Moved webkit test case (from nokia?) to submitted folder
authorOdin Hørthe Omdal <odinho@opera.com>
Wed, 07 Dec 2011 14:47:43 +0100
changeset 14 8b07f915c023
parent 13 e6282e7a4947
child 15 8a0775f6d0eb
Moved webkit test case (from nokia?) to submitted folder
tests/cors/access-control-and-redirects.html
tests/cors/access-control-basic-allow-access-control-origin-header-data-url.html
tests/cors/access-control-basic-allow-access-control-origin-header.html
tests/cors/access-control-basic-allow-async.html
tests/cors/access-control-basic-allow-preflight-cache-invalidation-by-header.html
tests/cors/access-control-basic-allow-preflight-cache-invalidation-by-method.html
tests/cors/access-control-basic-allow-preflight-cache-timeout.html
tests/cors/access-control-basic-allow-preflight-cache.html
tests/cors/access-control-basic-allow-star.html
tests/cors/access-control-basic-allow.html
tests/cors/access-control-basic-denied-preflight-cache.html
tests/cors/access-control-basic-denied.html
tests/cors/access-control-basic-get-fail-non-simple.html
tests/cors/access-control-basic-non-simple-allow-async.html
tests/cors/access-control-basic-non-simple-allow.html
tests/cors/access-control-basic-non-simple-deny-cached.html
tests/cors/access-control-basic-post-fail-non-simple-content-type.html
tests/cors/access-control-basic-whitelist-request-headers.html
tests/cors/access-control-basic-whitelist-response-headers.html
tests/cors/access-control-preflight-async-header-denied.html
tests/cors/access-control-preflight-async-method-denied.html
tests/cors/access-control-preflight-async-not-supported.html
tests/cors/access-control-preflight-credential-async.html
tests/cors/access-control-preflight-credential-sync.html
tests/cors/access-control-preflight-headers-async.html
tests/cors/access-control-preflight-headers-sync.html
tests/cors/access-control-preflight-sync-header-denied.html
tests/cors/access-control-preflight-sync-method-denied.html
tests/cors/access-control-preflight-sync-not-supported.html
tests/cors/access-control-response-with-body-sync.html
tests/cors/access-control-response-with-body.html
tests/cors/access-control-sandboxed-iframe-allow.html
tests/cors/access-control-sandboxed-iframe-denied-without-wildcard.html
tests/cors/access-control-sandboxed-iframe-denied.html
tests/cors/resources/access-control-allow-with-body.php
tests/cors/resources/access-control-basic-allow-access-control-origin-header.cgi
tests/cors/resources/access-control-basic-allow-print-headers.cgi
tests/cors/resources/access-control-basic-allow-star.cgi
tests/cors/resources/access-control-basic-allow.cgi
tests/cors/resources/access-control-basic-denied.cgi
tests/cors/resources/access-control-basic-get-fail-non-simple.cgi
tests/cors/resources/access-control-basic-non-get-allow.cgi
tests/cors/resources/access-control-basic-options-not-supported.cgi
tests/cors/resources/access-control-basic-post-fail-non-simple.cgi
tests/cors/resources/access-control-basic-preflight-cache-invalidation.php
tests/cors/resources/access-control-basic-preflight-cache-timeout.php
tests/cors/resources/access-control-basic-preflight-cache.php
tests/cors/resources/access-control-basic-whitelist-request-headers.cgi
tests/cors/resources/access-control-basic-whitelist-response-headers.cgi
tests/cors/resources/access-control-preflight-denied-xsrf.php
tests/cors/resources/access-control-sandboxed-iframe-allow-iframe.html
tests/cors/resources/access-control-sandboxed-iframe-allow.cgi
tests/cors/resources/access-control-sandboxed-iframe-denied-iframe.html
tests/cors/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html
tests/cors/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi
tests/cors/resources/access-control-sandboxed-iframe-denied.cgi
tests/cors/resources/basic-auth/.svn/all-wcprops
tests/cors/resources/basic-auth/.svn/entries
tests/cors/resources/basic-auth/.svn/text-base/access-control-auth-basic.php.svn-base
tests/cors/resources/basic-auth/.svn/text-base/basic-auth.php.svn-base
tests/cors/resources/basic-auth/access-control-auth-basic.php
tests/cors/resources/basic-auth/basic-auth.php
tests/cors/resources/no-custom-header.php
tests/cors/resources/redirect.php
tests/cors/submitted/webkit/access-control-and-redirects.html
tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header-data-url.html
tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.html
tests/cors/submitted/webkit/access-control-basic-allow-async.html
tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-invalidation-by-header.html
tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-invalidation-by-method.html
tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-timeout.html
tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache.html
tests/cors/submitted/webkit/access-control-basic-allow-star.html
tests/cors/submitted/webkit/access-control-basic-allow.html
tests/cors/submitted/webkit/access-control-basic-denied-preflight-cache.html
tests/cors/submitted/webkit/access-control-basic-denied.html
tests/cors/submitted/webkit/access-control-basic-get-fail-non-simple.html
tests/cors/submitted/webkit/access-control-basic-non-simple-allow-async.html
tests/cors/submitted/webkit/access-control-basic-non-simple-allow.html
tests/cors/submitted/webkit/access-control-basic-non-simple-deny-cached.html
tests/cors/submitted/webkit/access-control-basic-post-fail-non-simple-content-type.html
tests/cors/submitted/webkit/access-control-basic-whitelist-request-headers.html
tests/cors/submitted/webkit/access-control-basic-whitelist-response-headers.html
tests/cors/submitted/webkit/access-control-preflight-async-header-denied.html
tests/cors/submitted/webkit/access-control-preflight-async-method-denied.html
tests/cors/submitted/webkit/access-control-preflight-async-not-supported.html
tests/cors/submitted/webkit/access-control-preflight-credential-async.html
tests/cors/submitted/webkit/access-control-preflight-credential-sync.html
tests/cors/submitted/webkit/access-control-preflight-headers-async.html
tests/cors/submitted/webkit/access-control-preflight-headers-sync.html
tests/cors/submitted/webkit/access-control-preflight-sync-header-denied.html
tests/cors/submitted/webkit/access-control-preflight-sync-method-denied.html
tests/cors/submitted/webkit/access-control-preflight-sync-not-supported.html
tests/cors/submitted/webkit/access-control-response-with-body-sync.html
tests/cors/submitted/webkit/access-control-response-with-body.html
tests/cors/submitted/webkit/access-control-sandboxed-iframe-allow.html
tests/cors/submitted/webkit/access-control-sandboxed-iframe-denied-without-wildcard.html
tests/cors/submitted/webkit/access-control-sandboxed-iframe-denied.html
tests/cors/submitted/webkit/resources/access-control-allow-with-body.php
tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.cgi
tests/cors/submitted/webkit/resources/access-control-basic-allow-print-headers.cgi
tests/cors/submitted/webkit/resources/access-control-basic-allow-star.cgi
tests/cors/submitted/webkit/resources/access-control-basic-allow.cgi
tests/cors/submitted/webkit/resources/access-control-basic-denied.cgi
tests/cors/submitted/webkit/resources/access-control-basic-get-fail-non-simple.cgi
tests/cors/submitted/webkit/resources/access-control-basic-non-get-allow.cgi
tests/cors/submitted/webkit/resources/access-control-basic-options-not-supported.cgi
tests/cors/submitted/webkit/resources/access-control-basic-post-fail-non-simple.cgi
tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache-invalidation.php
tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache-timeout.php
tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache.php
tests/cors/submitted/webkit/resources/access-control-basic-whitelist-request-headers.cgi
tests/cors/submitted/webkit/resources/access-control-basic-whitelist-response-headers.cgi
tests/cors/submitted/webkit/resources/access-control-preflight-denied-xsrf.php
tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-allow-iframe.html
tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-allow.cgi
tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-iframe.html
tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html
tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi
tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied.cgi
tests/cors/submitted/webkit/resources/basic-auth/.svn/all-wcprops
tests/cors/submitted/webkit/resources/basic-auth/.svn/entries
tests/cors/submitted/webkit/resources/basic-auth/.svn/text-base/access-control-auth-basic.php.svn-base
tests/cors/submitted/webkit/resources/basic-auth/.svn/text-base/basic-auth.php.svn-base
tests/cors/submitted/webkit/resources/basic-auth/access-control-auth-basic.php
tests/cors/submitted/webkit/resources/basic-auth/basic-auth.php
tests/cors/submitted/webkit/resources/no-custom-header.php
tests/cors/submitted/webkit/resources/redirect.php
--- a/tests/cors/access-control-and-redirects.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-<p>Tests that redirects between origins are never allowed, even when access control is involved.</p>
-<p>Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.</p>
-
-<pre id="console"></pre>
-<script>
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
-}
-
-function runTest(url, expectSyncSuccess, expectAsyncSuccess)
-{
-    log("Testing " + url + " (sync)");
-    log("Expecting success: " + expectSyncSuccess);
-
-    var req = new XMLHttpRequest();
-    req.open("GET", url, false);
-
-    try {
-        req.send(null);
-        log((expectSyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
-    } catch (ex) {
-        log((expectSyncSuccess ? "FAIL" : "PASS") + ": " + ex);
-    }
-    
-    log("Testing " + url + "(async)");
-    log("Expecting success: " + expectAsyncSuccess);
-
-    req = new XMLHttpRequest();
-    req.open("GET", url, true);
-    req.onload = function() {
-        log((expectAsyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
-        nextTest();
-    }
-    req.onerror = function() {
-        log((expectAsyncSuccess ? "FAIL" : "PASS") + ": " + req.status);
-        nextTest();
-    }
-    req.send(null);
-}
-
-var tests = [
-    ["/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
-    ["http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
-    ["http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false]
-]
-
-var currentTest = 0;
-
-function nextTest() {
-    if (currentTest < tests.length)
-        runTest.apply(null, tests[currentTest++]);
-    else if (window.layoutTestController)
-        layoutTestController.notifyDone();
-}
-
-nextTest();
-</script>
--- a/tests/cors/access-control-basic-allow-access-control-origin-header-data-url.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-window.addEventListener("message", function(evt) {
-    if (evt.data == "done") {
-        layoutTestController.notifyDone();
-        return;
-    }
-
-    log(evt.data);
-}, false);
-</script>
-<iframe src='data:text/html,
-<script>
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
-    } catch(e) {
-        parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in open. [" + e.message + "].", "*");
-        return;
-    }
-
-    try {
-        xhr.send();
-    } catch(e) {
-        parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in send. [" + e.message + "].", "*");
-        return;
-    }
-
-    parent.postMessage(xhr.responseText, "*");
-})();
-parent.postMessage("done", "*");
-</script>'>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-access-control-origin-header.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send();
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-async.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function processStateChange()
-{
-    if (xhr.readyState == xhr.DONE) {
-        log(xhr.responseText);
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    }
-}
-
-function errorHandler()
-{
-    log("FAIL: Network error.");
-    if (window.layoutTestController)
-        layoutTestController.notifyDone();
-}
-
-var xhr = new XMLHttpRequest;
-xhr.onreadystatechange = processStateChange;
-xhr.onerror = errorHandler;
-
-xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", true);
-xhr.send();
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache-invalidation-by-header.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
-    log("FAIL: Network error. ");
-    if (window.layoutTestController)
-        layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCacheInvalidationByHeader.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
-    // Temp file removed.  We can start the test now.
-    if (xhr.readyState == xhr.DONE) {
-        firstRequest();
-    }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: First request complete");
-            secondRequest();
-        }
-    }
-
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
-    xhr.send();
-}
-
-function secondRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: Second request complete");
-            if (window.layoutTestController)
-                layoutTestController.notifyDone();
-        }
-    }
-
-    // Send a header not included in the inital cache. 
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
-    xhr.setRequestHeader("x-webkit-test", "headerValue");
-    xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache-invalidation-by-method.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
-    log("FAIL: Network error. ");
-    if (window.layoutTestController)
-        layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCacheInvalidationByMethod.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
-    // Temp file removed.  We can start the test now.
-    if (xhr.readyState == xhr.DONE) {
-        firstRequest();
-    }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: First request complete");
-            secondRequest();
-        }
-    }
-
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
-    xhr.send();
-}
-
-function secondRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: Second request complete");
-            if (window.layoutTestController)
-                layoutTestController.notifyDone();
-        }
-    }
-
-    // Send a method not included in the initial cache.
-    xhr.open("XMETHOD", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
-    xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache-timeout.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
-    log("FAIL: Network error. ");
-    if (window.layoutTestController)
-        layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCacheTimeout.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
-    // Temp file removed.  We can start the test now.
-    if (xhr.readyState == xhr.DONE) {
-        firstRequest();
-    }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: First request complete");
-            setTimeout(secondRequest, 3000); // 5 seconds
-        }
-    }
-
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
-    xhr.send();
-}
-
-function secondRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: Second request complete")
-            if (window.layoutTestController)
-                layoutTestController.notifyDone();
-        }
-    }
-
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
-    xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-preflight-cache.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function errorHandler(event)
-{
-    log("FAIL: Network error. ");
-    if (window.layoutTestController)
-        layoutTestController.notifyDone();
-}
-
-var filename = "filename=preflightCache.txt";
-
-var xhr = new XMLHttpRequest;
-xhr.onerror = errorHandler;
-
-start = function()
-{
-    // reset-temp-file.php reports an error on failure, for debugging problems with BuildBot setup.
-    if (xhr.responseText.length > 0)
-       log(xhr.responseText);
-
-    // Temp file removed.  We can start the test now.
-    if (xhr.readyState == xhr.DONE) {
-        firstRequest();
-    }
-}
-
-xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
-xhr.onreadystatechange = start;
-xhr.send();
-
-function firstRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: First request complete");
-            secondRequest();
-        }
-    }
-
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
-    xhr.send();
-}
-
-function secondRequest()
-{
-    xhr.onreadystatechange = function()
-    {
-        if (xhr.readyState == xhr.DONE) {
-            log(xhr.responseText);
-            log("PASS: Second request complete");
-            if (window.layoutTestController)
-                layoutTestController.notifyDone();
-        }
-    }
-
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
-    xhr.send();
-}
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow-star.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send();
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-
-if (window.layoutTestController)
-    layoutTestController.notifyDone();  
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-allow.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send();
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-
-if (window.layoutTestController)
-    layoutTestController.notifyDone();  
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-denied-preflight-cache.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-<html>
-<body>
-<p>Test async xhr preflight cache denial.  If this test passes, there should be a single PASS below.</p>
-<script>
-    if (window.layoutTestController) {
-        layoutTestController.dumpAsText();
-        layoutTestController.waitUntilDone();
-    }
-
-    var console_messages = document.createElement("ul");
-    document.body.appendChild(console_messages);
-
-    function log(message)
-    {
-        var item = document.createElement("li");
-        item.appendChild(document.createTextNode(message));
-        console_messages.appendChild(item);
-    }
-
-    xhr = new XMLHttpRequest;
-    xhr.onreadystatechange = processStateChange;
-    try {
-        xhr.open("FOO", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi");
-        xhr.send();
-    } catch (e) {
-        log("Got exception.");
-    }
-
-    function processStateChange() {
-        if (xhr.readyState == 1)
-            log("PASS");
-        else if (xhr.readyState == 4) {
-            if (window.layoutTestController)
-                layoutTestController.notifyDone();
-        }
-    }
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-denied.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send();
-    } catch(e) {
-        log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-get-fail-non-simple.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,38 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    // Non-whitelisted method
-    xhr.setRequestHeader("x-webkit", "foobar");
-
-    // This is going to fail because the cgi script is not prepared for an OPTIONS request. 
-    try {
-        xhr.send();
-    } catch(e) {
-        log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-non-simple-allow-async.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,41 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function processStateChange()
-{
-    if (xhr.readyState == xhr.DONE) {
-        log(xhr.responseText);
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    }
-}
-
-function errorHandler()
-{
-    log("FAIL: Network error.");
-    if (window.layoutTestController)
-        layoutTestController.notifyDone();
-}
-
-var xhr = new XMLHttpRequest;
-xhr.onreadystatechange = processStateChange;
-xhr.onerror = errorHandler;
-
-xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", true);
-xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
-xhr.send("PASS: PUT data received");
-
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-non-simple-allow.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
-
-    try {
-        xhr.send("PASS: PUT data received");
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-non-simple-deny-cached.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    xhr.setRequestHeader("Content-Type", "text/plain");
-
-    try {
-        xhr.send("PASS: PUT data received");
-    } catch(e) {
-        log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. GET cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    xhr.setRequestHeader("Content-Type", "application/xml");
-
-    try {
-        xhr.send("FAIL: PUT data received");
-        log("FAIL: Exception not thrown. Cross-domain access was allowed, even though content type was not on white list.");
-        log(xhr.responseText);
-    } catch(e) {
-        log("PASS: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        return;
-    }
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-post-fail-non-simple-content-type.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-var xhr = new XMLHttpRequest;
-
-(function() {
-    try {
-        xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-options-not-supported.cgi", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-    
-    // Content-Type is a simple header, but only if the type is one that could be sent via form submission already.
-    xhr.setRequestHeader("Content-Type", "application/xml");
-    
-    // This is going to fail because the cgi script is not prepared to serve an OPTIONS request.
-    try {
-        xhr.send(null);
-        log("FAIL: Cross-domain access was not denied in 'send'.");
-    } catch(e) {
-        log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
-        return;
-    }
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-whitelist-request-headers.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-    if (window.layoutTestController)
-        layoutTestController.dumpAsText();
-
-    function log(message)
-    {
-        document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-    }
-
-    try {
-        var xhr = new XMLHttpRequest;
-        xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-request-headers.cgi", false);
-        xhr.setRequestHeader("Accept", "*");
-        xhr.setRequestHeader("Accept-Language", "ru");
-        xhr.setRequestHeader("Content-Language", "ru");
-        xhr.setRequestHeader("Content-Type", "text/plain");
-        xhr.send("");
-    
-        log(xhr.responseText);
-    } catch (ex) {
-        log("Unexpected exception: " + ex);
-    }
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-basic-whitelist-response-headers.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-    if (window.layoutTestController)
-        layoutTestController.dumpAsText();
-
-    function log(message)
-    {
-        document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-    }
-
-    var xhr;
-
-    function testAllowed(name)
-    {
-        if (xhr.getResponseHeader(name))
-            log("PASS: Response header " + name + " allowed.");
-        else
-            log("FAIL: Response header " + name + " not allowed.");
-    }
-
-    function testDenied(name)
-    {
-        if (!xhr.getResponseHeader(name))
-            log("PASS: Response header " + name + " denied.");
-        else
-            log("FAIL: Response header " + name + " not denied.");
-    }
-
-
-    xhr = new XMLHttpRequest;
-    xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-response-headers.cgi", false);
-    xhr.send();
-
-    // Test getResponseHeader()
-    testAllowed("cache-control");
-    testAllowed("content-language");
-    testAllowed("content-type");
-    testAllowed("expires");
-    testAllowed("last-modified");
-    testAllowed("pragma");
-    testDenied("x-webkit");
-
-    // Test getAllResponseHeaders()
-    if (!xhr.getAllResponseHeaders().match("foobar"))
-        log("PASS: Non-whitelisted headers not passed to getAllResponseHeaders().");
-    else
-        log("FAIL: Non-whitelisted headers passed to getAllResponseHeaders().");
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-async-header-denied.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,64 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-(function() {
-    var xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Unable to reset server state: [" + e.message + "].");
-        return;
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", true);
-        xhr.setRequestHeader("X-NON-STANDARD", "filler");
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
-        return;
-    }
-
-    xhr.onerror = function() {
-        xhr = new XMLHttpRequest();
-
-        try {
-            xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
-            try {
-                xhr.send(null);
-            } catch(e) {
-                log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
-            }
-        } catch(e) {
-            log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
-        }
-
-        log(xhr.responseText);
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    }
-    
-    xhr.onreadystatechange = function() {
-        if (xhr.readyState == 4 && xhr.status == 200)
-            log("FAIL: Cross-domain access allowed in first send without throwing an exception");
-    }
-
-    xhr.send(null);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-async-method-denied.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-(function() {
-    var xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Unable to reset server state: [" + e.message + "].");
-        return;
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", true);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
-        return;
-    }
-
-    xhr.onerror = function() {
-        xhr = new XMLHttpRequest();
-
-        try {
-            xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
-            try {
-                xhr.send(null);
-            } catch(e) {
-                log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
-            }
-        } catch(e) {
-            log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
-        }
-
-        log(xhr.responseText);
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    }
-
-    xhr.onreadystatechange = function() {
-        if (xhr.readyState == 4 && xhr.status == 200)
-            log("FAIL: Cross-domain access allowed in first send without throwing an exception");
-    }
-
-    xhr.send(null);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-async-not-supported.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-(function() {
-    var xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Unable to reset server state: [" + e.message + "].");
-        return;
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", true);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
-        return;
-    }
-
-    xhr.onerror = function() {
-        xhr = new XMLHttpRequest();
-
-        try {
-            xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
-            try {
-                xhr.send(null);
-            } catch(e) {
-                log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
-            }
-        } catch(e) {
-            log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
-        }
-
-        log(xhr.responseText);
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    }
-
-    xhr.onreadystatechange = function() {
-        if (xhr.readyState == 4 && xhr.status == 200)
-            log("FAIL: Cross-domain access allowed in first send without throwing an exception");
-    }
-
-    xhr.send("");
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-credential-async.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-try {
-    var xhr = new XMLHttpRequest;
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
-    xhr.onerror = function (e) {
-        log("FAILED: received error");
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    };
-    xhr.onreadystatechange = function () {
-        if (xhr.readyState == 4) {
-            log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
-            if (window.layoutTestController)
-                layoutTestController.notifyDone();
-        }
-    };
-    xhr.send();
-} catch(e) {
-    log("FAILED: got exception " + e.message);
-}
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-credential-sync.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-<html>
-<body>
-<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-try {
-    var xhr = new XMLHttpRequest;
-    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
-    xhr.onerror = function (e) {
-        log("FAILED: received error");
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    };
-    xhr.onreadystatechange = function () {
-        if (xhr.readyState == 4) {
-            log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
-            if (window.layoutTestController)
-                layoutTestController.notifyDone();
-        }
-    };
-    xhr.send();
-} catch(e) {
-    log("FAILED: got exception " + e.message);
-}
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-headers-async.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
-<script>
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-}
-
-function resetStatus()
-{
-    var req = new XMLHttpRequest;
-    req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
-    req.send();
-}
-
-function sendRequest()
-{
-    var req = new XMLHttpRequest;
-    req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php");
-    req.setRequestHeader("X-Custom-Header", "foobar");
-    req.onerror = function() {
-        document.body.appendChild(document.createTextNode("FAIL: onerror called"));
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    }
-    req.onload = function() {
-        document.body.appendChild(document.createTextNode(req.responseText));
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
-    }
-    req.send();
-}
-
-resetStatus();
-sendRequest();
-</script>
--- a/tests/cors/access-control-preflight-headers-sync.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
-<script>
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-function resetStatus()
-{
-    var req = new XMLHttpRequest;
-    req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
-    req.send();
-}
-
-function sendRequest()
-{
-    try {
-        var req = new XMLHttpRequest;
-        req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php", false);
-        req.setRequestHeader("X-Custom-Header", "foobar");
-        req.send();
-        document.write("<xmp>" + req.responseText + "</xmp>");
-    } catch (ex) {
-        document.write("<xmp>" + ex + "</xmp>");
-    }
-}
-
-resetStatus();
-sendRequest();
-</script>
--- a/tests/cors/access-control-preflight-sync-header-denied.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Unable to reset server state: [" + e.message + "].");
-        return;
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", false);
-        xhr.setRequestHeader("X-NON-STANDARD", "filler");
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send(null);
-        log("FAIL: Cross-domain access allowed in first send without throwing an exception");
-        return;
-    } catch(e) {
-        // Eat the exception.
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-sync-method-denied.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Unable to reset server state: [" + e.message + "].");
-        return;
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send(null);
-        log("FAIL: Cross-domain access allowed in first send without throwing an exception");
-        return;
-    } catch(e) {
-        // Eat the exception.
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-preflight-sync-not-supported.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
-if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-(function() {
-    var xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Unable to reset server state: [" + e.message + "].");
-        return;
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send(null);
-        log("FAIL: Cross-domain access allowed in first send without throwing an exception");
-        return;
-    } catch(e) {
-        // Eat the exception.
-    }
-
-    xhr = new XMLHttpRequest();
-
-    try {
-        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send(null);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-})();
-</script>
-</body>
-</html>
--- a/tests/cors/access-control-response-with-body-sync.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-<html>
-<body>
-<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
-Body from cross origin preflight response is prepended to the actual response body.</p>
-<div id=result>Running test...</div>
-<script>
-
-  if (window.layoutTestController)
-    layoutTestController.dumpAsText();
-
-  window.onload = function() {
-      var xhr = new XMLHttpRequest();
-       xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php", false);
-       xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-       xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
-       xhr.send(null);
-
-       document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
-  };
-  
-</script>
-
-</body>
-</html>
--- a/tests/cors/access-control-response-with-body.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-<html>
-<body>
-<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
-Body from cross origin preflight response is prepended to the actual response body.</p>
-<div id=result>Running test...</div>
-<script>
-
-  if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.waitUntilDone();
-  }
-
-  window.onload = function() {
-      var xhr = new XMLHttpRequest();
-      xhr.onreadystatechange=function() {
-        if (xhr.readyState==4) {
-          document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
-          if (window.layoutTestController)
-            layoutTestController.notifyDone();
-        }
-       };
-
-       xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php");
-       xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-       xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
-       xhr.send(null);
-  };
-  
-</script>
-
-</body>
-</html>
--- a/tests/cors/access-control-sandboxed-iframe-allow.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-<html>
-<script>
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.dumpChildFramesAsText();
-}
-
-</script>
-<body>
-    <p>This test verifies that sandboxed iframe has XmlHttpRequest access
-    to the server that accepts all domains. It will print &quot;PASS&quot; on success.</p>
-    
-    <iframe sandbox="allow-scripts" src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html" style="width: 500px;">
-    </iframe> 
-    
-</body> 
-</html> 
--- a/tests/cors/access-control-sandboxed-iframe-denied-without-wildcard.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-<html>
-<script>
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.dumpChildFramesAsText();
-}
-
-</script>
-<body>
-
-    <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access to
-    its server with "Access-Control-Allow-Origin" set to its own origin (127.0.0.1).</p>
-    
-    <p>This test will print &quot;PASS&quot; on success.</p>
-
-    <iframe sandbox="allow-scripts"
-            src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html" style="width: 500px;">
-    </iframe>
-    
-</body>
-</html>
--- a/tests/cors/access-control-sandboxed-iframe-denied.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-<html> 
-<script>
-
-if (window.layoutTestController) {
-    layoutTestController.dumpAsText();
-    layoutTestController.dumpChildFramesAsText();
-}
-
-</script>
-
-<body> 
-    <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access
-    to its server. It will print &quot;PASS&quot; on success.</p>
-    
-    <iframe sandbox="allow-scripts"
-            src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html" style="width: 500px;">
-    </iframe> 
-</body> 
-</html> 
--- a/tests/cors/resources/access-control-allow-with-body.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-<?php
-    header("Access-control-allow-headers: X-Requested-With");
-    header("Access-control-max-age: 0");
-    header("Access-control-allow-origin: *");
-    header("Access-control-allow-methods: *");
-    header("Vary: Accept-Encoding");
-    header("Content-Type: text/plain");
-
-    print "echo"
-?>
--- a/tests/cors/resources/access-control-basic-allow-access-control-origin-header.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Cache-Control: no-cache, no-store\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
-print "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
--- a/tests/cors/resources/access-control-basic-allow-print-headers.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Cache-Control: no-store\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-foreach (keys %ENV) {
-    if ($_ =~ "HTTP_") {
-        print $_ . ": " . $ENV{$_} . "\n";
-    }
-}
--- a/tests/cors/resources/access-control-basic-allow-star.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-basic-allow.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Credentials: true\n";
-print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-basic-denied.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n\n";
-
-print "FAIL: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-basic-get-fail-non-simple.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-my $request;
-
-if ($ENV{'REQUEST_METHOD'} eq "GET") {
-    print "Content-Type: text/plain\n";
-    print "Access-Control-Allow-Credentials: true\n";
-    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-    print "FAIL: Cross-domain access allowed.\n";
-}
--- a/tests/cors/resources/access-control-basic-non-get-allow.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-my $request;
-
-if ($ENV{'REQUEST_METHOD'} eq "OPTIONS") {
-    print "Content-Type: text/plain\n";
-    print "Access-Control-Allow-Credentials: true\n";
-    print "Access-Control-Allow-Methods: PUT\n";
-    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-} elsif ($ENV{'REQUEST_METHOD'} eq "PUT") {
-    print "Content-Type: text/plain\n";
-    print "Access-Control-Allow-Credentials: true\n";
-    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
-    print "PASS: Cross-domain access allowed.\n";
-    read(STDIN, $request, $ENV{'CONTENT_LENGTH'}) || die "Could not read in content.\n";
-    print $request;
-} else {
-    print "Content-Type: text/plain\n\n";
-    print "Wrong method: " . $ENV{'REQUEST_METHOD'} . "\n";
-}
--- a/tests/cors/resources/access-control-basic-options-not-supported.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Cache-Control: no-store\n";
-
-# Allow simple requests, but deny preflight.
-if ($ENV{'REQUEST_METHOD'} ne "OPTIONS") {
-    print "Access-Control-Allow-Credentials: true\n";
-    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n";
-}
-
-print "\n";
--- a/tests/cors/resources/access-control-basic-post-fail-non-simple.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-my $request;
-
-if ($ENV{'REQUEST_METHOD'} eq "POST") {
-    print "Content-Type: text/plain\n";
-    print "Access-Control-Allow-Credentials: true\n";
-    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-    print "FAIL: Cross-domain access allowed.\n";
-}
--- a/tests/cors/resources/access-control-basic-preflight-cache-invalidation.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
-
-function fail()
-{
-    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-    header("Access-Control-Allow-Credentials: true");
-    header("Access-Control-Allow-Methods: PUT");
-    header("Access-Control-Allow-Headers: x-webkit-test");
-    echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
-    exit();
-}
-
-function setState($newState, $file)
-{
-    file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
-    if (!file_exists($file)) {
-        return "Uninitialized";
-    }
-    return file_get_contents($file);
-}
-
-$state = getState($tmpFile);
-
-if ($state == "Uninitialized") {
-    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        header("Access-Control-Allow-Methods: PUT");
-        header("Access-Control-Max-Age: 10"); // 10 seconds
-        setState("OptionsSent", $tmpFile);
-    } else {
-        fail();
-    }
-} else if ($state == "OptionsSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "PASS: First PUT request.";
-        setState("FirstPUTSent", $tmpFile);
-    } else {
-        fail();
-    }
-} else if ($state == "FirstPUTSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        header("Access-Control-Allow-Methods: PUT, XMETHOD");
-        header("Access-Control-Allow-Headers: x-webkit-test");
-        setState("SecondOPTIONSSent", $tmpFile);
-    } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "FAIL: Second PUT request sent without preflight";
-    }
-} else if ($state == "SecondOPTIONSSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "PUT" || $_SERVER['REQUEST_METHOD'] == "XMETHOD") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "PASS: Second OPTIONS request was sent.";
-    } else {
-        fail();
-    }
-} else {
-    fail();
-}
-?>
--- a/tests/cors/resources/access-control-basic-preflight-cache-timeout.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
-
-function fail()
-{
-    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-    header("Access-Control-Allow-Credentials: true");
-    header("Access-Control-Allow-Methods: PUT");
-    header("Access-Control-Allow-Headers: x-webkit-test");
-    echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
-    exit();
-}
-
-function setState($newState, $file)
-{
-    file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
-    if (!file_exists($file)) {
-        return "Uninitialized";
-    }
-    return file_get_contents($file);
-}
-
-$state = getState($tmpFile);
-
-if ($state == "Uninitialized") {
-    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        header("Access-Control-Allow-Methods: PUT");
-        header("Access-Control-Allow-Headers: x-webkit-test");
-        header("Access-Control-Max-Age: 1"); // 1 second
-        setState("OptionsSent", $tmpFile);
-    } else {
-        fail();
-    }
-} else if ($state == "OptionsSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "PASS: First PUT request.";
-        setState("FirstPUTSent", $tmpFile);
-    } else {
-        fail();
-    }
-} else if ($state == "FirstPUTSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        header("Access-Control-Allow-Methods: PUT");
-        header("Access-Control-Allow-Headers: x-webkit-test");
-        setState("SecondOPTIONSSent", $tmpFile);
-    } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "FAIL: Second PUT request sent without preflight";
-    }
-} else if ($state == "SecondOPTIONSSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "PASS: Second OPTIONS request was sent.";
-    } else {
-        fail();
-    }
-} else {
-    fail();
-}
-?>
--- a/tests/cors/resources/access-control-basic-preflight-cache.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
-
-function fail()
-{
-    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-    header("Access-Control-Allow-Credentials: true");
-    header("Access-Control-Allow-Methods: PUT");
-    header("Access-Control-Allow-Headers: x-webkit-test");
-    echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
-    exit();
-}
-
-function setState($newState, $file)
-{
-    file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
-    if (!file_exists($file)) {
-        return "Uninitialized";
-    }
-    return file_get_contents($file);
-}
-
-$state = getState($tmpFile);
-
-if ($state == "Uninitialized") {
-    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        header("Access-Control-Allow-Methods: PUT");
-        header("Access-Control-Allow-Headers: x-webkit-test");
-        header("Access-Control-Max-Age: 10"); // 10 seconds
-        setState("OptionsSent", $tmpFile);
-    } else {
-        fail();
-    }
-} else if ($state == "OptionsSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "PASS: First PUT request.";
-        setState("FirstPUTSent", $tmpFile);
-    } else {
-        fail();
-    }
-} else if ($state == "FirstPUTSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "PASS: Second PUT request.  Preflight worked";
-    } else if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        header("Access-Control-Allow-Methods: PUT");
-        header("Access-Control-Allow-Headers: x-webkit-test");
-        setState("FAILSecondOPTIONSSent", $tmpFile);
-    }
-} else if ($state == "FAILSecondOPTIONSSent") {
-    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Allow-Credentials: true");
-        echo "FAIL: Second OPTIONS request was sent.  Preflight failed";
-    } else {
-        fail();
-    }
-} else {
-    fail();
-}
-?>
--- a/tests/cors/resources/access-control-basic-whitelist-request-headers.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Cache-Control: no-store\n";
-
-# This should be a simple request, deny preflight.
-if ($ENV{'REQUEST_METHOD'} eq "POST") {
-    print "Access-Control-Allow-Credentials: true\n";
-    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
-    print "Accept: $ENV{'HTTP_ACCEPT'}\n";
-    print "Accept-Language: $ENV{'HTTP_ACCEPT_LANGUAGE'}\n";
-    print "Content-Language: $ENV{'HTTP_CONTENT_LANGUAGE'}\n";
-    print "Content-Type: $ENV{'CONTENT_TYPE'}\n";
-} else {
-    print "\n";
-}
--- a/tests/cors/resources/access-control-basic-whitelist-response-headers.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-# in whitelist
-print "content-type: text/plain\n";
-print "cache-control: no cache\n";
-print "content-language: en\n";
-print "expires: Fri, 30 Oct 1998 14:19:41 GMT\n";
-print "last-modified: Tue, 15 Nov 1994 12:45:26 GMT\n";
-print "pragma: no-cache\n";
-
-# not in whitelist
-print "x-webkit: foobar\n";
-
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Cross-domain access allowed.\n";
--- a/tests/cors/resources/access-control-preflight-denied-xsrf.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,67 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$tmpFile = sys_get_temp_dir() . "/xsrf.txt";
-
-function fail($state)
-{
-    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-    header("Access-Control-Allow-Credentials: true");
-    header("Access-Control-Allow-Methods: GET");
-    header("Access-Control-Max-Age: 1");
-    echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n";
-    exit();
-}
-
-function setState($newState, $file)
-{
-    file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
-    $state = NULL;
-    if (file_exists($file))
-        $state = file_get_contents($file);
-    return $state ? $state : "Uninitialized";
-}
-
-$state = getState($tmpFile);
-
-if ($_SERVER['REQUEST_METHOD'] == "GET" 
-    && $_GET['state'] == "reset") {
-    if (file_exists($tmpFile)) unlink($tmpFile);
-    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-    header("Access-Control-Max-Age: 1");
-    echo "Server state reset.\n";
-} else if ($state == "Uninitialized") {
-    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-        if ($_GET['state'] == "method" || $_GET['state'] == "header") {
-            header("Access-Control-Allow-Methods: GET");
-            header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-            header("Access-Control-Max-Age: 1");
-        }
-        echo("FAIL: This request should not be displayed.\n");
-        setState("Denied", $tmpFile);
-    } else {
-        fail($state);
-    }
-} else if ($state == "Denied") {
-    if ($_SERVER['REQUEST_METHOD'] == "GET" 
-        && $_GET['state'] == "complete") {
-        unlink($tmpFile);
-        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
-        header("Access-Control-Max-Age: 1");
-        echo "PASS: Request successfully blocked.\n";
-    } else {
-        setState("Deny Ignored", $tmpFile);
-        fail($state);
-    }
-} else if ($state == "Deny Ignored") {
-    unlink($tmpFile);
-    fail($state);
-} else {
-    if (file_exists($tmpFile)) unlink($tmpFile);
-    fail("Unknown");
-}
-?>
--- a/tests/cors/resources/access-control-sandboxed-iframe-allow-iframe.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-<html> 
-<body> 
-<pre id='console'></pre> 
-<script type="text/javascript"> 
-
-document.getElementById('console').innerHTML = (function() { 
-    var xhr = new XMLHttpRequest; 
- 
-    try { 
-        xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi", false); 
-    } catch(e) { 
-        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "]."; 
-    } 
- 
-    try { 
-        xhr.send(); 
-    } catch(e) { 
-        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'send'. [" + e.message + "]."; 
-    } 
- 
-    return xhr.responseText; 
-})(); 
-</script> 
-</body> 
-</html>
--- a/tests/cors/resources/access-control-sandboxed-iframe-allow.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Credentials: true\n";
-print "Access-Control-Allow-Origin: *\n\n";
-
-print "PASS: Sandboxed iframe XHR access allowed.\n";
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied-iframe.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-<html> 
-<body> 
-<pre id='console'></pre> 
-<script type="text/javascript"> 
-
-document.getElementById('console').innerHTML = (function() {
-    var xhr = new XMLHttpRequest; 
- 
- 
-    try { 
-        xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi", false); 
-    } catch(e) { 
-        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "]."; 
-    } 
- 
-    try { 
-        xhr.send(); 
-    } catch(e) { 
-        return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "]."; 
-    }
- 
-    return xhr.responseText; 
-})();
-  
-</script> 
-</body> 
-</html>
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-<html>
-<body>
-<pre id='console'></pre>
-<script type="text/javascript">
-
-document.getElementById('console').innerHTML = (function() {
-    var xhr = new XMLHttpRequest;
-
-    try {
-        xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi", false);
-    } catch(e) {
-        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
-    }
-
-    try {
-        xhr.send();
-    } catch(e) {
-        return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "].";
-    }
-
-    return xhr.responseText;
-})();
-
-</script>
-</body>
-</html>
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n";
-print "Access-Control-Allow-Credentials: true\n";
-print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
-
-print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- a/tests/cors/resources/access-control-sandboxed-iframe-denied.cgi	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-#!/usr/bin/perl -wT
-use strict;
-
-print "Content-Type: text/plain\n\n";
-
-print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- a/tests/cors/resources/basic-auth/.svn/all-wcprops	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 98
-/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
-END
-access-control-auth-basic.php
-K 25
-svn:wc:ra_dav:version-url
-V 128
-/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php
-END
-basic-auth.php
-K 25
-svn:wc:ra_dav:version-url
-V 113
-/repository/webkit/!svn/ver/24227/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/basic-auth.php
-END
--- a/tests/cors/resources/basic-auth/.svn/entries	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,96 +0,0 @@
-10
-
-dir
-102004
-http://svn.webkit.org/repository/webkit/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
-http://svn.webkit.org/repository/webkit
-
-
-
-2010-04-28T16:29:22.915186Z
-58409
[email protected]
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
-access-control-auth-basic.php
-file
-
-
-
-
-2011-11-14T21:09:08.417946Z
-1342b2f90905a7f1b2fa19ac807a00af
-2010-04-28T16:29:22.915186Z
-58409
[email protected]
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-630
-
-basic-auth.php
-file
-
-
-
-
-2011-11-14T21:09:08.417946Z
-a82ea42c784b9b663e54196755ab7112
-2007-07-12T04:17:17.612601Z
-24227
-ap
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-377
-
--- a/tests/cors/resources/basic-auth/.svn/text-base/access-control-auth-basic.php.svn-base	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-<?php
-
-header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
-header("Access-Control-Allow-Credentials: true");
-header("Access-Control-Allow-Methods: PUT");
-
-if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
-    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
-        header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
-        header('HTTP/1.0 401 Unauthorized');
-        echo 'Authentication canceled';
-        exit;
-    } else {
-        echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
-    }
-}
-?>
--- a/tests/cors/resources/basic-auth/.svn/text-base/basic-auth.php.svn-base	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-<?php
-  if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
-   header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
-   header('HTTP/1.0 401 Unauthorized');
-   echo 'Authentication canceled';
-   exit;
-  } else {
-   echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
-  }
-?>
--- a/tests/cors/resources/basic-auth/access-control-auth-basic.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-<?php
-
-header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
-header("Access-Control-Allow-Credentials: true");
-header("Access-Control-Allow-Methods: PUT");
-
-if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
-    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
-        header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
-        header('HTTP/1.0 401 Unauthorized');
-        echo 'Authentication canceled';
-        exit;
-    } else {
-        echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
-    }
-}
-?>
--- a/tests/cors/resources/basic-auth/basic-auth.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-<?php
-  if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
-   header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
-   header('HTTP/1.0 401 Unauthorized');
-   echo 'Authentication canceled';
-   exit;
-  } else {
-   echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
-  }
-?>
--- a/tests/cors/resources/no-custom-header.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<?php
-require_once '../../resources/portabilityLayer.php';
-
-$stateFile = sys_get_temp_dir() . "/access-control-preflight-headers-status";
-
-function setState($newState, $file)
-{
-    file_put_contents($file, $newState);
-}
-
-function getState($file)
-{
-    if (!file_exists($file)) {
-        return "";
-    }
-    return file_get_contents($file);
-}
-
-header("Access-Control-Allow-Origin: *");
-header("Access-Control-Allow-Headers: X-Custom-Header");
-header("Access-Control-Max-Age: 0");
-
-if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
-    if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
-        setState("FAIL", $stateFile);
-    else
-        setState("PASS", $stateFile);
-} else {
-    if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
-        echo getState($stateFile);
-    else
-        echo "FAIL - no header in actual request";
-}
-?>
--- a/tests/cors/resources/redirect.php	Tue Dec 06 13:55:49 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
-<?php
-    $url = $_GET['url'];
-    header("Location: $url");
-?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-and-redirects.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,63 @@
+<p>Tests that redirects between origins are never allowed, even when access control is involved.</p>
+<p>Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.</p>
+
+<pre id="console"></pre>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
+}
+
+function runTest(url, expectSyncSuccess, expectAsyncSuccess)
+{
+    log("Testing " + url + " (sync)");
+    log("Expecting success: " + expectSyncSuccess);
+
+    var req = new XMLHttpRequest();
+    req.open("GET", url, false);
+
+    try {
+        req.send(null);
+        log((expectSyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
+    } catch (ex) {
+        log((expectSyncSuccess ? "FAIL" : "PASS") + ": " + ex);
+    }
+    
+    log("Testing " + url + "(async)");
+    log("Expecting success: " + expectAsyncSuccess);
+
+    req = new XMLHttpRequest();
+    req.open("GET", url, true);
+    req.onload = function() {
+        log((expectAsyncSuccess ? "PASS" : "FAIL") + ": " + req.responseText);
+        nextTest();
+    }
+    req.onerror = function() {
+        log((expectAsyncSuccess ? "FAIL" : "PASS") + ": " + req.status);
+        nextTest();
+    }
+    req.send(null);
+}
+
+var tests = [
+    ["/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
+    ["http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false],
+    ["http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false, false]
+]
+
+var currentTest = 0;
+
+function nextTest() {
+    if (currentTest < tests.length)
+        runTest.apply(null, tests[currentTest++]);
+    else if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+nextTest();
+</script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header-data-url.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,48 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+window.addEventListener("message", function(evt) {
+    if (evt.data == "done") {
+        layoutTestController.notifyDone();
+        return;
+    }
+
+    log(evt.data);
+}, false);
+</script>
+<iframe src='data:text/html,
+<script>
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
+    } catch(e) {
+        parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in open. [" + e.message + "].", "*");
+        return;
+    }
+
+    try {
+        xhr.send();
+    } catch(e) {
+        parent.postMessage("FAIL: Exception thrown. Cross-domain access is not allowed in send. [" + e.message + "].", "*");
+        return;
+    }
+
+    parent.postMessage(xhr.responseText, "*");
+})();
+parent.postMessage("done", "*");
+</script>'>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,34 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-access-control-origin-header.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send();
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-async.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,40 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function processStateChange()
+{
+    if (xhr.readyState == xhr.DONE) {
+        log(xhr.responseText);
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+}
+
+function errorHandler()
+{
+    log("FAIL: Network error.");
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var xhr = new XMLHttpRequest;
+xhr.onreadystatechange = processStateChange;
+xhr.onerror = errorHandler;
+
+xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", true);
+xhr.send();
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-invalidation-by-header.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,74 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+    log("FAIL: Network error. ");
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCacheInvalidationByHeader.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+    // Temp file removed.  We can start the test now.
+    if (xhr.readyState == xhr.DONE) {
+        firstRequest();
+    }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: First request complete");
+            secondRequest();
+        }
+    }
+
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+    xhr.send();
+}
+
+function secondRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: Second request complete");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }
+
+    // Send a header not included in the inital cache. 
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+    xhr.setRequestHeader("x-webkit-test", "headerValue");
+    xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-invalidation-by-method.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,73 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+    log("FAIL: Network error. ");
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCacheInvalidationByMethod.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+    // Temp file removed.  We can start the test now.
+    if (xhr.readyState == xhr.DONE) {
+        firstRequest();
+    }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: First request complete");
+            secondRequest();
+        }
+    }
+
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+    xhr.send();
+}
+
+function secondRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: Second request complete");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }
+
+    // Send a method not included in the initial cache.
+    xhr.open("XMETHOD", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php?" + filename, true);
+    xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache-timeout.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,72 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+    log("FAIL: Network error. ");
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCacheTimeout.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+    // Temp file removed.  We can start the test now.
+    if (xhr.readyState == xhr.DONE) {
+        firstRequest();
+    }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: First request complete");
+            setTimeout(secondRequest, 3000); // 5 seconds
+        }
+    }
+
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
+    xhr.send();
+}
+
+function secondRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: Second request complete")
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }
+
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php?" + filename, true);
+    xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-preflight-cache.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,76 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function errorHandler(event)
+{
+    log("FAIL: Network error. ");
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var filename = "filename=preflightCache.txt";
+
+var xhr = new XMLHttpRequest;
+xhr.onerror = errorHandler;
+
+start = function()
+{
+    // reset-temp-file.php reports an error on failure, for debugging problems with BuildBot setup.
+    if (xhr.responseText.length > 0)
+       log(xhr.responseText);
+
+    // Temp file removed.  We can start the test now.
+    if (xhr.readyState == xhr.DONE) {
+        firstRequest();
+    }
+}
+
+xhr.open("GET", "/resources/reset-temp-file.php?" + filename, true);
+xhr.onreadystatechange = start;
+xhr.send();
+
+function firstRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: First request complete");
+            secondRequest();
+        }
+    }
+
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
+    xhr.send();
+}
+
+function secondRequest()
+{
+    xhr.onreadystatechange = function()
+    {
+        if (xhr.readyState == xhr.DONE) {
+            log(xhr.responseText);
+            log("PASS: Second request complete");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }
+
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-preflight-cache.php?" + filename, true);
+    xhr.send();
+}
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-star.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send();
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+
+if (window.layoutTestController)
+    layoutTestController.notifyDone();  
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send();
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+
+if (window.layoutTestController)
+    layoutTestController.notifyDone();  
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-denied-preflight-cache.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,39 @@
+<html>
+<body>
+<p>Test async xhr preflight cache denial.  If this test passes, there should be a single PASS below.</p>
+<script>
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+    }
+
+    var console_messages = document.createElement("ul");
+    document.body.appendChild(console_messages);
+
+    function log(message)
+    {
+        var item = document.createElement("li");
+        item.appendChild(document.createTextNode(message));
+        console_messages.appendChild(item);
+    }
+
+    xhr = new XMLHttpRequest;
+    xhr.onreadystatechange = processStateChange;
+    try {
+        xhr.open("FOO", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi");
+        xhr.send();
+    } catch (e) {
+        log("Got exception.");
+    }
+
+    function processStateChange() {
+        if (xhr.readyState == 1)
+            log("PASS");
+        else if (xhr.readyState == 4) {
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-denied.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,34 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send();
+    } catch(e) {
+        log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-get-fail-non-simple.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,38 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    // Non-whitelisted method
+    xhr.setRequestHeader("x-webkit", "foobar");
+
+    // This is going to fail because the cgi script is not prepared for an OPTIONS request. 
+    try {
+        xhr.send();
+    } catch(e) {
+        log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-non-simple-allow-async.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,41 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function processStateChange()
+{
+    if (xhr.readyState == xhr.DONE) {
+        log(xhr.responseText);
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+}
+
+function errorHandler()
+{
+    log("FAIL: Network error.");
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var xhr = new XMLHttpRequest;
+xhr.onreadystatechange = processStateChange;
+xhr.onerror = errorHandler;
+
+xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", true);
+xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
+xhr.send("PASS: PUT data received");
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-non-simple-allow.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,36 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
+
+    try {
+        xhr.send("PASS: PUT data received");
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-non-simple-deny-cached.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,52 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    xhr.setRequestHeader("Content-Type", "text/plain");
+
+    try {
+        xhr.send("PASS: PUT data received");
+    } catch(e) {
+        log("FAIL: Exception thrown. PUT cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-non-get-allow.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. GET cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    xhr.setRequestHeader("Content-Type", "application/xml");
+
+    try {
+        xhr.send("FAIL: PUT data received");
+        log("FAIL: Exception not thrown. Cross-domain access was allowed, even though content type was not on white list.");
+        log(xhr.responseText);
+    } catch(e) {
+        log("PASS: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        return;
+    }
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-post-fail-non-simple-content-type.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var xhr = new XMLHttpRequest;
+
+(function() {
+    try {
+        xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-options-not-supported.cgi", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+    
+    // Content-Type is a simple header, but only if the type is one that could be sent via form submission already.
+    xhr.setRequestHeader("Content-Type", "application/xml");
+    
+    // This is going to fail because the cgi script is not prepared to serve an OPTIONS request.
+    try {
+        xhr.send(null);
+        log("FAIL: Cross-domain access was not denied in 'send'.");
+    } catch(e) {
+        log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+        return;
+    }
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-whitelist-request-headers.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,28 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+
+    function log(message)
+    {
+        document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+    }
+
+    try {
+        var xhr = new XMLHttpRequest;
+        xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-request-headers.cgi", false);
+        xhr.setRequestHeader("Accept", "*");
+        xhr.setRequestHeader("Accept-Language", "ru");
+        xhr.setRequestHeader("Content-Language", "ru");
+        xhr.setRequestHeader("Content-Type", "text/plain");
+        xhr.send("");
+    
+        log(xhr.responseText);
+    } catch (ex) {
+        log("Unexpected exception: " + ex);
+    }
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-whitelist-response-headers.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,52 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+
+    function log(message)
+    {
+        document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+    }
+
+    var xhr;
+
+    function testAllowed(name)
+    {
+        if (xhr.getResponseHeader(name))
+            log("PASS: Response header " + name + " allowed.");
+        else
+            log("FAIL: Response header " + name + " not allowed.");
+    }
+
+    function testDenied(name)
+    {
+        if (!xhr.getResponseHeader(name))
+            log("PASS: Response header " + name + " denied.");
+        else
+            log("FAIL: Response header " + name + " not denied.");
+    }
+
+
+    xhr = new XMLHttpRequest;
+    xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-whitelist-response-headers.cgi", false);
+    xhr.send();
+
+    // Test getResponseHeader()
+    testAllowed("cache-control");
+    testAllowed("content-language");
+    testAllowed("content-type");
+    testAllowed("expires");
+    testAllowed("last-modified");
+    testAllowed("pragma");
+    testDenied("x-webkit");
+
+    // Test getAllResponseHeaders()
+    if (!xhr.getAllResponseHeaders().match("foobar"))
+        log("PASS: Non-whitelisted headers not passed to getAllResponseHeaders().");
+    else
+        log("FAIL: Non-whitelisted headers passed to getAllResponseHeaders().");
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-async-header-denied.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,64 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+(function() {
+    var xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Unable to reset server state: [" + e.message + "].");
+        return;
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", true);
+        xhr.setRequestHeader("X-NON-STANDARD", "filler");
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+        return;
+    }
+
+    xhr.onerror = function() {
+        xhr = new XMLHttpRequest();
+
+        try {
+            xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+            try {
+                xhr.send(null);
+            } catch(e) {
+                log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+            }
+        } catch(e) {
+            log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+        }
+
+        log(xhr.responseText);
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+    
+    xhr.onreadystatechange = function() {
+        if (xhr.readyState == 4 && xhr.status == 200)
+            log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+    }
+
+    xhr.send(null);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-async-method-denied.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,63 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+(function() {
+    var xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Unable to reset server state: [" + e.message + "].");
+        return;
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", true);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+        return;
+    }
+
+    xhr.onerror = function() {
+        xhr = new XMLHttpRequest();
+
+        try {
+            xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+            try {
+                xhr.send(null);
+            } catch(e) {
+                log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+            }
+        } catch(e) {
+            log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+        }
+
+        log(xhr.responseText);
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+
+    xhr.onreadystatechange = function() {
+        if (xhr.readyState == 4 && xhr.status == 200)
+            log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+    }
+
+    xhr.send(null);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-async-not-supported.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,63 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+(function() {
+    var xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Unable to reset server state: [" + e.message + "].");
+        return;
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", true);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+        return;
+    }
+
+    xhr.onerror = function() {
+        xhr = new XMLHttpRequest();
+
+        try {
+            xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+            try {
+                xhr.send(null);
+            } catch(e) {
+                log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+            }
+        } catch(e) {
+            log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+        }
+
+        log(xhr.responseText);
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+
+    xhr.onreadystatechange = function() {
+        if (xhr.readyState == 4 && xhr.status == 200)
+            log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+    }
+
+    xhr.send("");
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-credential-async.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+try {
+    var xhr = new XMLHttpRequest;
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
+    xhr.onerror = function (e) {
+        log("FAILED: received error");
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    };
+    xhr.onreadystatechange = function () {
+        if (xhr.readyState == 4) {
+            log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    };
+    xhr.send();
+} catch(e) {
+    log("FAILED: got exception " + e.message);
+}
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-credential-sync.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,37 @@
+<html>
+<body>
+<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+try {
+    var xhr = new XMLHttpRequest;
+    xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
+    xhr.onerror = function (e) {
+        log("FAILED: received error");
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    };
+    xhr.onreadystatechange = function () {
+        if (xhr.readyState == 4) {
+            log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    };
+    xhr.send();
+} catch(e) {
+    log("FAILED: got exception " + e.message);
+}
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-headers-async.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,35 @@
+<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function resetStatus()
+{
+    var req = new XMLHttpRequest;
+    req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
+    req.send();
+}
+
+function sendRequest()
+{
+    var req = new XMLHttpRequest;
+    req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php");
+    req.setRequestHeader("X-Custom-Header", "foobar");
+    req.onerror = function() {
+        document.body.appendChild(document.createTextNode("FAIL: onerror called"));
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+    req.onload = function() {
+        document.body.appendChild(document.createTextNode(req.responseText));
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+    req.send();
+}
+
+resetStatus();
+sendRequest();
+</script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-headers-sync.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,28 @@
+<p>Test that custom headers are not sent with OPTIONS preflight request.</p>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function resetStatus()
+{
+    var req = new XMLHttpRequest;
+    req.open("GET", "/resources/reset-temp-file.php?filename=access-control-preflight-headers-status", false);
+    req.send();
+}
+
+function sendRequest()
+{
+    try {
+        var req = new XMLHttpRequest;
+        req.open("GET", "http://localhost:8000/xmlhttprequest/resources/no-custom-header.php", false);
+        req.setRequestHeader("X-Custom-Header", "foobar");
+        req.send();
+        document.write("<xmp>" + req.responseText + "</xmp>");
+    } catch (ex) {
+        document.write("<xmp>" + ex + "</xmp>");
+    }
+}
+
+resetStatus();
+sendRequest();
+</script>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-sync-header-denied.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,62 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Unable to reset server state: [" + e.message + "].");
+        return;
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", false);
+        xhr.setRequestHeader("X-NON-STANDARD", "filler");
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send(null);
+        log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+        return;
+    } catch(e) {
+        // Eat the exception.
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-sync-method-denied.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,61 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Unable to reset server state: [" + e.message + "].");
+        return;
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send(null);
+        log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+        return;
+    } catch(e) {
+        // Eat the exception.
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-preflight-sync-not-supported.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,61 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+(function() {
+    var xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Unable to reset server state: [" + e.message + "].");
+        return;
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send(null);
+        log("FAIL: Cross-domain access allowed in first send without throwing an exception");
+        return;
+    } catch(e) {
+        // Eat the exception.
+    }
+
+    xhr = new XMLHttpRequest();
+
+    try {
+        xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send(null);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+})();
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-response-with-body-sync.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,24 @@
+<html>
+<body>
+<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
+Body from cross origin preflight response is prepended to the actual response body.</p>
+<div id=result>Running test...</div>
+<script>
+
+  if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+  window.onload = function() {
+      var xhr = new XMLHttpRequest();
+       xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php", false);
+       xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+       xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+       xhr.send(null);
+
+       document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
+  };
+  
+</script>
+
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-response-with-body.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,32 @@
+<html>
+<body>
+<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=36854">bug 36854<a>:
+Body from cross origin preflight response is prepended to the actual response body.</p>
+<div id=result>Running test...</div>
+<script>
+
+  if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+  }
+
+  window.onload = function() {
+      var xhr = new XMLHttpRequest();
+      xhr.onreadystatechange=function() {
+        if (xhr.readyState==4) {
+          document.getElementById("result").innerHTML = (xhr.responseText == "echo") ? "PASS" : ("FAIL: " + xhr.responseText);
+          if (window.layoutTestController)
+            layoutTestController.notifyDone();
+        }
+       };
+
+       xhr.open("GET","http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php");
+       xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+       xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+       xhr.send(null);
+  };
+  
+</script>
+
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-sandboxed-iframe-allow.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,18 @@
+<html>
+<script>
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+}
+
+</script>
+<body>
+    <p>This test verifies that sandboxed iframe has XmlHttpRequest access
+    to the server that accepts all domains. It will print &quot;PASS&quot; on success.</p>
+    
+    <iframe sandbox="allow-scripts" src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html" style="width: 500px;">
+    </iframe> 
+    
+</body> 
+</html> 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-sandboxed-iframe-denied-without-wildcard.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,22 @@
+<html>
+<script>
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+}
+
+</script>
+<body>
+
+    <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access to
+    its server with "Access-Control-Allow-Origin" set to its own origin (127.0.0.1).</p>
+    
+    <p>This test will print &quot;PASS&quot; on success.</p>
+
+    <iframe sandbox="allow-scripts"
+            src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html" style="width: 500px;">
+    </iframe>
+    
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-sandboxed-iframe-denied.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,19 @@
+<html> 
+<script>
+
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+}
+
+</script>
+
+<body> 
+    <p>This test verifies that sandboxed iframe does not have XmlHttpRequest access
+    to its server. It will print &quot;PASS&quot; on success.</p>
+    
+    <iframe sandbox="allow-scripts"
+            src="http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html" style="width: 500px;">
+    </iframe> 
+</body> 
+</html> 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-allow-with-body.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,10 @@
+<?php
+    header("Access-control-allow-headers: X-Requested-With");
+    header("Access-control-max-age: 0");
+    header("Access-control-allow-origin: *");
+    header("Access-control-allow-methods: *");
+    header("Vary: Accept-Encoding");
+    header("Content-Type: text/plain");
+
+    print "echo"
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,9 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Cache-Control: no-cache, no-store\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
+print "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-print-headers.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,12 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Cache-Control: no-store\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+foreach (keys %ENV) {
+    if ($_ =~ "HTTP_") {
+        print $_ . ": " . $ENV{$_} . "\n";
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-star.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,7 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,8 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Credentials: true\n";
+print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-denied.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,6 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n\n";
+
+print "FAIL: Cross-domain access allowed.\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-get-fail-non-simple.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,11 @@
+#!/usr/bin/perl -wT
+use strict;
+
+my $request;
+
+if ($ENV{'REQUEST_METHOD'} eq "GET") {
+    print "Content-Type: text/plain\n";
+    print "Access-Control-Allow-Credentials: true\n";
+    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+    print "FAIL: Cross-domain access allowed.\n";
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-non-get-allow.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,22 @@
+#!/usr/bin/perl -wT
+use strict;
+
+my $request;
+
+if ($ENV{'REQUEST_METHOD'} eq "OPTIONS") {
+    print "Content-Type: text/plain\n";
+    print "Access-Control-Allow-Credentials: true\n";
+    print "Access-Control-Allow-Methods: PUT\n";
+    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+} elsif ($ENV{'REQUEST_METHOD'} eq "PUT") {
+    print "Content-Type: text/plain\n";
+    print "Access-Control-Allow-Credentials: true\n";
+    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+    print "PASS: Cross-domain access allowed.\n";
+    read(STDIN, $request, $ENV{'CONTENT_LENGTH'}) || die "Could not read in content.\n";
+    print $request;
+} else {
+    print "Content-Type: text/plain\n\n";
+    print "Wrong method: " . $ENV{'REQUEST_METHOD'} . "\n";
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-options-not-supported.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,12 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Cache-Control: no-store\n";
+
+# Allow simple requests, but deny preflight.
+if ($ENV{'REQUEST_METHOD'} ne "OPTIONS") {
+    print "Access-Control-Allow-Credentials: true\n";
+    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n";
+}
+
+print "\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-post-fail-non-simple.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,11 @@
+#!/usr/bin/perl -wT
+use strict;
+
+my $request;
+
+if ($ENV{'REQUEST_METHOD'} eq "POST") {
+    print "Content-Type: text/plain\n";
+    print "Access-Control-Allow-Credentials: true\n";
+    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+    print "FAIL: Cross-domain access allowed.\n";
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache-invalidation.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,73 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
+
+function fail()
+{
+    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+    header("Access-Control-Allow-Credentials: true");
+    header("Access-Control-Allow-Methods: PUT");
+    header("Access-Control-Allow-Headers: x-webkit-test");
+    echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
+    exit();
+}
+
+function setState($newState, $file)
+{
+    file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+    if (!file_exists($file)) {
+        return "Uninitialized";
+    }
+    return file_get_contents($file);
+}
+
+$state = getState($tmpFile);
+
+if ($state == "Uninitialized") {
+    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        header("Access-Control-Allow-Methods: PUT");
+        header("Access-Control-Max-Age: 10"); // 10 seconds
+        setState("OptionsSent", $tmpFile);
+    } else {
+        fail();
+    }
+} else if ($state == "OptionsSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "PASS: First PUT request.";
+        setState("FirstPUTSent", $tmpFile);
+    } else {
+        fail();
+    }
+} else if ($state == "FirstPUTSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        header("Access-Control-Allow-Methods: PUT, XMETHOD");
+        header("Access-Control-Allow-Headers: x-webkit-test");
+        setState("SecondOPTIONSSent", $tmpFile);
+    } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "FAIL: Second PUT request sent without preflight";
+    }
+} else if ($state == "SecondOPTIONSSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "PUT" || $_SERVER['REQUEST_METHOD'] == "XMETHOD") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "PASS: Second OPTIONS request was sent.";
+    } else {
+        fail();
+    }
+} else {
+    fail();
+}
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache-timeout.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,74 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
+
+function fail()
+{
+    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+    header("Access-Control-Allow-Credentials: true");
+    header("Access-Control-Allow-Methods: PUT");
+    header("Access-Control-Allow-Headers: x-webkit-test");
+    echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
+    exit();
+}
+
+function setState($newState, $file)
+{
+    file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+    if (!file_exists($file)) {
+        return "Uninitialized";
+    }
+    return file_get_contents($file);
+}
+
+$state = getState($tmpFile);
+
+if ($state == "Uninitialized") {
+    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        header("Access-Control-Allow-Methods: PUT");
+        header("Access-Control-Allow-Headers: x-webkit-test");
+        header("Access-Control-Max-Age: 1"); // 1 second
+        setState("OptionsSent", $tmpFile);
+    } else {
+        fail();
+    }
+} else if ($state == "OptionsSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "PASS: First PUT request.";
+        setState("FirstPUTSent", $tmpFile);
+    } else {
+        fail();
+    }
+} else if ($state == "FirstPUTSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        header("Access-Control-Allow-Methods: PUT");
+        header("Access-Control-Allow-Headers: x-webkit-test");
+        setState("SecondOPTIONSSent", $tmpFile);
+    } else if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "FAIL: Second PUT request sent without preflight";
+    }
+} else if ($state == "SecondOPTIONSSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "PASS: Second OPTIONS request was sent.";
+    } else {
+        fail();
+    }
+} else {
+    fail();
+}
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-preflight-cache.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,74 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/" . $_GET['filename'];
+
+function fail()
+{
+    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+    header("Access-Control-Allow-Credentials: true");
+    header("Access-Control-Allow-Methods: PUT");
+    header("Access-Control-Allow-Headers: x-webkit-test");
+    echo "FAIL: " . $_SERVER['REQUEST_METHOD'] . "\n";
+    exit();
+}
+
+function setState($newState, $file)
+{
+    file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+    if (!file_exists($file)) {
+        return "Uninitialized";
+    }
+    return file_get_contents($file);
+}
+
+$state = getState($tmpFile);
+
+if ($state == "Uninitialized") {
+    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        header("Access-Control-Allow-Methods: PUT");
+        header("Access-Control-Allow-Headers: x-webkit-test");
+        header("Access-Control-Max-Age: 10"); // 10 seconds
+        setState("OptionsSent", $tmpFile);
+    } else {
+        fail();
+    }
+} else if ($state == "OptionsSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "PASS: First PUT request.";
+        setState("FirstPUTSent", $tmpFile);
+    } else {
+        fail();
+    }
+} else if ($state == "FirstPUTSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "PASS: Second PUT request.  Preflight worked";
+    } else if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        header("Access-Control-Allow-Methods: PUT");
+        header("Access-Control-Allow-Headers: x-webkit-test");
+        setState("FAILSecondOPTIONSSent", $tmpFile);
+    }
+} else if ($state == "FAILSecondOPTIONSSent") {
+    if ($_SERVER['REQUEST_METHOD'] == "PUT") {
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Allow-Credentials: true");
+        echo "FAIL: Second OPTIONS request was sent.  Preflight failed";
+    } else {
+        fail();
+    }
+} else {
+    fail();
+}
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-whitelist-request-headers.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Cache-Control: no-store\n";
+
+# This should be a simple request, deny preflight.
+if ($ENV{'REQUEST_METHOD'} eq "POST") {
+    print "Access-Control-Allow-Credentials: true\n";
+    print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+    print "Accept: $ENV{'HTTP_ACCEPT'}\n";
+    print "Accept-Language: $ENV{'HTTP_ACCEPT_LANGUAGE'}\n";
+    print "Content-Language: $ENV{'HTTP_CONTENT_LANGUAGE'}\n";
+    print "Content-Type: $ENV{'CONTENT_TYPE'}\n";
+} else {
+    print "\n";
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-whitelist-response-headers.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+#!/usr/bin/perl -wT
+use strict;
+
+# in whitelist
+print "content-type: text/plain\n";
+print "cache-control: no cache\n";
+print "content-language: en\n";
+print "expires: Fri, 30 Oct 1998 14:19:41 GMT\n";
+print "last-modified: Tue, 15 Nov 1994 12:45:26 GMT\n";
+print "pragma: no-cache\n";
+
+# not in whitelist
+print "x-webkit: foobar\n";
+
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Cross-domain access allowed.\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-preflight-denied-xsrf.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,67 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$tmpFile = sys_get_temp_dir() . "/xsrf.txt";
+
+function fail($state)
+{
+    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+    header("Access-Control-Allow-Credentials: true");
+    header("Access-Control-Allow-Methods: GET");
+    header("Access-Control-Max-Age: 1");
+    echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n";
+    exit();
+}
+
+function setState($newState, $file)
+{
+    file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+    $state = NULL;
+    if (file_exists($file))
+        $state = file_get_contents($file);
+    return $state ? $state : "Uninitialized";
+}
+
+$state = getState($tmpFile);
+
+if ($_SERVER['REQUEST_METHOD'] == "GET" 
+    && $_GET['state'] == "reset") {
+    if (file_exists($tmpFile)) unlink($tmpFile);
+    header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+    header("Access-Control-Max-Age: 1");
+    echo "Server state reset.\n";
+} else if ($state == "Uninitialized") {
+    if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+        if ($_GET['state'] == "method" || $_GET['state'] == "header") {
+            header("Access-Control-Allow-Methods: GET");
+            header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+            header("Access-Control-Max-Age: 1");
+        }
+        echo("FAIL: This request should not be displayed.\n");
+        setState("Denied", $tmpFile);
+    } else {
+        fail($state);
+    }
+} else if ($state == "Denied") {
+    if ($_SERVER['REQUEST_METHOD'] == "GET" 
+        && $_GET['state'] == "complete") {
+        unlink($tmpFile);
+        header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
+        header("Access-Control-Max-Age: 1");
+        echo "PASS: Request successfully blocked.\n";
+    } else {
+        setState("Deny Ignored", $tmpFile);
+        fail($state);
+    }
+} else if ($state == "Deny Ignored") {
+    unlink($tmpFile);
+    fail($state);
+} else {
+    if (file_exists($tmpFile)) unlink($tmpFile);
+    fail("Unknown");
+}
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-allow-iframe.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,25 @@
+<html> 
+<body> 
+<pre id='console'></pre> 
+<script type="text/javascript"> 
+
+document.getElementById('console').innerHTML = (function() { 
+    var xhr = new XMLHttpRequest; 
+ 
+    try { 
+        xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi", false); 
+    } catch(e) { 
+        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "]."; 
+    } 
+ 
+    try { 
+        xhr.send(); 
+    } catch(e) { 
+        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'send'. [" + e.message + "]."; 
+    } 
+ 
+    return xhr.responseText; 
+})(); 
+</script> 
+</body> 
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-allow.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,8 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Credentials: true\n";
+print "Access-Control-Allow-Origin: *\n\n";
+
+print "PASS: Sandboxed iframe XHR access allowed.\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-iframe.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,27 @@
+<html> 
+<body> 
+<pre id='console'></pre> 
+<script type="text/javascript"> 
+
+document.getElementById('console').innerHTML = (function() {
+    var xhr = new XMLHttpRequest; 
+ 
+ 
+    try { 
+        xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi", false); 
+    } catch(e) { 
+        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "]."; 
+    } 
+ 
+    try { 
+        xhr.send(); 
+    } catch(e) { 
+        return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "]."; 
+    }
+ 
+    return xhr.responseText; 
+})();
+  
+</script> 
+</body> 
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,26 @@
+<html>
+<body>
+<pre id='console'></pre>
+<script type="text/javascript">
+
+document.getElementById('console').innerHTML = (function() {
+    var xhr = new XMLHttpRequest;
+
+    try {
+        xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi", false);
+    } catch(e) {
+        return "FAIL: Exception thrown. Sandboxed iframe XHR access is not allowed in 'open'. [" + e.message + "].";
+    }
+
+    try {
+        xhr.send();
+    } catch(e) {
+        return "PASS: Exception thrown. Sandboxed iframe XHR access was denied in 'send'. [" + e.message + "].";
+    }
+
+    return xhr.responseText;
+})();
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,8 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n";
+print "Access-Control-Allow-Credentials: true\n";
+print "Access-Control-Allow-Origin: http://127.0.0.1:8000\n\n";
+
+print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-sandboxed-iframe-denied.cgi	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,6 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/plain\n\n";
+
+print "FAIL: Sandboxed iframe XHR access allowed.\n";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/all-wcprops	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+K 25
+svn:wc:ra_dav:version-url
+V 98
+/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
+END
+access-control-auth-basic.php
+K 25
+svn:wc:ra_dav:version-url
+V 128
+/repository/webkit/!svn/ver/58409/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php
+END
+basic-auth.php
+K 25
+svn:wc:ra_dav:version-url
+V 113
+/repository/webkit/!svn/ver/24227/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth/basic-auth.php
+END
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/entries	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,96 @@
+10
+
+dir
+102004
+http://svn.webkit.org/repository/webkit/trunk/LayoutTests/http/tests/xmlhttprequest/resources/basic-auth
+http://svn.webkit.org/repository/webkit
+
+
+
+2010-04-28T16:29:22.915186Z
+58409
[email protected]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+access-control-auth-basic.php
+file
+
+
+
+
+2011-11-14T21:09:08.417946Z
+1342b2f90905a7f1b2fa19ac807a00af
+2010-04-28T16:29:22.915186Z
+58409
[email protected]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+630
+
+basic-auth.php
+file
+
+
+
+
+2011-11-14T21:09:08.417946Z
+a82ea42c784b9b663e54196755ab7112
+2007-07-12T04:17:17.612601Z
+24227
+ap
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+377
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/text-base/access-control-auth-basic.php.svn-base	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+<?php
+
+header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
+header("Access-Control-Allow-Credentials: true");
+header("Access-Control-Allow-Methods: PUT");
+
+if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
+    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+        header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
+        header('HTTP/1.0 401 Unauthorized');
+        echo 'Authentication canceled';
+        exit;
+    } else {
+        echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+    }
+}
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/.svn/text-base/basic-auth.php.svn-base	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,10 @@
+<?php
+  if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+   header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+   header('HTTP/1.0 401 Unauthorized');
+   echo 'Authentication canceled';
+   exit;
+  } else {
+   echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+  }
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/access-control-auth-basic.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,17 @@
+<?php
+
+header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
+header("Access-Control-Allow-Credentials: true");
+header("Access-Control-Allow-Methods: PUT");
+
+if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
+    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+        header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
+        header('HTTP/1.0 401 Unauthorized');
+        echo 'Authentication canceled';
+        exit;
+    } else {
+        echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+    }
+}
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/basic-auth/basic-auth.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,10 @@
+<?php
+  if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+   header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+   header('HTTP/1.0 401 Unauthorized');
+   echo 'Authentication canceled';
+   exit;
+  } else {
+   echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+  }
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/no-custom-header.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,34 @@
+<?php
+require_once '../../resources/portabilityLayer.php';
+
+$stateFile = sys_get_temp_dir() . "/access-control-preflight-headers-status";
+
+function setState($newState, $file)
+{
+    file_put_contents($file, $newState);
+}
+
+function getState($file)
+{
+    if (!file_exists($file)) {
+        return "";
+    }
+    return file_get_contents($file);
+}
+
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Headers: X-Custom-Header");
+header("Access-Control-Max-Age: 0");
+
+if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
+    if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
+        setState("FAIL", $stateFile);
+    else
+        setState("PASS", $stateFile);
+} else {
+    if (isset($_SERVER["HTTP_X_CUSTOM_HEADER"]))
+        echo getState($stateFile);
+    else
+        echo "FAIL - no header in actual request";
+}
+?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/redirect.php	Wed Dec 07 14:47:43 2011 +0100
@@ -0,0 +1,4 @@
+<?php
+    $url = $_GET['url'];
+    header("Location: $url");
+?>