<!
DOCTYPE html>
<
meta charset=utf-8>
<
title>Access-Control-Allow-Origin handling</
title>
<
script src=/resources/testharness.js></
script>
<
script src=/resources/testharnessreport.js></
script>
<
script src=support.js?pipe=
sub></
script>
<
h1>Access-Control-Allow-Origin handling</
h1>
<
div id=log></
div>
<
script>
var remote_tests = [];
var iframe = document.createElement(
"iframe")
iframe.src = CROSSDOMAIN +
'resources/remote-xhrer.html';
document.
body.appendChild(
iframe);
function reverseOrigin(expect_pass, origin)
{
var real_origin = origin.replace(
"<host>", REMOTE_HOST)
.replace(
"<remote_origin>", location.protocol +
"//" + location.host)
.replace(
"<origin>", REMOTE_ORIGIN)
.replace(
"<protocol>", REMOTE_PROTOCOL)
.replace(
"<HOST>", REMOTE_HOST.toUpperCase())
.replace(
"<ORIGIN>", REMOTE_ORIGIN.toUpperCase())
.replace(
"<PROTOCOL>", REMOTE_PROTOCOL.toUpperCase());
var t = async_test((expect_pass ?
'Allow origin: ' :
'Disallow origin: ') + real_origin
.replace(/\0/g,
"\\0")
.replace(/\t/g,
"[tab]")
.replace(/ /g,
'_'));
t.step(function() {
this.test_url = dirname(location.href)
+
'resources/cors-makeheader.py?origin='
+ encodeURIComponent(real_origin);
iframe.contentWindow.postMessage({ url: this.test_url, origin: origin },
"*");
});
if (expect_pass)
{
t.callback = t.step_func(function(e) {
assert_equals(e.state,
"load");
r = JSON.parse(e.response)
assert_equals(r[
'origin'], REMOTE_ORIGIN,
'Request Origin: should be ' + REMOTE_ORIGIN)
this.done();
});
}
else
{
t.callback = t.step_func(function(e) {
assert_equals(e.state,
"error");
assert_equals(e.response,
"");
this.done();
});
}
remote_tests[origin] = t;
}
function shouldPass(origin) { reverseOrigin(true, origin); }
function shouldFail(origin) { reverseOrigin(false, origin); }
iframe.onload = function() {
shouldPass(
'*');
shouldPass(
' * ');
shouldPass(
' *');
shouldPass(
"<origin>");
shouldPass(
" <origin>");
shouldPass(
" <origin> ");
shouldPass(
" <origin>");
shouldFail(
"<remote_origin>")
shouldFail(
"//" +
"<host>")
shouldFail(
"://" +
"<host>")
shouldFail(
"ftp://" +
"<host>")
shouldFail(
"http:://" +
"<host>")
shouldFail(
"http:/" +
"<host>")
shouldFail(
"http:" +
"<host>")
shouldFail(
"<host>")
shouldFail(
"<origin>" +
"?")
shouldFail(
"<origin>" +
"/")
shouldFail(
"<origin>" +
" /")
shouldFail(
"<origin>" +
"#")
shouldFail(
"<origin>" +
"%23")
shouldFail(
"<origin>" +
":80")
shouldFail(
"<origin>" +
", *")
shouldFail(
"<origin>" +
"\0")
shouldFail((
"<ORIGIN>"))
shouldFail(
"<PROTOCOL>//<host>")
shouldFail(
"<protocol>//<HOST>")
shouldFail(
"-")
shouldFail(
"**")
shouldFail(
"\0*")
shouldFail(
"*\0")
shouldFail(
"'*'")
shouldFail(
'"*"')
shouldFail(
"* *")
shouldFail(
"*" +
"<protocol>" +
"//" +
"*")
shouldFail(
"*" +
"<origin>")
shouldFail(
"* " +
"<origin>")
shouldFail(
"*, " +
"<origin>")
shouldFail(
"\0" +
"<origin>")
shouldFail(
"null " +
"<origin>")
shouldFail(
'http://example.net')
shouldFail(
'null')
shouldFail(
'')
shouldFail(location.href)
shouldFail(dirname(location.href))
shouldFail(CROSSDOMAIN)
}
window.addEventListener(
"message", function(e) {
remote_tests[e.data.origin].callback(e.data);
});
add_completion_callback(function() {
iframe.parentElement.removeChild(
iframe);
});
</
script>
