Skip to main content

Browse the archive

https://github.com/web-platform-tests/wpt
26 December 2018, 22:31:15 UTC
Raw File
Tip revision: d8d1e562cf597bc2314419b46aff77d9e3664247 authored by Anne van Kesteren on 08 October 2014, 07:34:29 UTC
Make new Blob throw
Tip revision: d8d1e56
redirect-preflight.htm 
<!DOCTYPE html>
<meta charset=utf-8>
<title>CORS - redirect with preflight</title>
<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">

<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>

<h1>Redirect with preflight</h1>

<div id=log></div>
<script>

var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer

/*
 * Redirection with preflights
 */

function redir_preflight(code) {
    test(function() {
        var client = new XMLHttpRequest(),
            redirect = CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++

        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?'
                           + 'headers=x-test&location=' + encodeURIComponent(redirect)
                           + '&code=' + code + '&preflight=' + code + '&' + req_c++,
                    false)
        client.setRequestHeader('x-test', 'test')
        assert_throws(null, function() { client.send(null) });

    },
    'Redirect ' + code + ' on preflight')
}
redir_preflight(301)
redir_preflight(302)
redir_preflight(303)
redir_preflight(307)
redir_preflight(308)

/* Even thought the preflight was allowed (200), CORS should not follow
   a subsequent redirect */
function redir_after_preflight(code) {
    test(function() {
        var client = new XMLHttpRequest(),
            redirect = CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++

        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?'
                           + 'preflight=200&headers=x-test&location='
                           + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
                    false)
        client.setRequestHeader('x-test', 'test')
        assert_throws(null, function() { client.send(null) });

    },
    'Disallow redirect ' + code + ' after succesful (200) preflight')
}
redir_after_preflight(301)
redir_after_preflight(302)
redir_after_preflight(303)
redir_after_preflight(307)
redir_after_preflight(308)

</script>
back to top