--- a/tests/cors/submitted/opera/staging/origin.htm Fri Jun 08 09:28:29 2012 +0200
+++ b/tests/cors/submitted/opera/staging/origin.htm Fri Jun 08 15:59:14 2012 +0200
@@ -73,6 +73,7 @@
shouldFail("'*'")
shouldFail('"*"')
shouldFail("* *")
+shouldFail("* null")
shouldFail("*" + location.protocol + "//" + "*")
shouldFail("*" + location.protocol + "//" + location.host)
shouldFail("* " + location.protocol + "//" + location.host)
@@ -81,11 +82,34 @@
shouldFail("null " + location.protocol + "//" + location.host)
shouldFail('http://example.net')
shouldFail('null')
+shouldFail('null *')
shouldFail('')
shouldFail(location.href)
shouldFail(dirname(location.href))
shouldFail(CROSSDOMAIN)
shouldFail(location.host.replace(/^[^\.]+\./, ""))
shouldFail("." + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("*." + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("http://" + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("http://." + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("http://*." + location.host.replace(/^[^\.]+\./, ""))
+
+function doubleOrigin(origin, origin2) {
+ test(function () {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN
+ + '/resources/cors-makeheader.php?origin='
+ + encodeURIComponent(origin)
+ + 'origin2=' + encodeURIComponent(origin2),
+ false)
+ assert_throws(null, function() { client.send() }, 'send')
+ }, 'Disallow multiple headers (' + origin + ', ' + origin2 + ')');
+}
+
+doubleOrigin('', '*');
+doubleOrigin('*', '*');
+doubleOrigin('', location.protocol + "//" + location.host);
+doubleOrigin('*', location.protocol + "//" + location.host);
+doubleOrigin(location.protocol + "//" + location.host, location.protocol + "//" + location.host);
</script>
--- a/tests/cors/submitted/opera/staging/resources/cors-makeheader.php Fri Jun 08 09:28:29 2012 +0200
+++ b/tests/cors/submitted/opera/staging/resources/cors-makeheader.php Fri Jun 08 15:59:14 2012 +0200
@@ -4,6 +4,8 @@
if ($origin != 'none')
header("Access-Control-Allow-Origin: $origin");
+if (isset($_GET['origin2']))
+ header("Access-Control-Allow-Origin: {$_GET['origin2']}", false);
/* Preflight */
if (isset($_GET['headers']))