlog.php?ident='
-                              + test_c + time, false)
-            client.send("data")
-            assert_equals(client.response, "0", "Found preflight log")
-        },
-        'No preflight ' + method + ' and ' + JSON.stringify(headers))
-    }
-
-    function check_simple_headers(headers) {
-        check_simple('GET', headers)
-        check_simple('HEAD', headers)
-        check_simple('POST', headers)
-    }
-
-    check_simple_headers({'Accept': 'test'})
-    check_simple_headers({'accept-language': 'test'})
-    check_simple_headers({'CONTENT-language': 'test'})
-
-    check_simple_headers({'Content-Type': 'application/x-www-form-urlencoded'})
-    check_simple_headers({'content-type': 'multipart/form-data'})
-    check_simple_headers({'content-type': 'text/plain'})
-
-    check_simple_headers({
-                            'accept': 'test',
-                            'accept-language': 'test',
-                            'content-language': 'test',
-                            'content-type': 'text/plain; parameter=whatever'
-                         })
-
-    check_simple('Get', {'content-type': 'text/plain; parameter=extra_bonus'})
-    check_simple('post', {'content-type': 'text/plain'})
-
-
-    /* Extra async test */
-
-    var simple_async = async_test("Check simple headers (async)")
-    simple_async.step(function (){
-        var time = new Date().getTime(),
-            client = new XMLHttpRequest()
-        client.open('POST', CROSSDOMAIN + 'resources/preflight.php?ident='
-                            + time, true)
-
-        client.setRequestHeader('Accept', 'jewelry')
-        client.setRequestHeader('accept-language', 'nn_NO,nn,en')
-        client.setRequestHeader('content-type', 'text/plain; parameter=extra')
-        client.setRequestHeader('content-Language', 'nn_NO')
-
-        client.onload = simple_async.step_func(function() {
-            assert_equals(client.getResponseHeader('content-type'), "text/plain", 'content-type response header')
-            assert_equals(client.response, 'NO', 'response')
-            simple_async.done()
-        })
-        client.onerror = simple_async.step_func(function () { assert_unreached('onerror') })
-        client.send()
-    })
-    </script>
- </body>
-</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/MANIFEST	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,11 @@
+basic.htm
+credentials-flag.htm
+origin.htm
+preflight-cache.htm
+redirect-preflight.htm
+request-headers.htm
+response-headers.htm
+simple-requests.htm
+status-async.htm
+status-preflight.htm
+status.htm
--- a/tests/cors/submitted/opera/staging/basic.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/staging/basic.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -3,6 +3,7 @@
 <title>Basic CORS</title>
 <meta name=help href=http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#simple-cross-origin-request-0>
 <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=support.js></script>
@@ -26,6 +27,7 @@
                 assert_true(client.response.indexOf("hest_er_best") != -1, "Got response");
             else
                 assert_false(!!client.response, "Got CORS-disallowed response");
+            console.log("dis worked");
 
             client.open("GET", url + "resources/cors-makeheader.php?get_value=hest_er_best&" + this.count);
             client.onreadystatechange = this.step_func(function(e) {
@@ -43,12 +45,25 @@
 
 cors("Same domain basic usage", "");
 cors("Cross domain basic usage", CROSSDOMAIN);
-cors("Same domain different port", "http://" + location.hostname + ":" + PORT + dirname(location.pathname));
-cors("Cross domain different port", "http://" + SUBDOMAIN + "." + location.hostname + ":" + PORT + dirname(location.pathname));
+cors("Same domain different port",
+        "http://" + location.hostname + ":" + PORT + dirname(location.pathname));
 
-cors("Same domain different protocol", 'https://' + location.host + dirname(location.pathname));
-cors("Cross domain different protocol", CROSSDOMAIN.replace("http:", "https:"));
-cors("Same domain different protocol different port", "https://" + location.hostname + ":" + PORT_HTTPS + dirname(location.pathname));
-cors("Cross domain different protocol different port", "https://" + SUBDOMAIN + "." + location.hostname + ":" + PORT_HTTPS + dirname(location.pathname));
+cors("Cross domain different port",
+        "http://" + SUBDOMAIN + "." + location.hostname + ":"
+        + PORT + dirname(location.pathname));
+
+/* These require HTTPS setup, so will often fail locally */
+cors("Same domain different protocol",
+        'https://' + location.host + dirname(location.pathname));
+
+cors("Cross domain different protocol",
+        CROSSDOMAIN.replace("http:", "https:"));
+
+cors("Same domain different protocol different port",
+        "https://" + location.hostname + ":" + PORTS + dirname(location.pathname));
+
+cors("Cross domain different protocol different port",
+        "https://" + SUBDOMAIN + "." + location.hostname + ":"
+        + PORTS + dirname(location.pathname));
 
 </script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/credentials-flag.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,112 @@
+<!DOCTYPE html>
+<title>CORS - Access-Control-Allow-Credentials</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
+
+<h1>CORS - Access-Control-Allow-Credentials</h1>
+<div id=log></div>
+<script>
+
+var url = CROSSDOMAIN + 'resources/cors-cookie.php?ident='
+
+
+/*
+ * widthCredentials
+ */
+// XXX Do some https tests here as well
+test(function () {
+    var id = new Date().getTime(),
+        client = new XMLHttpRequest()
+    client.open("GET", url + id, false)
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE");
+
+    client.open("GET", url + id, false)
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE")
+}, "Don't send cookie by default");
+
+test(function () {
+    var id = new Date().getTime(),
+        client = new XMLHttpRequest()
+
+    client.open("GET", url + id, false)
+    client.withCredentials = true
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE");
+
+    /* We have cookie, but the browser shouldn't send */
+    client.open("GET", url + id, false)
+    client.withCredentials = false
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE")
+
+    /* Reads and deletes the cookie */
+    client.open("GET", url + id, false)
+    client.withCredentials = true
+    client.send(null)
+    assert_equals(client.response, "COOKIE")
+}, "Don't send cookie part 2");
+
+test(function () {
+    var id = new Date().getTime(),
+        client = new XMLHttpRequest()
+
+    /* Shouldn't set the response cookie */
+    client.open("GET", url + id, false)
+    client.withCredentials = false
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE");
+
+    /* Sets the cookie */
+    client.open("GET", url + id, false)
+    client.withCredentials = true
+    client.send(null)
+    assert_equals(client.response, "NO_COOKIE")
+
+    /* Reads and deletes the cookie */
+    client.open("GET", url + id, false)
+    client.withCredentials = true
+    client.send(null)
+    assert_equals(client.response, "COOKIE")
+}, "Don't obey Set-Cookie when withCredentials=false");
+
+function test_response_header(allow) {
+    test(function () {
+        var client = new XMLHttpRequest()
+        client.open('GET',
+            CROSSDOMAIN + 'resources/cors-makeheader.php?credentials=' + allow,
+            false)
+        client.withCredentials = true;
+        assert_throws(null, function() { client.send() }, 'send')
+    }, 'Access-Control-Allow-Credentials: ' + allow + ' should be disallowed (sync)')
+
+    var resp_test = async_test('Access-Control-Allow-Credentials: ' + allow + ' should be disallowed (async)')
+    resp_test.step(function() {
+        var client = new XMLHttpRequest()
+        client.open('GET',
+            CROSSDOMAIN + 'resources/cors-makeheader.php?credentials=' + allow,
+            true)
+        client.withCredentials = true;
+        client.onload = resp_test.step_func(function() {
+            assert_unreached("onload")
+        })
+        client.onerror = resp_test.step_func(function () {
+            assert_equals(client.readyState, client.DONE, 'readyState')
+            resp_test.done()
+        })
+        client.send()
+    })
+}
+
+test_response_header('TRUE')
+test_response_header('True')
+test_response_header('"true"')
+test_response_header('false')
+test_response_header('1')
+test_response_header('0')
+
+</script>
--- a/tests/cors/submitted/opera/staging/origin.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/staging/origin.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -3,6 +3,7 @@
 <title>Access-Control-Allow-Origin handling</title>
 <meta name=help href=http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#resource-sharing-check>
 <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=support.js></script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/preflight-cache.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,143 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - preflight cache</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
+
+<h1>Preflight cache</h1>
+
+<div id=log></div>
+<script>
+
+/*
+ * Cache
+ */
+
+function did_preflight(expect, client, ident, settings) {
+    if(!settings)
+        settings = {}
+
+    set = {
+        method: 'method' in settings ? settings.method : 'GET',
+        extra: 'extra' in settings ? '&' + settings.extra : ''
+    }
+
+    client.open(set.method,
+            CROSSDOMAIN + 'resources/preflight.php?ident=' + ident + set.extra,
+            false)
+    client.setRequestHeader('x-print', ident)
+    client.send()
+
+    client.open('GET', 'resources/checkandremovefromlog.php?ident=' + ident, false)
+    client.send()
+    assert_equals(client.response, expect === true ? '1' : '0', "did preflight")
+}
+
+/*
+ * Should run preflight
+ */
+var test_c = 0;
+
+test(function() {
+    test_c++;
+    var time = new Date().getTime()
+    var client = new XMLHttpRequest()
+    did_preflight(true, client, test_c + '_' + time)
+},
+'Test preflight')
+
+test(function() {
+    test_c++;
+    var time = new Date().getTime()
+    var client = new XMLHttpRequest()
+
+    did_preflight(true,  client, test_c + '_' + time)
+    did_preflight(false, client, test_c + '_' + time)
+},
+'preflight for x-print should be cached')
+
+test(function() {
+    test_c++;
+    var time = new Date().getTime()
+    var client = new XMLHttpRequest()
+
+    did_preflight(true, client, test_c + '_' + time, {extra:'max_age=0'})
+    did_preflight(true, client, test_c + '_' + time, {extra:'max_age=0'})
+},
+'age = 0, should not be cached')
+
+test(function() {
+    test_c++;
+    var time = new Date().getTime()
+    var client = new XMLHttpRequest()
+
+    did_preflight(true, client, test_c + '_' + time, {extra:'max_age=-1'})
+    did_preflight(true, client, test_c + '_' + time, {extra:'max_age=-1'})
+},
+'age = -1, should not be cached')
+
+;(function() {
+    test_c++;
+    var test = async_test("preflight first request, second from cache, wait, third should preflight again", { timeout: 6000 }),
+        time = new Date().getTime(),
+        dothing = function (url, msg, set_request, func) {
+            client = new XMLHttpRequest(),
+            client.open('GET', url + test_c + "_" + time, true)
+            if (set_request)
+                client.setRequestHeader('x-print', msg)
+            client.onreadystatechange = test.step_func(function() {
+                if(client.readyState >= 4) {
+                    assert_equals(client.response, msg, "response")
+                    if (func)
+                        test.step(func)
+                }
+            })
+            client.onerror = test.step_func(function(e) {
+                assert_unreached("Got unexpected error event on the XHR object")
+            })
+            client.send()
+        }
+
+    test.step(function() {
+        /* First cycle, gets x-print into the cache, with timeout 1 */
+        dothing(CROSSDOMAIN + 'resources/preflight.php?max_age=1&ident=',
+        'first', true, function(){
+            test = test;
+
+            /* Check if we did a preflight like we expected */
+            dothing('resources/checkandremovefromlog.php?1&ident=',
+            '1', false, function(){
+                test = test;
+                dothing(CROSSDOMAIN + 'resources/preflight.php?max_age=1&ident=',
+                'second', true, function() {
+                    test = test;
+
+                    /* Check that we didn't do a preflight (hasn't gone 1 second yet) */
+                    dothing('resources/checkandremovefromlog.php?2&ident=',
+                    '0', false, function(){
+                        test = test;
+
+                        /* Wait until the preflight cache age is old (and thus cleared) */
+                        setTimeout(test.step_func(function(){
+                            dothing(CROSSDOMAIN + 'resources/preflight.php?max_age=1&ident=',
+                            'third', true, function(){
+                                test = test;
+
+                                /* Expect that we did indeed do a preflight */
+                                dothing('resources/checkandremovefromlog.php?3&ident=',
+                                '1', false, function(){
+                                    test.done()
+                                })
+                            })
+                        }), 1500)
+                    })
+                })
+            })
+        })
+    })
+})();
+
+</script>
--- a/tests/cors/submitted/opera/staging/redirect-preflight.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/staging/redirect-preflight.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -1,64 +1,63 @@
 <!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - redirect with preflight</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer
-
-    /*
-     * Redirection with preflights
-     */
-
-    function redir_preflight(code) {
-        test(function() {
-            var client = new XMLHttpRequest(),
-                redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
-
-            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
-                               + 'headers=x-test&location=' + encodeURIComponent(redirect)
-                               + '&code=' + code + '&preflight=' + code + '&' + req_c++,
-                        false)
-            client.setRequestHeader('x-test', 'test')
-            assert_throws(null, function() { client.send(null) });
+<meta charset=utf-8>
+<title>CORS - redirect with preflight</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
 
-        },
-        'Redirect ' + code + ' on preflight')
-    }
-    redir_preflight(301)
-    redir_preflight(302)
-    redir_preflight(303)
-    redir_preflight(307)
-
-    /* Even thought the preflight was allowed (200), CORS should not follow
-       a subsequent redirect */
-    function redir_after_preflight(code) {
-        test(function() {
-            var client = new XMLHttpRequest(),
-                redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
 
-            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
-                               + 'preflight=200&headers=x-test&location='
-                               + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
-                        false)
-            client.setRequestHeader('x-test', 'test')
-            assert_throws(null, function() { client.send(null) });
+<h1>Redirect with preflight</h1>
 
-        },
-        'Redirect ' + code + ' after succesful (200) preflight')
-    }
-    redir_after_preflight(301)
-    redir_after_preflight(302)
-    redir_after_preflight(303)
-    redir_after_preflight(307)
+<div id=log></div>
+<script>
 
-    </script>
- </body>
-</html>
+var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer
+
+/*
+ * Redirection with preflights
+ */
+
+function redir_preflight(code) {
+    test(function() {
+        var client = new XMLHttpRequest(),
+            redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+
+        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
+                           + 'headers=x-test&location=' + encodeURIComponent(redirect)
+                           + '&code=' + code + '&preflight=' + code + '&' + req_c++,
+                    false)
+        client.setRequestHeader('x-test', 'test')
+        assert_throws(null, function() { client.send(null) });
+
+    },
+    'Redirect ' + code + ' on preflight')
+}
+redir_preflight(301)
+redir_preflight(302)
+redir_preflight(303)
+redir_preflight(307)
+
+/* Even thought the preflight was allowed (200), CORS should not follow
+   a subsequent redirect */
+function redir_after_preflight(code) {
+    test(function() {
+        var client = new XMLHttpRequest(),
+            redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+
+        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
+                           + 'preflight=200&headers=x-test&location='
+                           + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
+                    false)
+        client.setRequestHeader('x-test', 'test')
+        assert_throws(null, function() { client.send(null) });
+
+    },
+    'Disallow redirect ' + code + ' after succesful (200) preflight')
+}
+redir_after_preflight(301)
+redir_after_preflight(302)
+redir_after_preflight(303)
+redir_after_preflight(307)
+
+</script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/request-headers.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,80 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - request headers - Access-Control-Allow-Headers</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
+
+<h1>Request headers</h1>
+<div id=log></div>
+<script>
+
+/*
+ * Request Headers
+ */
+
+test(function() {
+    var client = new XMLHttpRequest()
+    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-print', false)
+    client.setRequestHeader('x-print', 'unicorn')
+    client.send(null)
+
+    res = JSON.parse(client.response)
+    assert_equals(res['x-print'], 'unicorn')
+}, 'basic request header')
+
+test(function() {
+    var client = new XMLHttpRequest()
+    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-print,', false)
+    client.setRequestHeader('x-print', 'unicorn')
+    client.setRequestHeader('content-type', 'text/plain')
+    client.setRequestHeader('accept', 'test')
+    client.setRequestHeader('accept-language', 'nn')
+    client.setRequestHeader('content-language', 'nn')
+    client.send(null)
+
+    res = JSON.parse(client.response)
+    assert_equals(res['x-print'], 'unicorn')
+    assert_equals(res['content-type'], 'text/plain')
+    assert_equals(res['accept'], 'test')
+    assert_equals(res['accept-language'], 'nn')
+    assert_equals(res['content-language'], 'nn')
+}, 'Simple request headers need not be in allow-headers')
+
+test(function() {
+    var client = new XMLHttpRequest()
+    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-print', false)
+    client.setRequestHeader('x-print', 'unicorn')
+    client.setRequestHeader('y-print', 'unicorn')
+    assert_throws(null, function() { client.send(null) })
+}, 'Unspecified request headers are disallowed')
+
+test(function() {
+    var client = new XMLHttpRequest()
+    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
+    client.setRequestHeader('x-print', 'unicorn')
+    client.setRequestHeader('y-print', 'narwhal')
+    client.send(null)
+
+    res = JSON.parse(client.response)
+    assert_equals(res['x-print'], 'unicorn')
+    assert_equals(res['y-print'], 'narwhal')
+}, 'Strange allowheaders (case insensitive)')
+
+test(function() {
+    var client = new XMLHttpRequest()
+    assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
+},
+'INVALID_STATE_ERR on setRequestHeader before open()')
+
+test(function() {
+    var client = new XMLHttpRequest()
+    client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
+    client.send()
+    assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
+},
+'INVALID_STATE_ERR on setRequestHeader after send()')
+
+</script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/resources/.hgignore	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,1 @@
+logs.txt
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/resources/checkandremovefromlog.php	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,34 @@
+<?php
+  $file_name = 'logs.txt';
+  $ident = isset($_GET['ident']) ? $_GET['ident'] : NULL;
+  $buffer = '';
+  $obj;
+
+  $file = fopen($file_name,'r+');
+
+  if (filesize($file_name))
+  {
+    $buffer = fread($file, filesize($file_name));
+
+    if ($buffer)
+      $obj = json_decode($buffer);
+  }
+
+  if (isset($ident))
+    if ($obj->$ident)
+    {
+      print "1";
+
+      unset($obj->$ident);
+
+      $buffer = json_encode($obj);
+
+      rewind($file);
+      ftruncate($file, 0);
+      fwrite($file, $buffer);
+    }
+    else
+      print "0";
+
+  fclose($file);
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/resources/cors-cookie.php	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,21 @@
+<?php
+ $origin = isset($_GET['origin']) ? $_GET['origin'] : $_SERVER['HTTP_ORIGIN'];
+ $credentials = isset($_GET['credentials']) ? $_GET['credentials'] : 'true';
+
+ header("Content-Type: text/plain");
+ if ($origin != 'none')
+   header("Access-Control-Allow-Origin: {$origin}");
+ if ($credentials != 'none')
+   header("Access-Control-Allow-Credentials: {$credentials}");
+
+ $ident = isset($_GET['ident']) ? $_GET['ident'] : 'test';
+
+ if (isset($_COOKIE[$ident])) {
+   /* Delete the cookie */
+   header("Set-Cookie: $ident=COOKIE; expires=Fri, 27 Jul 2001 02:47:11 UTC");
+   echo $_COOKIE[$ident];
+ }
+ else {
+   header("Set-Cookie: $ident=COOKIE");
+   echo 'NO_COOKIE';
+ }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/resources/cors-headers.php	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,28 @@
+<?php
+ header("Access-Control-Allow-Origin: *");
+ header("Access-Control-Expose-Headers: X-Custom-Header, X-Custom-Header-Empty, X-Custom-Header-Comma, X-Custom-Header-Bytes");
+ header("Access-Control-Expose-Headers: X-Second-Expose", false);
+ header("Access-Control-Expose-Headers: Date", false);
+
+ header("Content-Type: text/plain");
+
+ header("X-Custom-Header: test");
+ header("X-Custom-Header: test");
+ header("Set-Cookie: test1=t1;max-age=2");
+ header("Set-Cookie2: test2=t2;Max-Age=2");
+ header("X-Custom-Header-Empty:");
+ header("X-Custom-Header-Comma: 1");
+ header("X-Custom-Header-Comma: 2", false);
+ header("X-Custom-Header-Bytes: …");
+ header("X-Nonexposed: unicorn");
+ header("X-Second-Expose: flyingpig");
+
+ /* Simple response headers */
+ header("Cache-Control: no-cache");
+ header("Content-Language: nn");
+ header("Expires: Thu, 01 Dec 1994 16:00:00 GMT");
+ header("Last-Modified: Thu, 01 Dec 1994 10:00:00 GMT");
+ header("Pragma: no-cache");
+
+ echo "TEST";
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/resources/log.php	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,27 @@
+<?php
+  $file_name = 'logs.txt';
+  $ident = isset($_GET['ident']) ? $_GET['ident'] : NULL;
+  $buffer = '';
+  $obj;
+
+  $file = fopen($file_name, 'c+');
+
+  if (filesize($file_name))
+  {
+    $buffer = fread($file, filesize($file_name));
+
+    if ($buffer)
+      $obj = json_decode($buffer);
+  }
+
+  if (isset($ident))
+    if (!$obj->$ident)
+      $obj->$ident = true;
+
+  $buffer = json_encode($obj);
+
+  rewind($file);
+  ftruncate($file, 0);
+  fwrite($file, $buffer);
+  fclose($file);
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/resources/preflight.php	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,20 @@
+<?php
+header("Content-Type: text/plain");
+
+if($_SERVER['REQUEST_METHOD'] == 'OPTIONS')
+{
+    if(!isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+	die("ERROR: No access-control-request-method in preflight!");
+
+    header("Access-Control-Allow-Headers: x-print, " .
+            "{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+
+    if (isset($_GET['max_age']))
+        header("Access-Control-Max-Age: {$_GET['max_age']}");
+
+    include("log.php");
+}
+header("Access-Control-Allow-Origin: *");
+
+$p = isset($_SERVER['HTTP_X_PRINT']) ? $_SERVER['HTTP_X_PRINT'] : "NO";
+echo $p;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/response-headers.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,103 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - Response headers</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
+
+<h1>Response headers</h1>
+<div id=log></div>
+<script>
+
+/*
+ * Response Headers
+ */
+
+function check_response_header(head, value, desc) {
+    test(function() {
+        var client = new XMLHttpRequest()
+        client.open('GET', CROSSDOMAIN + 'resources/cors-headers.php', false)
+        client.send(null)
+
+        if (typeof value === 'function')
+            value(client, head)
+        else
+            assert_equals(client.getResponseHeader(head), value, head)
+    },
+    desc)
+}
+check_response_header('X-Custom-Header-Comma', '1, 2', 'getResponseHeader: Expose Access-Control-Expose-Headers (x-custom-header-comma)')
+check_response_header('X-Second-Expose', 'flyingpig', 'getResponseHeader: Expose second Access-Control-Expose-Headers (x-second-expose)')
+check_response_header(' x-custom-header', null, 'getResponseHeader: Don\'t trim whitespace')
+check_response_header('x-custom-header-bytes', "\xE2\x80\xA6", 'getResponseHeader: x-custom-header bytes')
+check_response_header('Date',
+    function(client, head) { assert_true(client.getResponseHeader(head).length > 2) },
+    'getResponseHeader: Exposed server field readable (Date)')
+
+function default_readable(head, value) {
+    check_response_header(head, value, 'getResponseHeader: '+head+': readable by default')
+}
+default_readable("Cache-Control", "no-cache");
+default_readable("Content-Language", "nn");
+default_readable("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");
+default_readable("Last-Modified", "Thu, 01 Dec 1994 10:00:00 GMT");
+default_readable("Pragma", "no-cache");
+
+
+function default_unreadable(head) {
+    check_response_header(head, null, 'getResponseHeader: '+head+': unreadable by default')
+}
+default_unreadable("Server")
+default_unreadable("X-Powered-By")
+
+
+async_test("getResponseHeader: Combined testing of cors response headers")
+.step(function()
+{
+    var client = new XMLHttpRequest();
+    client.open("GET", CROSSDOMAIN + 'resources/cors-headers.php')
+    window.c=client;
+    client.onreadystatechange = this.step_func(function()
+    {
+        if (client.readyState == 1)
+        {
+            assert_equals(client.getResponseHeader("x-custom-header"), null, 'x-custom-header')
+        }
+        if (client.readyState > 1)
+        {
+            assert_equals(client.getResponseHeader("x-custom-header"), "test", 'x-custom-header')
+            assert_equals(client.getResponseHeader("x-custom-header-empty"), "", 'x-custom-header-empty')
+            assert_equals(client.getResponseHeader("set-cookie"), null)
+            assert_equals(client.getResponseHeader("set-cookie2"), null)
+            assert_equals(client.getResponseHeader("x-non-existent-header"), null)
+            assert_equals(client.getResponseHeader("x-nonexposed"), null)
+        }
+        if (client.readyState == 4)
+        {
+            this.done()
+        }
+    })
+    client.send()
+})
+
+test(function() {
+    var client = new XMLHttpRequest()
+    client.open('GET', CROSSDOMAIN + 'resources/cors-headers.php', false)
+    client.send(null)
+    assert_equals(client.getResponseHeader("x-custom-header"), "test", 'x-custom-header')
+    assert_equals(client.getResponseHeader("x-nonexposed"), null, 'x-nonexposed')
+}, "getResponse: don't expose x-nonexposed")
+
+test(function() {
+    var client = new XMLHttpRequest()
+    client.open('GET', CROSSDOMAIN + 'resources/cors-headers.php', false)
+    client.send(null)
+
+    h = client.getAllResponseHeaders().toLowerCase()
+    assert_true( h.indexOf('x-custom-header') >= 0, 'x-custom-header present')
+    assert_true( h.indexOf('x-nonexposed') === -1, 'x-nonexposed not present')
+}, "getAllResponseHeaders: don't expose x-nonexposed")
+
+</script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/simple-requests.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,90 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - simple requests</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
+
+<h1>Simple requests</h1>
+<p>Simple requests shouldn't trigger preflight</p>
+
+<div id=log></div>
+<script>
+
+var test_c = 0;
+
+function check_simple(method, headers)
+{
+    test(function() {
+        var time = new Date().getTime(),
+            client = new XMLHttpRequest()
+        test_c++
+        client.open(method, CROSSDOMAIN + 'resources/preflight.php?ident='
+                            + test_c + time, false)
+        for (head in headers)
+            client.setRequestHeader(head, headers[head])
+        client.send("data")
+        assert_equals(client.getResponseHeader('content-type'), "text/plain")
+        if (method == 'HEAD')
+            assert_equals(client.response, '', 'response')
+        else
+            assert_equals(client.response, 'NO', 'response')
+
+        client.open('GET', 'resources/checkandremovefromlog.php?ident='
+                          + test_c + time, false)
+        client.send("data")
+        assert_equals(client.response, "0", "Found preflight log")
+    },
+    'No preflight ' + method + ' and ' + JSON.stringify(headers))
+}
+
+function check_simple_headers(headers) {
+    check_simple('GET', headers)
+    check_simple('HEAD', headers)
+    check_simple('POST', headers)
+}
+
+check_simple_headers({'Accept': 'test'})
+check_simple_headers({'accept-language': 'test'})
+check_simple_headers({'CONTENT-language': 'test'})
+
+check_simple_headers({'Content-Type': 'application/x-www-form-urlencoded'})
+check_simple_headers({'content-type': 'multipart/form-data'})
+check_simple_headers({'content-type': 'text/plain'})
+
+check_simple_headers({
+                        'accept': 'test',
+                        'accept-language': 'test',
+                        'content-language': 'test',
+                        'content-type': 'text/plain; parameter=whatever'
+                     })
+
+check_simple('Get', {'content-type': 'text/plain; parameter=extra_bonus'})
+check_simple('post', {'content-type': 'text/plain'})
+
+
+/* Extra async test */
+
+var simple_async = async_test("Check simple headers (async)")
+simple_async.step(function (){
+    var time = new Date().getTime(),
+        client = new XMLHttpRequest()
+    client.open('POST', CROSSDOMAIN + 'resources/preflight.php?ident='
+                        + time, true)
+
+    client.setRequestHeader('Accept', 'jewelry')
+    client.setRequestHeader('accept-language', 'nn_NO,nn,en')
+    client.setRequestHeader('content-type', 'text/plain; parameter=extra')
+    client.setRequestHeader('content-Language', 'nn_NO')
+
+    client.onload = simple_async.step_func(function() {
+        assert_equals(client.getResponseHeader('content-type'), "text/plain", 'content-type response header')
+        assert_equals(client.response, 'NO', 'response')
+        simple_async.done()
+    })
+    client.onerror = simple_async.step_func(function () { assert_unreached('onerror') })
+    client.send()
+})
+</script>
--- a/tests/cors/submitted/opera/staging/status-async.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/staging/status-async.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -1,9 +1,14 @@
-<!doctype html>
+<!DOCTYPE html>
+<meta charset=utf-8>
 <title>CORS - status</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=support.js></script>
 
+<h1>Status returned</h1>
+
 <div id=log></div>
 <script>
 
--- a/tests/cors/submitted/opera/staging/status-preflight.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/staging/status-preflight.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -1,9 +1,14 @@
-<!doctype html>
+<!DOCTYPE html>
+<meta charset=utf-8>
 <title>CORS - status after preflight</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=support.js></script>
 
+<h1>Status after preflight</h1>
+
 <div id=log></div>
 <script>
 var counter = 0
@@ -21,7 +26,7 @@
             assert_equals(client.response, "", "response data")
             assert_equals(client.status, code, "response status")
             if (client.readyState == client.DONE)
-                /* Wait for wild error events */
+                /* Wait for spurious error events */
                 setTimeout(this.step_func(function() { this.done() }), 10)
         })
 
--- a/tests/cors/submitted/opera/staging/status.htm	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/staging/status.htm	Sun Nov 04 17:35:08 2012 +0100
@@ -1,8 +1,9 @@
-<!doctype html>
+<!DOCTYPE html>
 <meta charset=utf-8>
 <title>CORS status</title>
 <meta name=help href=http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#cross-origin-request-with-preflight-0>
 <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="support.js"></script>
--- a/tests/cors/submitted/opera/staging/support.js	Thu Nov 01 18:22:00 2012 +0100
+++ b/tests/cors/submitted/opera/staging/support.js	Sun Nov 04 17:35:08 2012 +0100
@@ -17,8 +17,9 @@
 
 /* This subdomain should point to this same location */
 var SUBDOMAIN = 'www1'
-var PORT = "8080"
-var PORT_HTTPS = "8443"
+var SUBDOMAIN2 = 'www2'
+var PORT = "81"
+var PORTS = "83"
 
 /* Changes http://example.com/abc/def/cool.htm to http://www1.example.com/abc/def/ */
 var CROSSDOMAIN = dirname(location.href)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/testrunner.html	Sun Nov 04 17:35:08 2012 +0100
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang=en>
+<meta charset=UTF-8>
+<title>Web tests</title>
+<link rel=stylesheet href=/resources/test-runner/runner.css>
+<script src=/resources/test-runner/runner.js></script>
+
+<p><button value=./>Run tests in this dir</button>
+<p><button value=../js/>Run tests in js/</button>