Revision 7f3e17fe6d5d48b0090b7b176fa5175037580654 authored by Ms2ger on 20 September 2018, 10:53:42 UTC, committed by jgraham on 24 September 2018, 09:48:58 UTC
In particular, is_html would never become true if SVGSVGElement was supported at all. Even if SVGSVGElement was not supported, it would never become true because we were checking the namespace and localName of the Document object, rather than the root element.
1 parent 664b50b
304.htm
<!DOCTYPE html>
<meta charset=utf-8>
<title>CORS - 304 Responses</title>
<meta name=author title="Mark Nottingham" href="mailto:mnot@mnot.net">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>
<h1>CORS - 304 Responses</h1>
<div id=log></div>
<script>
/*
* 304 Responses
*/
// A header used to correlate requests and responses
var state_header = "content-language"
/* Make a request; call ready(client) when done */
function req(url, id, t, ready) {
var client = new XMLHttpRequest()
client.open('GET', url, true)
client.setRequestHeader(state_header, id)
client.send()
client.onreadystatechange = function() {
if (client.readyState == client.DONE) {
t.step(function() {
assert_true(client.status != 299, "req " + id + " server says: " + client.responseText)
})
ready(client)
}
}
return client
}
/*
* Make two requests to test cache behaviour.
* The second is made after the first is done and a delay, to make sure it gets into cache.
*/
function two_reqs(id1, id2, should_have_same_body, t, done) {
var rand = Date.now()
var url = CROSSDOMAIN + 'resources/304.py?id=' + id1 + '&r=%s' + rand
var client1 = req(url, id1, t, function(client1) {
t.step(function() {
assert_equals(client1.response, "Success", "didn't get successful 1st response;")
assert_equals(client1.getResponseHeader(state_header), id1, "1st response didn't come from server;")
})
t.step_timeout(function() {
req(url, id2, t, function(client2) {
t.step(function() {
if (should_have_same_body) {
assert_equals(client1.response, client2.response, "response bodies were different;")
// var res_id2 = client2.getResponseHeader(state_header)
// assert_not_equals(res_id2, id1, "2nd response doesn't appear to have updated cached headers;")
// assert_not_equals(res_id2, null, "2nd response didn't expose request identifier;")
// assert_equals(res_id2, id2, "2nd response is associated with a different request (!);")
}
done(client1, client2)
})
t.done()
})
}, 5000)
})
}
async_test(function(t) {
two_reqs('1', '2', true, t, function(client1, client2) {
assert_equals(client1.getResponseHeader("A"), null, "'A' header exposed without permission;")
})
}, "A 304 response with no CORS headers inherits from the stored response")
async_test(function(t) {
two_reqs('3', '4', true, t, function(client1, client2) {
assert_equals(client2.getResponseHeader("A"), "4", "304 didn't expose 'A' header, even though allowed;")
assert_equals(client2.getResponseHeader("B"), "4", "304 didn't expose 'B' header even though allowed;")
})
}, "A 304 can expand Access-Control-Expose-Headers")
async_test(function(t) {
two_reqs('5', '6', true, t, function(client1, client2) {
assert_equals(client2.getResponseHeader("B"), null, "2nd 304 exposed 'B' header;")
})
}, "A 304 can contract Access-Control-Expose-Headers")
async_test(function(t) {
two_reqs('7', '8', false, t, function(client1, client2) {
assert_not_equals(client1.response, client2.response, "Access granted even though 304 updated it to disallow;")
})
}, "A 304 can change Access-Control-Allow-Origin")
</script>
Computing file changes ...
