Fixup CORS tests
authorOdin Hørthe Omdal <odinho@opera.com>
Thu, 01 Nov 2012 18:22:00 +0100
changeset 79 66dd77e95c2f
parent 78 d5e5053b280c
child 80 f80641f4740c
Fixup CORS tests
tests/cors/submitted/opera/js/basic.htm
tests/cors/submitted/opera/js/errors-async.htm
tests/cors/submitted/opera/js/origin.htm
tests/cors/submitted/opera/js/redirect-preflight.htm
tests/cors/submitted/opera/js/status-async.htm
tests/cors/submitted/opera/js/status-errors.htm
tests/cors/submitted/opera/js/status-preflight.htm
tests/cors/submitted/opera/js/status.htm
tests/cors/submitted/opera/staging/basic.htm
tests/cors/submitted/opera/staging/origin.htm
tests/cors/submitted/opera/staging/redirect-preflight.htm
tests/cors/submitted/opera/staging/resources/status.php
tests/cors/submitted/opera/staging/status-async.htm
tests/cors/submitted/opera/staging/status-preflight.htm
tests/cors/submitted/opera/staging/status.htm
--- a/tests/cors/submitted/opera/js/basic.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,55 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: Basic CORS</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    var crossdomain = "http://" + SUBDOMAIN + "." + location.hostname
-
-
-    /*
-     * Basic usage
-     */
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', 'resources/cors-headers.php', false)
-        client.send(null)
-
-        assert_equals(client.response, 'TEST')
-    }, 'same domain basic usage')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', CROSSDOMAIN + 'resources/cors-headers.php', false)
-        client.send(null)
-
-        assert_equals(client.response, 'TEST')
-    }, 'crossdomain basic usage')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', 'http://' + location.hostname + ":" + PORT + dirname(location.pathname) + 'resources/cors-headers.php', false)
-        client.send(null)
-
-        assert_equals(client.response, 'TEST')
-    }, 'same domain different port')
-
-    test(function() {
-        var client = new XMLHttpRequest()
-        client.open('GET', 'http://' + SUBDOMAIN + '.' + location.hostname + ':' + PORT + dirname(location.pathname) + 'resources/cors-headers.php', false)
-        client.send(null)
-
-        assert_equals(client.response, 'TEST')
-    }, 'crossdomain different port')
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/errors-async.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - errors (async)</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    /*
-     * Error checking
-     */
-
-    ;(function() {
-        var test = async_test('CORS fail async, getting onerror')
-        test.step(function() {
-            var xhr = new XMLHttpRequest()
-            xhr.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?origin=none', true)
-            xhr.onerror = test.step_func(function(e) {
-                assert_equals(xhr.readyState, xhr.DONE, "readyState")
-                assert_equals(xhr.status, 0, "status")
-                test.done()
-            })
-            xhr.onload = test.step_func(function(e) {
-                assert_unreached("should never get a response")
-            })
-            xhr.send()
-        })
-    })();
-
-    ;(function() {
-        var test = async_test('CORS fail async, 1: onreadystatechange, 2: onerror')
-        test.step(function() {
-            var xhr = new XMLHttpRequest(),
-                passed = false
-            xhr.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?origin=none', true)
-            xhr.onreadystatechange = test.step_func(function(e) {
-                if (xhr.readyState > xhr.OPENED)
-                    assert_equals(xhr.status, 0, "status")
-
-                if (xhr.readyState == xhr.DONE)
-                    passed = true
-            })
-            xhr.onerror = test.step_func(function(e) {
-                assert_true(passed, 'readystate DONE should be done first')
-                test.done()
-            })
-            xhr.send()
-        })
-    })();
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/origin.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,85 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - Access-Control-Allow-Origin, various</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    /*
-     * Origin header
-     */
-    function shouldPass(origin) {
-        test(function () {
-            var client = new XMLHttpRequest()
-            client.open('GET', CROSSDOMAIN
-                                + '/resources/cors-makeheader.php?origin='
-                                + encodeURIComponent(origin),
-                        false)
-            client.send()
-            r = JSON.parse(client.response)
-            var host = location.protocol + "//" + location.host
-            assert_equals(r['origin'], host, 'Request Origin: should be ' + host)
-        }, 'Allow origin: ' + origin.replace(/\t/g, "[tab]").replace(/ /g, '_'));
-    }
-
-    shouldPass('*');
-    shouldPass(' *  ');
-    shouldPass('	*');
-    shouldPass(location.protocol + "//" + location.host);
-    shouldPass(" "+location.protocol + "//" + location.host);
-    shouldPass(" "+location.protocol + "//" + location.host + "   	 ");
-    shouldPass("	"+location.protocol + "//" + location.host);
-
-
-    function shouldFail(origin) {
-        test(function () {
-            var client = new XMLHttpRequest()
-            client.open('GET', CROSSDOMAIN
-                                + '/resources/cors-makeheader.php?origin='
-                                + encodeURIComponent(origin),
-                        false)
-            assert_throws(null, function() { client.send() }, 'send')
-        }, 'Allow origin: ' + origin + ' should throw NETWORK_ERR');
-    }
-
-    shouldFail(location.protocol + "//" + SUBDOMAIN + "." + location.host)
-    shouldFail("//" + location.host)
-    shouldFail("://" + location.host)
-    shouldFail("ftp://" + location.host)
-    shouldFail("http:://" + location.host)
-    shouldFail("http:/" + location.host)
-    shouldFail("http:" + location.host)
-    shouldFail(location.host)
-    shouldFail(location.protocol + "//" + location.host + "?")
-    shouldFail(location.protocol + "//" + location.host + "/")
-    shouldFail(location.protocol + "//" + location.host + " /")
-    shouldFail(location.protocol + "//" + location.host + "#")
-    shouldFail(location.protocol + "//" + location.host + "%23")
-    shouldFail(location.protocol + "//" + location.host + ":80")
-    shouldFail(location.protocol + "//" + location.host + ", *")
-    shouldFail((location.protocol + "//" + location.host).toUpperCase())
-    shouldFail(location.protocol.toUpperCase() + "//" + location.host)
-    shouldFail("-")
-    shouldFail("**")
-    shouldFail("* *")
-    shouldFail("*" + location.protocol + "//" + "*")
-    shouldFail("*" + location.protocol + "//" + location.host)
-    shouldFail("* " + location.protocol + "//" + location.host)
-    shouldFail("*, " + location.protocol + "//" + location.host)
-    shouldFail("null " + location.protocol + "//" + location.host)
-    shouldFail('http://example.net')
-    shouldFail('null')
-    shouldFail('')
-    shouldFail(location.href)
-    shouldFail(dirname(location.href))
-    shouldFail(CROSSDOMAIN)
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/redirect-preflight.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,64 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - redirect with preflight</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-    var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer
-
-    /*
-     * Redirection with preflights
-     */
-
-    function redir_preflight(code) {
-        test(function() {
-            var client = new XMLHttpRequest(),
-                redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
-
-            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
-                               + 'headers=x-test&location=' + encodeURIComponent(redirect)
-                               + '&code=' + code + '&preflight=' + code + '&' + req_c++,
-                        false)
-            client.setRequestHeader('x-test', 'test')
-            assert_throws(null, function() { client.send(null) });
-
-        },
-        'Redirect ' + code + ' on preflight')
-    }
-    redir_preflight(301)
-    redir_preflight(302)
-    redir_preflight(303)
-    redir_preflight(307)
-
-    /* Even thought the preflight was allowed (200), CORS should not follow
-       a subsequent redirect */
-    function redir_after_preflight(code) {
-        test(function() {
-            var client = new XMLHttpRequest(),
-                redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
-
-            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
-                               + 'preflight=200&headers=x-test&location='
-                               + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
-                        false)
-            client.setRequestHeader('x-test', 'test')
-            assert_throws(null, function() { client.send(null) });
-
-        },
-        'Redirect ' + code + ' after succesful (200) preflight')
-    }
-    redir_after_preflight(301)
-    redir_after_preflight(302)
-    redir_after_preflight(303)
-    redir_after_preflight(307)
-
-    </script>
- </body>
-</html>
--- a/tests/cors/submitted/opera/js/status-async.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,101 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <title>XMLHttpRequest: CORS - status (async)</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-
-      function statusRequest(method, code, text, content, type) {
-        var test = async_test("Status on " + method + " " + code)
-        test.step(function() {
-          var client = new XMLHttpRequest()
-          client.open(method, CROSSDOMAIN + "resources/status.php?code="
-            + code + "&text=" + text + "&content=" + content + "&type=" + type, true)
-          client.onreadystatechange = test.step_func(function() {
-            if (client.readyState != client.DONE)
-              return
-            assert_equals(client.status, code, 'response status')
-            assert_equals(client.statusText, text, 'response status text')
-            assert_equals(client.getResponseHeader("X-Request-Method"), method, 'method')
-            if(method != "HEAD") {
-              if(type == "text/xml") {
-                assert_equals(client.responseXML.documentElement.localName, "x", 'responseXML')
-              }
-              assert_equals(client.response, content, 'response content')
-            }
-            test.done()
-          })
-          client.send(null)
-        })
-      }
-
-      /*            method     code text  content        type */
-      statusRequest("GET",     200, 'OK', 'Not today.',  '')
-      statusRequest("POST",    200, 'OK', '<x>402<\/x>', 'text/xml')
-      statusRequest("HEAD",    200, 'OK', 'Nice!',       'text/doesnotmatter')
-      statusRequest("PUT",     200, 'OK', '400',         'text/plain')
-      statusRequest("CHICKEN", 200, 'OK', 'bah',         '')
-
-
-      function statusRequestFail(method, code, expect_code, nonsimple) {
-        var test = async_test("Status on " + method + " " + code + ((nonsimple===true)?' (nonsimple)':''))
-        if (expect_code === undefined)
-          expect_code = code
-
-        test.step(function() {
-          var client = new XMLHttpRequest()
-
-          client.open(method, CROSSDOMAIN + "resources/status.php?code="
-            + code + '&headers=x-nonsimple&text=OHAI', true)
-
-          if (nonsimple === true)
-            client.setRequestHeader('x-nonsimple', true)
-
-          client.onreadystatechange = test.step_func(function() {
-            if (client.readyState < client.HEADERS_RECIEVED)
-              return
-            assert_equals(client.response, "", "response data")
-            assert_equals(client.status, expect_code, "response status")
-            assert_equals(client.statusText, (expect_code == 0 ? "" : "OHAI"), "response statusText")
-            if (client.readyState == client.DONE)
-              test.done()
-          })
-
-          client.onerror = test.step_func(function(e) {
-              assert_unreached("Got error event.")
-          })
-
-          client.send()
-        })
-      }
-
-      /*                                 expect
-                        method     code  status */
-      statusRequestFail("GET",     204)
-      statusRequestFail("GET",     400)
-      statusRequestFail("HEAD",    401)
-      statusRequestFail("POST",    404)
-      statusRequestFail("POST",    500)
-
-      /* Preflight response status is not 200, so the algorithm set status to 0. */
-      statusRequestFail("PUT",     699,  0)
-      statusRequestFail("CHICKEN", 501,  0)
-
-      /*                                    "forced"
-                                            preflight */
-      statusRequestFail("GET",     204,  0, true)
-      statusRequestFail("GET",     400,  0, true)
-      statusRequestFail("HEAD",    401,  0, true)
-      statusRequestFail("POST",    404,  0, true)
-      statusRequestFail("PUT",     699,  0, true)
-      statusRequestFail("CHICKEN", 501,  0, true)
-
-    </script>
-  </body>
-</html>
--- a/tests/cors/submitted/opera/js/status-errors.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-<!doctype html>
-<meta charset=utf-8>
-<title>CORS error events</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="support.js"></script>
-
-<pre>
-   allowed  preflight  response  | status |
-   -------  ---------  --------  | ------ |
- 1      no          x       400  |      0 |  fires error
- 2      no        200         x  |      0 |  fires error
- 3     yes          x       400  |    400 |
- 4     yes        200       400  |    400 |
- 5     yes        400         x  |      0 |  fires error
-</pre>
-
-<div id=log></div>
-
-<script>
-
-    var counter = 0
-
-    function testit(allow, preflight, response, status) {
-        var test = async_test(
-            (++counter) + '. ' +
-            (allow ? 'CORS allowed' : 'CORS disallowed') +
-            (preflight ? ', preflight status '+preflight : '') +
-            (response ? ', response status '+response : '') +
-            '.'
-        )
-
-        test.step(function() {
-            var client = new XMLHttpRequest()
-            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?' + counter +
-                (allow ? '&headers=x-custom': '&origin=none') +
-                (response ? '&code='+response : '') +
-                (preflight ? '&preflight='+preflight : '')
-            )
-
-            if (preflight)
-                client.setRequestHeader('X-Custom', 'preflight')
-
-            client.onload = test.step_func(function() {
-                /* Allow wild error events to fire */
-                setTimeout(test.step_func(function() {
-                    if (status != 0)
-                        test.done()
-                }), 10)
-            })
-
-            client.onerror = test.step_func(function() {
-                if (status == 0) {
-                    assert_equals(client.readyState, client.DONE, 'readyState')
-                    assert_equals(client.status, 0, 'status')
-                    test.done()
-                }
-                else
-                    assert_unreached("Got unexpected error event.")
-            })
-
-            client.send()
-
-        })
-    }
-
-    /*     allow  pref  resp  status */
-    testit(false, null, 400,  0)
-    testit(false, 200,  null, 0)
-    testit(true,  null, 400,  400)
-    testit(true,  200,  400,  400)
-    testit(true,  400,  null, 0)
-
-</script>
--- a/tests/cors/submitted/opera/js/status-preflight.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <title>CORS - status after preflight</title>
-    <script src="/resources/testharness.js"></script>
-    <script src="/resources/testharnessreport.js"></script>
-    <script src="support.js"></script>
-  </head>
-  <body>
-    <p>This shouldn't be tested inside a tunnel.</p>
-    <div id="log"></div>
-    <script>
-      var counter = 0
-
-      function statusAfterPreflight(method, code) {
-        counter++
-        var test = async_test(document.title + " on "
-            + method + " " + code)
-
-        test.step(function() {
-          var client = new XMLHttpRequest()
-          client.open(method, CROSSDOMAIN + "resources/status.php?" + counter
-            +"&code=" + code + '&headers=x-nonsimple&preflight=200', true)
-
-          client.setRequestHeader('x-nonsimple', true)
-          client.onreadystatechange = test.step_func(function() {
-            assert_equals(client.response, "", "response data")
-            assert_equals(client.status, code, "response status")
-            if (client.readyState == client.DONE)
-                /* Wait for wild error events */
-                setTimeout(test.step_func(function() { test.done() }), 10)
-          })
-
-          client.onerror = test.step_func(function() {
-            assert_unreached("Shouldn't throw no error event!")
-          })
-
-          client.send()
-        })
-      }
-
-      /*                   method     code */
-      statusAfterPreflight("GET",     200)
-      statusAfterPreflight("GET",     204)
-      statusAfterPreflight("GET",     400)
-      statusAfterPreflight("GET",     401)
-
-      statusAfterPreflight("HEAD",    200)
-      statusAfterPreflight("HEAD",    204)
-      statusAfterPreflight("HEAD",    400)
-      statusAfterPreflight("HEAD",    401)
-      statusAfterPreflight("HEAD",    501)
-      statusAfterPreflight("HEAD",    699)
-
-      statusAfterPreflight("POST",    204)
-      statusAfterPreflight("POST",    400)
-      statusAfterPreflight("POST",    401)
-      statusAfterPreflight("POST",    404)
-
-      statusAfterPreflight("PUT",     699)
-      statusAfterPreflight("CHICKEN", 501)
-
-    </script>
-  </body>
-</html>
--- a/tests/cors/submitted/opera/js/status.htm	Thu Nov 01 05:42:22 2012 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-<!doctype html>
-<meta charset=utf-8>
-<title>CORS status</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="support.js"></script>
-
-<h1>The returned status code in different scenarios</h1>
-
-<pre>
-   allowed  preflight  response  | status |
-   -------  ---------  --------  | ------ |
- 1      no          x       400  |      0 |
- 2      no        200         x  |      0 |
- 3     yes          x       400  |    400 |
- 4     yes        200       400  |    400 |
- 5     yes        400         x  |      0 |
-</pre>
-
-<div id=log></div>
-
-<script>
-
-    var counter = 0
-
-    function testit(allow, preflight, response, status) {
-        var test = async_test(
-            (++counter) + '. ' +
-            (allow ? 'CORS allowed' : 'CORS disallowed') +
-            (preflight ? ', preflight status '+preflight : '') +
-            (response ? ', response status '+response : '') +
-            '.'
-        )
-
-        test.step(function() {
-            var client = new XMLHttpRequest()
-            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?' + counter +
-                (allow ? '&headers=x-custom': '&origin=none') +
-                (response ? '&code='+response : '') +
-                (preflight ? '&preflight='+preflight : '')
-            )
-
-            if (preflight)
-                client.setRequestHeader('X-Custom', 'preflight')
-
-            client.onreadystatechange = test.step_func(function(){
-                if (client.readyState > client.OPENED)
-                    assert_equals(client.status, status, "status")
-
-                if (client.readyState == client.DONE)
-                {
-                    test.done()
-                }
-            })
-
-            client.send()
-
-        })
-    }
-
-    /*     allow  pref  resp  status */
-    testit(false, null, 400,  0)
-    testit(false, 200,  null, 0)
-    testit(true,  null, 400,  400)
-    testit(true,  200,  400,  400)
-    testit(true,  400,  null, 0)
-
-</script>
--- a/tests/cors/submitted/opera/staging/basic.htm	Thu Nov 01 05:42:22 2012 -0400
+++ b/tests/cors/submitted/opera/staging/basic.htm	Thu Nov 01 18:22:00 2012 +0100
@@ -1,6 +1,8 @@
 <!DOCTYPE html>
 <meta charset=utf-8>
 <title>Basic CORS</title>
+<meta name=help href=http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#simple-cross-origin-request-0>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:[email protected]">
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=support.js></script>
@@ -8,11 +10,15 @@
 
 <script>
 
+var counter = 0;
+
 function cors(desc, url) {
     async_test(desc).step(function() {
-        console.log(url);
         var client = new XMLHttpRequest();
-        client.open("GET", url + "resources/cors-makeheader.php?get_value=hest_er_best&origin=none");
+        this.count = counter++;
+
+        client.open("GET", url + "resources/cors-makeheader.php?get_value=hest_er_best&origin=none&" + this.count);
+
         client.onreadystatechange = this.step_func(function(e) {
             // First request, test that it fails with no origin
             if (client.readyState < 4) return;
@@ -21,10 +27,11 @@
             else
                 assert_false(!!client.response, "Got CORS-disallowed response");
 
-            client.open("GET", url + "resources/cors-makeheader.php?get_value=hest_er_best");
+            client.open("GET", url + "resources/cors-makeheader.php?get_value=hest_er_best&" + this.count);
             client.onreadystatechange = this.step_func(function(e) {
                 // Second request, test that it passes with the allowed-origin
                 if (client.readyState < 4) return;
+                console.log(client.response);
                 assert_true(client.response.indexOf("hest_er_best") != -1, "Got CORS-allowed response");
                 this.done();
             });
--- a/tests/cors/submitted/opera/staging/origin.htm	Thu Nov 01 05:42:22 2012 -0400
+++ b/tests/cors/submitted/opera/staging/origin.htm	Thu Nov 01 18:22:00 2012 +0100
@@ -1,6 +1,8 @@
 <!DOCTYPE html>
 <meta charset=utf-8>
 <title>Access-Control-Allow-Origin handling</title>
+<meta name=help href=http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#resource-sharing-check>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:[email protected]">
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=support.js></script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/redirect-preflight.htm	Thu Nov 01 18:22:00 2012 +0100
@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>XMLHttpRequest: CORS - redirect with preflight</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support.js"></script>
+  </head>
+  <body>
+    <p>This shouldn't be tested inside a tunnel.</p>
+    <div id="log"></div>
+    <script>
+
+    var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer
+
+    /*
+     * Redirection with preflights
+     */
+
+    function redir_preflight(code) {
+        test(function() {
+            var client = new XMLHttpRequest(),
+                redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+
+            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
+                               + 'headers=x-test&location=' + encodeURIComponent(redirect)
+                               + '&code=' + code + '&preflight=' + code + '&' + req_c++,
+                        false)
+            client.setRequestHeader('x-test', 'test')
+            assert_throws(null, function() { client.send(null) });
+
+        },
+        'Redirect ' + code + ' on preflight')
+    }
+    redir_preflight(301)
+    redir_preflight(302)
+    redir_preflight(303)
+    redir_preflight(307)
+
+    /* Even thought the preflight was allowed (200), CORS should not follow
+       a subsequent redirect */
+    function redir_after_preflight(code) {
+        test(function() {
+            var client = new XMLHttpRequest(),
+                redirect = CROSSDOMAIN + 'resources/cors-makeheader.php?headers=x-test&' + req_c++
+
+            client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?'
+                               + 'preflight=200&headers=x-test&location='
+                               + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
+                        false)
+            client.setRequestHeader('x-test', 'test')
+            assert_throws(null, function() { client.send(null) });
+
+        },
+        'Redirect ' + code + ' after succesful (200) preflight')
+    }
+    redir_after_preflight(301)
+    redir_after_preflight(302)
+    redir_after_preflight(303)
+    redir_after_preflight(307)
+
+    </script>
+ </body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/resources/status.php	Thu Nov 01 18:22:00 2012 +0100
@@ -0,0 +1,40 @@
+<?php
+
+  header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+  header("Access-Control-Expose-Headers: X-Request-Method");
+  if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS')
+    header("Access-Control-Allow-Methods: GET, CHICKEN, HEAD, POST, PUT");
+  if (isset($_GET['headers']))
+    header("Access-Control-Allow-Headers: {$_GET['headers']}");
+  header("X-Request-Method: " .
+    (isset($_SERVER["REQUEST_METHOD"]) ? $_SERVER["REQUEST_METHOD"] : ""));
+  header("X-A-C-Request-Method: " .
+    (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_METHOD"])
+      ? $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_METHOD"] : ""));
+
+  // Hack for PHP
+  function stripslashes_recursive($var) {
+    foreach($var as $i => $value)
+      $var[$i] = stripslashes($value);
+    return $var;
+  }
+  if(get_magic_quotes_gpc()) {
+    $_GET = stripslashes_recursive($_GET);
+  }
+
+  // This should reasonably work for most response codes.
+  $code = isset($_GET['code']) && ctype_digit($_GET["code"]) ? $_GET["code"] : "200";
+  $text = isset($_GET["text"]) ? $_GET["text"] : "OMG";
+
+  if (isset($_GET['preflight'])
+      && ctype_digit($_GET['preflight'])
+      && $_SERVER['REQUEST_METHOD'] == 'OPTIONS')
+    $code = $_GET['preflight'];
+
+  header("HTTP/1.1 " . $code . " " . $text);
+
+  if (isset($_GET['type']))
+    header("Content-Type:" . $_GET['type']);
+  if (isset($_GET["content"]))
+    echo $_GET['content'];
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/status-async.htm	Thu Nov 01 18:22:00 2012 +0100
@@ -0,0 +1,98 @@
+<!doctype html>
+<title>CORS - status</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
+
+<div id=log></div>
+<script>
+
+function statusRequest(method, code, text, content, type) {
+    async_test("Status on " + method + " " + code)
+    .step(function() {
+        var client = new XMLHttpRequest()
+        client.open(method, CROSSDOMAIN + "resources/status.php?code="
+            + code + "&text=" + text + "&content=" + content + "&type=" + type, true)
+        client.onreadystatechange = this.step_func(function() {
+            if (client.readyState != client.DONE)
+                return
+
+            assert_equals(client.status, code, 'response status')
+            assert_equals(client.statusText, text, 'response status text')
+            assert_equals(client.getResponseHeader("X-Request-Method"), method, 'method')
+            if(method != "HEAD") {
+                if(type == "text/xml") {
+                    assert_equals(client.responseXML.documentElement.localName,
+                                "x", 'responseXML')
+                }
+                assert_equals(client.response, content, 'response content')
+            }
+            this.done()
+        })
+
+        client.send(null)
+    })
+}
+
+  /*            method     code text  content        type */
+  statusRequest("GET",     200, 'OK', 'Not today.',  '')
+  statusRequest("POST",    200, 'OK', '<x>402<\/x>', 'text/xml')
+  statusRequest("HEAD",    200, 'OK', 'Nice!',       'text/doesnotmatter')
+  statusRequest("PUT",     200, 'OK', '400',         'text/plain')
+  statusRequest("CHICKEN", 200, 'OK', 'bah',         '')
+
+
+function statusRequestFail(method, code, expect_code, nonsimple) {
+    if (expect_code === undefined)
+        expect_code = code
+
+    async_test("Status on " + method + " " + code + (nonsimple?' (nonsimple)':''))
+    .step(function() {
+        var client = new XMLHttpRequest()
+
+        client.open(method, CROSSDOMAIN + "resources/status.php?code="
+          + code + '&headers=x-nonsimple&text=OHAI', true)
+
+        if (nonsimple)
+            client.setRequestHeader('x-nonsimple', true)
+
+        client.onreadystatechange = this.step_func(function() {
+            if (client.readyState < client.HEADERS_RECIEVED)
+                return
+            assert_equals(client.response, "", "response data")
+            assert_equals(client.status, expect_code, "response status")
+            assert_equals(client.statusText, (expect_code == 0 ? "" : "OHAI"), "response statusText")
+            if (client.readyState == client.DONE)
+                this.done()
+        })
+
+        client.onerror = this.step_func(function(e) {
+            assert_unreached("Got error event.")
+        })
+
+        client.send()
+    })
+}
+
+  /*                                 expect
+                    method     code  status */
+  statusRequestFail("GET",     204)
+  statusRequestFail("GET",     400)
+  statusRequestFail("HEAD",    401)
+  statusRequestFail("POST",    404)
+  statusRequestFail("POST",    500)
+
+  /* Preflight response status is not 200, so the algorithm set status to 0. */
+  statusRequestFail("PUT",     699,  0)
+  statusRequestFail("CHICKEN", 501,  0)
+
+  /*                                    "forced"
+                                        preflight */
+  statusRequestFail("GET",     204,  0, true)
+  statusRequestFail("GET",     400,  0, true)
+  statusRequestFail("HEAD",    401,  0, true)
+  statusRequestFail("POST",    404,  0, true)
+  statusRequestFail("PUT",     699,  0, true)
+  statusRequestFail("CHICKEN", 501,  0, true)
+
+</script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/staging/status-preflight.htm	Thu Nov 01 18:22:00 2012 +0100
@@ -0,0 +1,57 @@
+<!doctype html>
+<title>CORS - status after preflight</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js></script>
+
+<div id=log></div>
+<script>
+var counter = 0
+
+function statusAfterPreflight(method, code) {
+    counter++
+
+    async_test(document.title + " on " + method + " " + code).step(function() {
+        var client = new XMLHttpRequest()
+        client.open(method, CROSSDOMAIN + "resources/status.php?" + counter
+            +"&code=" + code + '&headers=x-nonsimple&preflight=200', true)
+
+        client.setRequestHeader('x-nonsimple', true)
+        client.onreadystatechange = this.step_func(function() {
+            assert_equals(client.response, "", "response data")
+            assert_equals(client.status, code, "response status")
+            if (client.readyState == client.DONE)
+                /* Wait for wild error events */
+                setTimeout(this.step_func(function() { this.done() }), 10)
+        })
+
+        client.onerror = this.step_func(function() {
+            assert_unreached("Shouldn't throw no error event!")
+        })
+
+        client.send()
+    })
+}
+
+/*                   method     code */
+statusAfterPreflight("GET",     200)
+statusAfterPreflight("GET",     204)
+statusAfterPreflight("GET",     400)
+statusAfterPreflight("GET",     401)
+
+statusAfterPreflight("HEAD",    200)
+statusAfterPreflight("HEAD",    204)
+statusAfterPreflight("HEAD",    400)
+statusAfterPreflight("HEAD",    401)
+statusAfterPreflight("HEAD",    501)
+statusAfterPreflight("HEAD",    699)
+
+statusAfterPreflight("POST",    204)
+statusAfterPreflight("POST",    400)
+statusAfterPreflight("POST",    401)
+statusAfterPreflight("POST",    404)
+
+statusAfterPreflight("PUT",     699)
+statusAfterPreflight("CHICKEN", 501)
+
+</script>
--- a/tests/cors/submitted/opera/staging/status.htm	Thu Nov 01 05:42:22 2012 -0400
+++ b/tests/cors/submitted/opera/staging/status.htm	Thu Nov 01 18:22:00 2012 +0100
@@ -1,38 +1,26 @@
 <!doctype html>
 <meta charset=utf-8>
 <title>CORS status</title>
+<meta name=help href=http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#cross-origin-request-with-preflight-0>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:[email protected]">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="support.js"></script>
 
 <h1>The returned status code in different scenarios</h1>
 
-<pre>
-   allowed  preflight  response  | status |
-   -------  ---------  --------  | ------ |
- 1      no          x       400  |      0 |
- 2      no        200         x  |      0 |
- 3     yes          x       400  |    400 |
- 4     yes        200       400  |    400 |
- 5     yes        400         x  |      0 |
-</pre>
-
-<div id=log></div>
-
 <script>
 
     var counter = 0
 
     function testit(allow, preflight, response, status) {
-        var test = async_test(
+        async_test(
             (++counter) + '. ' +
             (allow ? 'CORS allowed' : 'CORS disallowed') +
             (preflight ? ', preflight status '+preflight : '') +
             (response ? ', response status '+response : '') +
             '.'
-        )
-
-        test.step(function() {
+        ).step(function() {
             var client = new XMLHttpRequest()
             client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.php?' + counter +
                 (allow ? '&headers=x-custom': '&origin=none') +
@@ -43,14 +31,24 @@
             if (preflight)
                 client.setRequestHeader('X-Custom', 'preflight')
 
-            client.onreadystatechange = test.step_func(function(){
-                if (client.readyState > client.OPENED)
-                    assert_equals(client.status, status, "status")
+            client.onload = this.step_func(function() {
+                if (!status)
+                    assert_unreached("load event")
 
-                if (client.readyState == client.DONE)
-                {
-                    test.done()
-                }
+                /* Allow spurious error events to fire */
+                setTimeout(this.step_func(function() {
+                    assert_equals(client.status, status, "status")
+                    this.done()
+                }), 10)
+            })
+
+            client.onerror = this.step_func(function() {
+                if (status)
+                    assert_unreached("error event")
+
+                assert_equals(client.readyState, client.DONE, 'readyState')
+                assert_equals(client.status, 0, 'status')
+                this.done()
             })
 
             client.send()
@@ -66,3 +64,16 @@
     testit(true,  400,  null, 0)
 
 </script>
+
+<pre>
+   allowed  preflight  response  | status |
+   -------  ---------  --------  | ------ |
+ 1      no          x       400  |      0 |
+ 2      no        200         x  |      0 |
+ 3     yes          x       400  |    400 |
+ 4     yes        200       400  |    400 |
+ 5     yes        400         x  |      0 |
+</pre>
+
+<div id=log></div>
+