| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Firefox/testing/web-platform/tests/cors/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 4 kB |
|
Quelle credentials-flag.htm Sprache: HTML |
|||||||||||||||||
<!DOCTYPE html> <title>CORS - Access-Control-Allow-Credentials</title> <meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com"> <script src=/resources/testharness.js></script> <script src=/resources/testharnessreport.js></script> <script src=support.js?pipe=sub></script> <h1>CORS - Access-Control-Allow-Credentials</h1> <div id=log></div> <script> var url = CROSSDOMAIN + 'resources/cors-cookie.py?ident=' /* * widthCredentials */ // XXX Do some https tests here as well test(function () { var client = new XMLHttpRequest() client.open('GET', CROSSDOMAIN, false) client.withCredentials = true; }, 'Setting withCredentials on a sync XHR object should not throw') async_test(function () { var id = new Date().getTime() + '_1', client = new XMLHttpRequest() client.open("GET", url + id, true) client.onload = this.step_func(function() { assert_equals(client.response, "NO_COOKIE") client.open("GET", url + id, true) client.onload = this.step_func(function() { assert_equals(client.response, "NO_COOKIE") this.done() }) client.send(null) }) client.send(null) }, "Don't send cookie by default"); async_test(function () { var id = new Date().getTime() + '_2', client = new XMLHttpRequest() client.open("GET", url + id, true) client.withCredentials = true client.onload = this.step_func(function() { assert_equals(client.response, "NO_COOKIE", "No cookie in initial request"); /* We have cookie, but the browser shouldn't send */ client.open("GET", url + id, true) client.withCredentials = false client.onload = this.step_func(function() { assert_equals(client.response, "NO_COOKIE", "No cookie after withCredentials=false /* Reads and deletes the cookie */ client.open("GET", url + id, true) client.withCredentials = true client.onload = this.step_func(function() { assert_equals(client.response, "COOKIE", "Cookie sent in withCredentials=true sync this.done() }) client.send(null) }) client.send(null) }) client.send(null) }, "Don't send cookie part 2"); async_test(function () { var id = new Date().getTime() + '_3', client = new XMLHttpRequest() /* Shouldn't set the response cookie */ client.open("GET", url + id, true) client.withCredentials = false client.onload = this.step_func(function() { assert_equals(client.response, "NO_COOKIE", "first"); /* Sets the cookie */ client.open("GET", url + id, true) client.withCredentials = true client.onload = this.step_func(function() { assert_equals(client.response, "NO_COOKIE", "second") /* Reads and deletes the cookie */ client.open("GET", url + id, true) client.withCredentials = true client.onload = this.step_func(function() { assert_equals(client.response, "COOKIE", "third") this.done() }) client.send(null) }) client.send(null) }) client.send(null) }, "Don't obey Set-Cookie when withCredentials=false"); function test_response_header(allow) { var resp_test = async_test('Access-Control-Allow-Credentials: ' + allow + ' should be d resp_test.step(function() { var client = new XMLHttpRequest() client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?credentials=' + allow, true) client.withCredentials = true; client.onload = resp_test.step_func(function() { assert_unreached("onload") }) client.onerror = resp_test.step_func(function () { assert_equals(client.readyState, client.DONE, 'readyState') resp_test.done() }) client.send() }) } test_response_header('TRUE') test_response_header('True') test_response_header('"true"') test_response_header("'true'"); test_response_header('false') test_response_header('1') test_response_header('0') test_response_header(',true'); test_response_header('true,'); test_response_header('true%0B'); test_response_header('true%0C'); </script>
¤ Dauer der Verarbeitung: 0.3 Sekunden ¤*© Formatika GbR, Deutschland |
|
||||||||||||||||
2026-04-02