Skip to main content

Browse the archive

Revision 244924908676ccc6d686759be0e81f2f3421280f authored by James Graham on 12 June 2016, 21:39:32 UTC, committed by James Graham on 12 June 2016, 21:39:32 UTC 
Update to latest wpt-tools
1 parent 98b24f2
Raw File
redirect-preflight.htm 
<!DOCTYPE html>
<meta charset=utf-8>
<title>CORS - redirect with preflight</title>
<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">

<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>

<h1>Redirect with preflight</h1>

<div id=log></div>
<script>

var req_c = 0 // Request count for cache busting and easy identifying of request in traffic analyzer

/*
 * Redirection with preflights
 */

function redir_preflight(code) {
    test(function() {
        var client = new XMLHttpRequest(),
            redirect = CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++

        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?'
                           + 'headers=x-test&location=' + encodeURIComponent(redirect)
                           + '&code=' + code + '&preflight=' + code + '&' + req_c++,
                    false)
        client.setRequestHeader('x-test', 'test')
        assert_throws(null, function() { client.send(null) });

    },
    'Redirect ' + code + ' on preflight')
}
redir_preflight(301)
redir_preflight(302)
redir_preflight(303)
redir_preflight(307)
redir_preflight(308)

/* Even thought the preflight was allowed (200), CORS should not follow
   a subsequent redirect */
function redir_after_preflight(code) {
    test(function() {
        var client = new XMLHttpRequest(),
            redirect = CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++

        client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?'
                           + 'preflight=200&headers=x-test&location='
                           + encodeURIComponent(redirect) + '&code=' + code + '&' + req_c++,
                    false)
        client.setRequestHeader('x-test', 'test')
        assert_throws(null, function() { client.send(null) });

    },
    'Disallow redirect ' + code + ' after succesful (200) preflight')
}
redir_after_preflight(301)
redir_after_preflight(302)
redir_after_preflight(303)
redir_after_preflight(307)
redir_after_preflight(308)

</script>
back to top