automated CORS test suite testJam
authorGopal Raghavan <gopal.raghavan@nokia.com>
Sun, 29 Apr 2012 11:20:58 -0700
branchtestJam
changeset 24 f6efe2ec1dff
parent 23 07b3b3269e24
child 25 2fe238b154af
automated CORS test suite
tests/cors/submitted/webkit/access-control-basic-allow-star.js
tests/cors/submitted/webkit/access-control-basic-allow.js
tests/cors/submitted/webkit/cors-tests.html
tests/cors/submitted/webkit/log.js
tests/cors/submitted/webkit/resources/access-control-basic-allow-star.php
tests/cors/submitted/webkit/resources/access-control-basic-allow.php
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow-star.js	Sun Apr 29 11:20:58 2012 -0700
@@ -0,0 +1,27 @@
+var accessControlBasicAllowStar = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/webkit";
+
+    try {
+        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow-star.php", false);
+
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send();
+        console.log(xhr.responseText);
+        assert_equals(xhr.responseText,"PASS: Cross-domain access allowed.", "test for cross domain" );
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    //log(xhr.responseText);
+};
+
+test(accessControlBasicAllowStar, "access-control-basic-allow-star")
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-allow.js	Sun Apr 29 11:20:58 2012 -0700
@@ -0,0 +1,27 @@
+var accessControlBasicAllow = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/webkit";
+
+    try {
+        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow.php", false);
+
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send();
+        console.log(xhr.responseText);
+        assert_equals(xhr.responseText,"PASS: Cross-domain access allowed.", "test for cross domain" );
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    //log(xhr.responseText);
+};
+
+test(accessControlBasicAllow, "access-control-basic-allow")
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/cors-tests.html	Sun Apr 29 11:20:58 2012 -0700
@@ -0,0 +1,15 @@
+<html>
+<body>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+<pre id='console'></pre>
+ <script src="/webappsec/tests/cors/submitted/webkit/log.js"></script>
+<h2>W3C WebAppSec Cross-Origin Resource Sharing</h2>
+<a href="http://www.w3.org/TR/cors"> http://www.w3.org/TR/cors/</a>
+<h3>Test suite compliant with working draft 3 April 2012</h3>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow.js"></script>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-star.js"></script>
+<div  id=log></div>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/log.js	Sun Apr 29 11:20:58 2012 -0700
@@ -0,0 +1,5 @@
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow-star.php	Sun Apr 29 11:20:58 2012 -0700
@@ -0,0 +1,5 @@
+<?php
+header("Content-Type: text/plain");
+header("Access-Control-Allow-Origin: *\n\n");
+echo "PASS: Cross-domain access allowed.";
+?>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-allow.php	Sun Apr 29 11:20:58 2012 -0700
@@ -0,0 +1,6 @@
+<?php
+header("Content-Type: text/plain");
+header("Access-Control-Allow-Credentials: true");
+header("Access-Control-Allow-Origin: http://www.w3c-test.org\n\n");
+echo "PASS: Cross-domain access allowed.";
+?>
\ No newline at end of file