Mercurial > hg > webappsec / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset
Opera CORS: Added some more tests
authorOdin Hørthe Omdal <odinho@opera.com>
Fri, 16 Dec 2011 03:20:16 +0100
changeset 18 79828772335d
parent 17 46cba6fd558c
child 19 98421000f64c
Opera CORS: Added some more tests
tests/cors/submitted/opera/js/MANIFEST
tests/cors/submitted/opera/js/status-errors.htm
tests/cors/submitted/opera/js/status-preflight.htm 
--- a/tests/cors/submitted/opera/js/MANIFEST	Fri Dec 16 00:50:59 2011 +0100
+++ b/tests/cors/submitted/opera/js/MANIFEST	Fri Dec 16 03:20:16 2011 +0100
@@ -12,4 +12,5 @@
 simple-requests.htm
 status.htm
 status-async.htm
+status-errors.htm
 status-preflight.htm
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/opera/js/status-errors.htm	Fri Dec 16 03:20:16 2011 +0100
@@ -0,0 +1,76 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>CORS error events</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<pre>
+   allowed  preflight  response  | status |
+   -------  ---------  --------  | ------ |
+ 1      no          x       400  |      0 |  fires error
+ 2      no        200         x  |      0 |  fires error
+ 3     yes          x       400  |    400 |
+ 4     yes        200       400  |    400 |
+ 5     yes        400         x  |      0 |  fires error
+</pre>
+
+<div id=log></div>
+
+<script>
+
+    var counter = 0,
+        crossdomain = location.href
+            .replace('://', '://crosssite.')
+            .replace(/\/[^\/]*$/, '/')
+
+    function testit(allow, preflight, response, status) {
+        var test = async_test(
+            (++counter) + '. ' +
+            (allow ? 'CORS allowed' : 'CORS disallowed') +
+            (preflight ? ', preflight status '+preflight : '') +
+            (response ? ', response status '+response : '') +
+            '.'
+        )
+
+        test.step(function() {
+            var client = new XMLHttpRequest()
+            client.open('GET', crossdomain + 'resources/cors-makeheader.php?' + counter +
+                (allow ? '&headers=x-custom': '&origin=none') +
+                (response ? '&code='+response : '') +
+                (preflight ? '&preflight='+preflight : '')
+            )
+
+            if (preflight)
+                client.setRequestHeader('X-Custom', 'preflight')
+
+            client.onload = test.step_func(function() {
+                /* Allow wild error events to fire */
+                setTimeout(test.step_func(function() {
+                    if (status != 0)
+                        test.done()
+                }), 10)
+            })
+
+            client.onerror = test.step_func(function() {
+                if (status == 0) {
+                    assert_equals(client.readyState, client.DONE, 'readyState')
+                    assert_equals(client.status, 0, 'status')
+                    test.done()
+                }
+                else
+                    assert_unreached("Got unexpected error event.")
+            })
+
+            client.send()
+
+        })
+    }
+
+    /*     allow  pref  resp  status */
+    testit(false, null, 400,  0)
+    testit(false, 200,  null, 0)
+    testit(true,  null, 400,  400)
+    testit(true,  200,  400,  400)
+    testit(true,  400,  null, 0)
+
+</script>
--- a/tests/cors/submitted/opera/js/status-preflight.htm	Fri Dec 16 00:50:59 2011 +0100
+++ b/tests/cors/submitted/opera/js/status-preflight.htm	Fri Dec 16 03:20:16 2011 +0100
@@ -9,33 +9,55 @@
     <p>This shouldn't be tested inside a tunnel.</p>
     <div id="log"></div>
     <script>
-      var crossdomain = "http://crosssite." + location.hostname + location.pathname.replace(/\/[^\/]*$/, '/')
+      var crossdomain = "http://crosssite." + location.hostname + location.pathname.replace(/\/[^\/]*$/, '/'),
+          counter = 0
+
 
       function statusAfterPreflight(method, code) {
+        counter++
         var test = async_test(document.title + " on "
             + method + " " + code)
 
         test.step(function() {
           var client = new XMLHttpRequest()
-          client.open(method, crossdomain + "resources/status.php?code="
-            + code + '&headers=x-nonsimple&preflight=200', true)
+          client.open(method, crossdomain + "resources/status.php?" + counter
+            +"&code=" + code + '&headers=x-nonsimple&preflight=200', true)
 
           client.setRequestHeader('x-nonsimple', true)
           client.onreadystatechange = test.step_func(function() {
             assert_equals(client.response, "", "response data")
             assert_equals(client.status, code, "response status")
+            if (client.readyState == client.DONE)
+                /* Wait for wild error events */
+                setTimeout(test.step_func(function() { test.done() }), 10)
           })
+
           client.onerror = test.step_func(function() {
-            test.done()
+            assert_unreached("Shouldn't throw no error event!")
           })
+
           client.send()
         })
       }
 
       /*                   method     code */
+      statusAfterPreflight("GET",     200)
       statusAfterPreflight("GET",     204)
+      statusAfterPreflight("GET",     400)
+      statusAfterPreflight("GET",     401)
+
+      statusAfterPreflight("HEAD",    200)
+      statusAfterPreflight("HEAD",    204)
+      statusAfterPreflight("HEAD",    400)
       statusAfterPreflight("HEAD",    401)
+      statusAfterPreflight("HEAD",    501)
+      statusAfterPreflight("HEAD",    699)
+
+      statusAfterPreflight("POST",    204)
+      statusAfterPreflight("POST",    400)
+      statusAfterPreflight("POST",    401)
       statusAfterPreflight("POST",    404)
+
       statusAfterPreflight("PUT",     699)
       statusAfterPreflight("CHICKEN", 501)
webappsec

Hosted by W3C Systems Team, please report bugs to sysreq@w3.org