Changeset 62779 in webkit
- Timestamp:
- Jul 8, 2010 5:00:31 AM (14 years ago)
- Location:
- trunk/LayoutTests
- Files:
-
- 10 edited
- 4 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r62778 r62779 1 2010-07-08 Justin Schuh <jschuh@chromium.org> 2 3 Reviewed by Alexey Proskuryakov. 4 5 XHR access control failure tests for header, method, and not-supported 6 https://bugs.webkit.org/show_bug.cgi?id=41724 7 8 * http/tests/xmlhttprequest/access-control-preflight-async-header-denied-expected.txt: 9 * http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html: 10 * http/tests/xmlhttprequest/access-control-preflight-async-method-denied-expected.txt: 11 * http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html: 12 * http/tests/xmlhttprequest/access-control-preflight-async-not-supported-expected.txt: Added. 13 * http/tests/xmlhttprequest/access-control-preflight-async-not-supported.html: Added. 14 * http/tests/xmlhttprequest/access-control-preflight-sync-header-denied-expected.txt: 15 * http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html: 16 * http/tests/xmlhttprequest/access-control-preflight-sync-method-denied-expected.txt: 17 * http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html: 18 * http/tests/xmlhttprequest/access-control-preflight-sync-not-supported-expected.txt: Added. 19 * http/tests/xmlhttprequest/access-control-preflight-sync-not-supported.html: Added. 20 * http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php: 21 1 22 2010-07-08 Xiaomei Ji <xji@chromium.org> 2 23 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-header-denied-expected.txt
r62576 r62779 1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php . Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin response header.1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header. Request header field X-NON-STANDARD is not allowed by Access-Control-Allow-Headers response header field. 2 2 PASS: Request successfully blocked. 3 3 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html
r57041 r62779 8 8 } 9 9 10 if (window.layoutTestController) {10 if (window.layoutTestController) 11 11 layoutTestController.dumpAsText(); 12 }13 12 14 13 (function() { … … 17 16 try { 18 17 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false); 19 xhr.send( "");18 xhr.send(null); 20 19 } catch(e) { 21 20 log("FAIL: Unable to reset server state: [" + e.message + "]."); … … 26 25 27 26 try { 28 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php ", false);27 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", true); 29 28 xhr.setRequestHeader("X-NON-STANDARD", "filler"); 30 29 } catch(e) { … … 33 32 } 34 33 35 xhr.on readystatechange= function() {34 xhr.onerror = function() { 36 35 xhr = new XMLHttpRequest(); 37 36 … … 39 38 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false); 40 39 try { 41 xhr.send( "");40 xhr.send(null); 42 41 } catch(e) { 43 42 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "]."); … … 49 48 log(xhr.responseText); 50 49 } 50 51 xhr.onreadystatechange = function() { 52 if (xhr.readyState == 4 && xhr.status == 200) 53 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 54 } 51 55 52 try { 53 xhr.send(""); 54 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 55 return; 56 } catch(e) { 57 // Eat the exception. 58 } 59 56 xhr.send(null); 60 57 })(); 61 58 </script> -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-method-denied-expected.txt
r62576 r62779 1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php . Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin response header.1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method. Method DELETE is not allowed by Access-Control-Allow-Methods response header field. 2 2 PASS: Request successfully blocked. 3 3 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html
r57041 r62779 8 8 } 9 9 10 if (window.layoutTestController) {10 if (window.layoutTestController) 11 11 layoutTestController.dumpAsText(); 12 }13 12 14 13 (function() { … … 17 16 try { 18 17 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false); 19 xhr.send( "");18 xhr.send(null); 20 19 } catch(e) { 21 20 log("FAIL: Unable to reset server state: [" + e.message + "]."); … … 26 25 27 26 try { 28 xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php ", false);27 xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", true); 29 28 } catch(e) { 30 29 log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "]."); … … 32 31 } 33 32 34 xhr.on readystatechange= function() {33 xhr.onerror = function() { 35 34 xhr = new XMLHttpRequest(); 36 35 … … 38 37 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false); 39 38 try { 40 xhr.send( "");39 xhr.send(null); 41 40 } catch(e) { 42 41 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "]."); … … 49 48 } 50 49 51 try { 52 xhr.send(""); 53 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 54 return; 55 } catch(e) { 56 // Eat the exception. 50 xhr.onreadystatechange = function() { 51 if (xhr.readyState == 4 && xhr.status == 200) 52 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 57 53 } 58 54 55 xhr.send(null); 59 56 })(); 60 57 </script> -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-not-supported.html
r62778 r62779 8 8 } 9 9 10 if (window.layoutTestController) {10 if (window.layoutTestController) 11 11 layoutTestController.dumpAsText(); 12 }13 12 14 13 (function() { … … 17 16 try { 18 17 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false); 19 xhr.send( "");18 xhr.send(null); 20 19 } catch(e) { 21 20 log("FAIL: Unable to reset server state: [" + e.message + "]."); … … 26 25 27 26 try { 28 xhr.open(" DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false);27 xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", true); 29 28 } catch(e) { 30 29 log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "]."); … … 32 31 } 33 32 34 xhr.on readystatechange= function() {33 xhr.onerror = function() { 35 34 xhr = new XMLHttpRequest(); 36 35 … … 38 37 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false); 39 38 try { 40 xhr.send( "");39 xhr.send(null); 41 40 } catch(e) { 42 41 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "]."); … … 49 48 } 50 49 51 try { 52 xhr.send(""); 53 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 54 return; 55 } catch(e) { 56 // Eat the exception. 50 xhr.onreadystatechange = function() { 51 if (xhr.readyState == 4 && xhr.status == 200) 52 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 57 53 } 58 54 55 xhr.send(""); 59 56 })(); 60 57 </script> -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-header-denied-expected.txt
r62576 r62779 1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php . Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin response header.1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header. Request header field X-NON-STANDARD is not allowed by Access-Control-Allow-Headers response header field. 2 2 PASS: Request successfully blocked. 3 3 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html
r57041 r62779 8 8 } 9 9 10 if (window.layoutTestController) {10 if (window.layoutTestController) 11 11 layoutTestController.dumpAsText(); 12 }13 12 14 13 (function() { … … 17 16 try { 18 17 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false); 19 xhr.send( "");18 xhr.send(null); 20 19 } catch(e) { 21 20 log("FAIL: Unable to reset server state: [" + e.message + "]."); … … 26 25 27 26 try { 28 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php ", false);27 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", false); 29 28 xhr.setRequestHeader("X-NON-STANDARD", "filler"); 30 29 } catch(e) { … … 34 33 35 34 try { 36 xhr.send( "");35 xhr.send(null); 37 36 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 38 37 return; … … 51 50 52 51 try { 53 xhr.send( "");52 xhr.send(null); 54 53 } catch(e) { 55 54 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "]."); -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-method-denied-expected.txt
r62576 r62779 1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php . Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin response header.1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method. Method DELETE is not allowed by Access-Control-Allow-Methods response header field. 2 2 PASS: Request successfully blocked. 3 3 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html
r57041 r62779 8 8 } 9 9 10 if (window.layoutTestController) {10 if (window.layoutTestController) 11 11 layoutTestController.dumpAsText(); 12 }13 12 14 13 (function() { … … 17 16 try { 18 17 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false); 19 xhr.send( "");18 xhr.send(null); 20 19 } catch(e) { 21 20 log("FAIL: Unable to reset server state: [" + e.message + "]."); … … 26 25 27 26 try { 28 xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php ", false);27 xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=method", false); 29 28 } catch(e) { 30 29 log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "]."); … … 33 32 34 33 try { 35 xhr.send( "");34 xhr.send(null); 36 35 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 37 36 return; … … 50 49 51 50 try { 52 xhr.send( "");51 xhr.send(null); 53 52 } catch(e) { 54 53 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "]."); -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-not-supported.html
r62778 r62779 8 8 } 9 9 10 if (window.layoutTestController) {10 if (window.layoutTestController) 11 11 layoutTestController.dumpAsText(); 12 }13 12 14 13 (function() { … … 17 16 try { 18 17 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false); 19 xhr.send( "");18 xhr.send(null); 20 19 } catch(e) { 21 20 log("FAIL: Unable to reset server state: [" + e.message + "]."); … … 26 25 27 26 try { 28 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false); 29 xhr.setRequestHeader("X-NON-STANDARD", "filler"); 27 xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php", false); 30 28 } catch(e) { 31 29 log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "]."); … … 34 32 35 33 try { 36 xhr.send( "");34 xhr.send(null); 37 35 log("FAIL: Cross-domain access allowed in first send without throwing an exception"); 38 36 return; … … 51 49 52 50 try { 53 xhr.send( "");51 xhr.send(null); 54 52 } catch(e) { 55 53 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "]."); -
trunk/LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php
r57041 r62779 9 9 header("Access-Control-Allow-Credentials: true"); 10 10 header("Access-Control-Allow-Methods: GET"); 11 header("Access-Control-Max-Age: 0");11 header("Access-Control-Max-Age: 1"); 12 12 echo "FAILED: Issued a " . $_SERVER['REQUEST_METHOD'] . " request during state '" . $state . "'\n"; 13 13 exit(); … … 33 33 if (file_exists($tmpFile)) unlink($tmpFile); 34 34 header("Access-Control-Allow-Origin: http://127.0.0.1:8000"); 35 header("Access-Control-Max-Age: 0");35 header("Access-Control-Max-Age: 1"); 36 36 echo "Server state reset.\n"; 37 37 } else if ($state == "Uninitialized") { 38 38 if ($_SERVER['REQUEST_METHOD'] == "OPTIONS") { 39 echo("Request Denied\n"); 39 if ($_GET['state'] == "method" || $_GET['state'] == "header") { 40 header("Access-Control-Allow-Methods: GET"); 41 header("Access-Control-Allow-Origin: http://127.0.0.1:8000"); 42 header("Access-Control-Max-Age: 1"); 43 } 44 echo("FAIL: This request should not be displayed.\n"); 40 45 setState("Denied", $tmpFile); 41 46 } else { … … 47 52 unlink($tmpFile); 48 53 header("Access-Control-Allow-Origin: http://127.0.0.1:8000"); 49 header("Access-Control-Max-Age: 0");54 header("Access-Control-Max-Age: 1"); 50 55 echo "PASS: Request successfully blocked.\n"; 51 56 } else {
Note: See TracChangeset
for help on using the changeset viewer.