This repository has been archived by the owner on Nov 7, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1467886 [wpt PR 11432] - Fetch: tests for further CORS restrictio…
…ns, a=testonly Automatic update from web-platform-testsFetch: tests for further CORS restrictions For whatwg/fetch#736. -- wpt-commits: a70e655d979df85b59e977b61361c0d6d8bf2bf2 wpt-pr: 11432
- Loading branch information
1 parent
668f970
commit 7dbaede
Showing
6 changed files
with
151 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
testing/web-platform/tests/fetch/api/cors/cors-preflight-not-cors-safelisted.any.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| // META: script=/common/utils.js | ||
| // META: script=../resources/utils.js | ||
| // META: script=/common/get-host-info.sub.js | ||
| // META: script=resources/corspreflight.js | ||
|
|
||
| const corsURL = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "preflight.py"; | ||
|
|
||
| promise_test(() => fetch("resources/not-cors-safelisted.json").then(res => res.json().then(runTests)), "Loading data…"); | ||
|
|
||
| function runTests(testArray) { | ||
| testArray.forEach(testItem => { | ||
| const [headerName, headerValue] = testItem; | ||
| corsPreflight("Need CORS-preflight for " + headerName + "/" + headerValue + " header", | ||
| corsURL, | ||
| "GET", | ||
| true, | ||
| [[headerName, headerValue]]); | ||
| }); | ||
| } |
60 changes: 1 addition & 59 deletions
60
testing/web-platform/tests/fetch/api/cors/cors-preflight.any.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
testing/web-platform/tests/fetch/api/cors/resources/corspreflight.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| function headerNames(headers) { | ||
| let names = []; | ||
| for (let header of headers) { | ||
| names.push(header[0].toLowerCase()); | ||
| } | ||
| return names; | ||
| } | ||
|
|
||
| /* | ||
| Check preflight is done | ||
| Control if server allows method and headers and check accordingly | ||
| Check control access headers added by UA (for method and headers) | ||
| */ | ||
| function corsPreflight(desc, corsUrl, method, allowed, headers, safeHeaders) { | ||
| return promise_test(function(test) { | ||
| var uuid_token = token(); | ||
| return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(response) { | ||
| var url = corsUrl + (corsUrl.indexOf("?") === -1 ? "?" : "&"); | ||
| var urlParameters = "token=" + uuid_token + "&max_age=0"; | ||
| var requestInit = {"mode": "cors", "method": method}; | ||
| var requestHeaders = []; | ||
| if (headers) | ||
| requestHeaders.push.apply(requestHeaders, headers); | ||
| if (safeHeaders) | ||
| requestHeaders.push.apply(requestHeaders, safeHeaders); | ||
| requestInit["headers"] = requestHeaders; | ||
|
|
||
| if (allowed) { | ||
| urlParameters += "&allow_methods=" + method + "&control_request_headers"; | ||
| if (headers) { | ||
| //Make the server allow the headers | ||
| urlParameters += "&allow_headers=" + headerNames(headers).join("%20%2C"); | ||
| } | ||
| return fetch(url + urlParameters, requestInit).then(function(resp) { | ||
| assert_equals(resp.status, 200, "Response's status is 200"); | ||
| assert_equals(resp.headers.get("x-did-preflight"), "1", "Preflight request has been made"); | ||
| if (headers) { | ||
| var actualHeaders = resp.headers.get("x-control-request-headers").toLowerCase().split(","); | ||
| for (var i in actualHeaders) | ||
| actualHeaders[i] = actualHeaders[i].trim(); | ||
| for (var header of headers) | ||
| assert_in_array(header[0].toLowerCase(), actualHeaders, "Preflight asked permission for header: " + header); | ||
|
|
||
| let accessControlAllowHeaders = headerNames(headers).sort().join(","); | ||
| assert_equals(resp.headers.get("x-control-request-headers"), accessControlAllowHeaders, "Access-Control-Allow-Headers value"); | ||
| return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token); | ||
| } else { | ||
| assert_equals(resp.headers.get("x-control-request-headers"), null, "Access-Control-Request-Headers should be omitted") | ||
| } | ||
| }); | ||
| } else { | ||
| return promise_rejects(test, new TypeError(), fetch(url + urlParameters, requestInit)).then(function(){ | ||
| return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token); | ||
| }); | ||
| } | ||
| }); | ||
| }, desc); | ||
| } |
11 changes: 11 additions & 0 deletions
11
testing/web-platform/tests/fetch/api/cors/resources/not-cors-safelisted.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| [ | ||
| ["accept", "\""], | ||
| ["accept", "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"], | ||
| ["accept-language", "\u0001"], | ||
| ["accept-language", "@"], | ||
| ["content-language", "\u0001"], | ||
| ["content-language", "@"], | ||
| ["content-type", "text/html"], | ||
| ["content-type", "text/plain; long=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901"], | ||
| ["test", "hi"] | ||
| ] |
19 changes: 19 additions & 0 deletions
19
testing/web-platform/tests/fetch/api/headers/headers-no-cors.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| promise_test(() => fetch("../cors/resources/not-cors-safelisted.json").then(res => res.json().then(runTests)), "Loading data…"); | ||
|
|
||
| function runTests(testArray) { | ||
| testArray = testArray.concat([ | ||
| ["dpr", "2"], | ||
| ["downlink", "1"], // https://wicg.github.io/netinfo/ | ||
| ["save-data", "on"], | ||
| ["viewport-width", "100"], | ||
| ["width", "100"] | ||
| ]); | ||
| testArray.forEach(testItem => { | ||
| const [headerName, headerValue] = testItem; | ||
| test(() => { | ||
| const noCorsHeaders = new Request("about:blank", { mode: "no-cors" }).headers; | ||
| noCorsHeaders.append(headerName, headerValue); | ||
| assert_false(noCorsHeaders.has(headerName)); | ||
| }, "\"no-cors\" Headers object cannot have " + headerName + "/" + headerValue + " as header"); | ||
| }); | ||
| } |