Merged with Gopal testJam
authorpuhley
Thu, 03 May 2012 16:15:38 -0700
branchtestJam
changeset 58 c00e2ad92192
parent 57 35ee6783373f (current diff)
parent 56 f7794f64d068 (diff)
child 59 cf04909e5908
Merged with Gopal
tests/cors/submitted/webkit/resources/access-control-basic-non-get-allow.php
--- a/tests/cors/submitted/cors1.0/MANIFEST	Thu May 03 15:45:35 2012 -0700
+++ b/tests/cors/submitted/cors1.0/MANIFEST	Thu May 03 16:15:38 2012 -0700
@@ -2,3 +2,4 @@
 access-control-basic-allow-star.html
 access-control-basic-denied.html
 access-control-basic-allow-access-control-origin-header.html
+access-control-basic-non-simple-allow.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/access-control-basic-non-simple-allow.html	Thu May 03 16:15:38 2012 -0700
@@ -0,0 +1,43 @@
+<html>
+<body>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+<pre id='console'></pre>
+<div  id=log></div>
+<script type="text/javascript">
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var accessControlBasicNonSimpleAllow = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/cors1.0";
+
+    try {
+        xhr.open("PUT", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-non-get-allow.php", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
+
+    try {
+        xhr.send("PASS: PUT data received");
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    //log(xhr.responseText);
+};
+test(accessControlBasicNonSimpleAllow, "access-control-basic-non-simple-allow")
+
+</script>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/resources/access-control-basic-non-get-allow.php	Thu May 03 16:15:38 2012 -0700
@@ -0,0 +1,21 @@
+<?PHP
+
+if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
+    header("Content-Type: text/plain");
+    header("Access-Control-Allow-Credentials: true");
+    header("Access-Control-Allow-Methods: PUT");
+    header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);
+} elseif ($_SERVER['REQUEST_METHOD'] == "PUT") {
+    header("Content-Type: text/plain");
+    header("Access-Control-Allow-Credentials: true");
+    header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);
+
+    echo "PASS: Cross-domain access allowed.\n";
+    $request_body = @file_get_contents('php://input');
+    echo $request_body ;
+} else {
+    header("Content-Type: text/plain");
+    echo "Wrong method: " . $_SERVER['REQUEST_METHOD'] . "\n";
+}
+
+?>
--- a/tests/cors/submitted/webkit/resources/access-control-basic-non-get-allow.php	Thu May 03 15:45:35 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-<?PHP
-
-if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-    header("Content-Type: text/plain");
-    header("Access-Control-Allow-Credentials: true");
-    header("Access-Control-Allow-Methods: PUT");
-    header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);
-} elseif ($_SERVER['REQUEST_METHOD'] == "PUT") {
-    header("Content-Type: text/plain");
-    header("Access-Control-Allow-Credentials: true");
-    header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);
-
-    echo "PASS: Cross-domain access allowed.\n";
-    $request_body = @file_get_contents('php://input');
-    echo $request_body ;
-} else {
-    header("Content-Type: text/plain");
-    echo "Wrong method: " . $_SERVER['REQUEST_METHOD'] . "\n";
-}
-
-?>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/mozilla/assertTrue.php	Thu May 03 16:15:38 2012 -0700
@@ -0,0 +1,18 @@
+<?php
+
+//Prevent Caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+header("Content-Type: text/javascript");
+
+	print("(function () { if(typeof " . $_GET["varName"] . "=='undefined') {
+				 test(function() {assert_true(true)}, \"assert_true with unsafeScript\"); 
+		        	} else{
+				   test(function() {assert_true(" . $_GET["varName"] . ")}, \"assert_true with unsafeScript defined when it shouldn't be\"); 
+				}  })();");
+
+?>
+
--- a/tests/csp/submitted/mozilla/csp-inline-script.php	Thu May 03 15:45:35 2012 -0700
+++ b/tests/csp/submitted/mozilla/csp-inline-script.php	Thu May 03 16:15:38 2012 -0700
@@ -1,14 +1,22 @@
 <?php
-header("X-WebKit-CSP: script-src 'self'");
-header("X-Content-Seucurity-Policy: script-src 'self'");
-header("Content-Seucurity-Policy: script-src 'self'");
+	header("X-WebKit-CSP: default-src 'self'");
+	header("X-Content-Security-Policy: default-src 'self'");
+	header("Content-Security-Policy: default-src 'self'");
 ?>
-
 <html>
 <head>
-<title> No line script </title>
+	<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+	<meta description="Content-Security-Policy Test: default-src: *" />
+	<link rel="author" title="[email protected]" />
+	<title> No inline script </title>
+	<script src="http://www.w3c-test.org/resources/testharness.js"></script>
+	<script src="http://www.w3c-test.org/resources/testharnessreport.js"></script>
 </head>
 
 <body>
-<script>alert(foo);</script>
+	<div id=log></div>
+	<script>
+		unsafeScript=false;
+	</script>
+	<script src="assertTrue.php?varName=unsafeScript"></script>
 </body>