check access-control-origin-header and asserts for failures testJam
authorGopal Raghavan <gopal.raghavan@nokia.com>
Sun, 29 Apr 2012 16:45:43 -0700
branchtestJam
changeset 26 45864aa9f4ae
parent 25 2fe238b154af
child 27 76abe66357dc
child 31 39c98e34095c
child 34 e0487e21376a
check access-control-origin-header and asserts for failures
tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js
tests/cors/submitted/webkit/access-control-basic-allow.js
tests/cors/submitted/webkit/access-control-basic-denied.js
tests/cors/submitted/webkit/cors-tests.html
tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.php
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js	Sun Apr 29 16:45:43 2012 -0700
@@ -0,0 +1,25 @@
+var accessControlBasicAllowAccessControlOriginHeader = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/webkit";
+
+    try {
+        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow-access-control-origin-header.php", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    try {
+        xhr.send();
+	assert_true(true);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    //log(xhr.responseText);
+};
+
+test(accessControlBasicAllowAccessControlOriginHeader, "access-control-basic-allow-access-control-origin-header")
--- a/tests/cors/submitted/webkit/access-control-basic-allow.js	Sun Apr 29 12:29:30 2012 -0700
+++ b/tests/cors/submitted/webkit/access-control-basic-allow.js	Sun Apr 29 16:45:43 2012 -0700
@@ -7,6 +7,7 @@
 
     } catch(e) {
         log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        assert_true(false);
         return;
     }
 
--- a/tests/cors/submitted/webkit/access-control-basic-denied.js	Sun Apr 29 12:29:30 2012 -0700
+++ b/tests/cors/submitted/webkit/access-control-basic-denied.js	Sun Apr 29 16:45:43 2012 -0700
@@ -6,6 +6,7 @@
         xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-denied.php", false);
     } catch(e) {
         log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        assert_true(false);
         return;
     }
 
--- a/tests/cors/submitted/webkit/cors-tests.html	Sun Apr 29 12:29:30 2012 -0700
+++ b/tests/cors/submitted/webkit/cors-tests.html	Sun Apr 29 16:45:43 2012 -0700
@@ -11,6 +11,7 @@
  <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow.js"></script>
  <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-star.js"></script>
  <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-denied.js"></script>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js"></script>
 <div  id=log></div>
 </body>
 </html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.php	Sun Apr 29 16:45:43 2012 -0700
@@ -0,0 +1,7 @@
+<?php
+header("Content-Type: text/plain");
+header("Cache-Control: no-cache, no-store\n");
+header("Access-Control-Allow-Origin: *\n\n");
+echo "PASS: Cross-domain access allowed.";
+echo "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
+?>
\ No newline at end of file