--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js Sun Apr 29 16:45:43 2012 -0700
@@ -0,0 +1,25 @@
+var accessControlBasicAllowAccessControlOriginHeader = function() {
+ var xhr = new XMLHttpRequest;
+ var path = "/webappsec/tests/cors/submitted/webkit";
+
+ try {
+ xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow-access-control-origin-header.php", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ assert_true(false);
+ return;
+ }
+
+ try {
+ xhr.send();
+ assert_true(true);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+ assert_true(false);
+ return;
+ }
+
+ //log(xhr.responseText);
+};
+
+test(accessControlBasicAllowAccessControlOriginHeader, "access-control-basic-allow-access-control-origin-header")
--- a/tests/cors/submitted/webkit/access-control-basic-allow.js Sun Apr 29 12:29:30 2012 -0700
+++ b/tests/cors/submitted/webkit/access-control-basic-allow.js Sun Apr 29 16:45:43 2012 -0700
@@ -7,6 +7,7 @@
} catch(e) {
log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ assert_true(false);
return;
}
--- a/tests/cors/submitted/webkit/access-control-basic-denied.js Sun Apr 29 12:29:30 2012 -0700
+++ b/tests/cors/submitted/webkit/access-control-basic-denied.js Sun Apr 29 16:45:43 2012 -0700
@@ -6,6 +6,7 @@
xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-denied.php", false);
} catch(e) {
log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ assert_true(false);
return;
}
--- a/tests/cors/submitted/webkit/cors-tests.html Sun Apr 29 12:29:30 2012 -0700
+++ b/tests/cors/submitted/webkit/cors-tests.html Sun Apr 29 16:45:43 2012 -0700
@@ -11,6 +11,7 @@
<script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow.js"></script>
<script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-star.js"></script>
<script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-denied.js"></script>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js"></script>
<div id=log></div>
</body>
</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.php Sun Apr 29 16:45:43 2012 -0700
@@ -0,0 +1,7 @@
+<?php
+header("Content-Type: text/plain");
+header("Cache-Control: no-cache, no-store\n");
+header("Access-Control-Allow-Origin: *\n\n");
+echo "PASS: Cross-domain access allowed.";
+echo "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
+?>
\ No newline at end of file