Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/xmlhttprequest/resources/origin-exact-matching-iframe.html

Issue 109773002: Improve precision of error messages from failed CORS checks. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/xmlhttprequest/resources/access-control-allow-lists.php ('k') | LayoutTests/platform/linux/http/tests/xmlhttprequest/origin-exact-matching-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <script src="../../js-test-resources/js-test.js"></script> 4 <script src="../../js-test-resources/js-test.js"></script>
5 </head> 5 </head>
6 <body> 6 <body>
7 <script type="text/javascript"> 7 <script type="text/javascript">
8 description("Check that exact matching is used when comparing a request's origin ating url and the value provided by Access-Control-Allow-Origin."); 8 description("Check that exact matching is used when comparing a request's origin ating url and the value provided by Access-Control-Allow-Origin.");
9 var urlTemplate = "http://127.0.0.1:8000/xmlhttprequest/resources/access-control -allow-lists.php?origin="; 9
10 var baseUrl = "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-all ow-lists.php";
11
12 function generateURL(origin)
13 {
14 if (Array.isArray(origin))
15 return baseUrl + "?origins=" + origin.map(encodeURIComponent).join(",");
16 else
17 return baseUrl + "?origin=" + encodeURIComponent(origin);
18 }
10 19
11 function shouldPass(origin) { 20 function shouldPass(origin) {
12 debug("Should allow origin: '" + origin + "'"); 21 debug("Should allow origin: '" + origin + "'");
13 xhr = new XMLHttpRequest(); 22 xhr = new XMLHttpRequest();
14 xhr.open('GET', urlTemplate + encodeURIComponent(origin), false); 23 xhr.open('GET', generateURL(origin), false);
15 shouldBeUndefined("xhr.send(null)"); 24 shouldBeUndefined("xhr.send(null)");
16 } 25 }
17 26
18 function shouldFail(origin) { 27 function shouldFail(origin) {
19 debug("Should disallow origin: '" + origin + "'"); 28 debug("Should disallow origin: '" + origin + "'");
20 xhr = new XMLHttpRequest(); 29 xhr = new XMLHttpRequest();
21 xhr.open('GET', urlTemplate + encodeURIComponent(origin), false); 30 xhr.open('GET', generateURL(origin), false);
22 shouldThrow("xhr.send(null)"); 31 shouldThrow("xhr.send(null)");
23 } 32 }
24 33
25 shouldPass('*'); 34 var thisOrigin = location.protocol + "//" + location.host;
26 shouldPass(' * '); 35
27 shouldPass('» *'); 36 shouldPass("*");
28 shouldPass(location.protocol + "//" + location.host); 37 shouldPass(" * ");
29 shouldPass(" "+location.protocol + "//" + location.host); 38 shouldPass("» *");
30 shouldPass(" "+location.protocol + "//" + location.host + " » "); 39 shouldPass(thisOrigin);
31 shouldPass("» "+location.protocol + "//" + location.host); 40 shouldPass(" " + thisOrigin);
41 shouldPass(" " + thisOrigin + " » ");
42 shouldPass("» " + thisOrigin);
32 shouldFail(location.protocol + "//www2." + location.host); 43 shouldFail(location.protocol + "//www2." + location.host);
33 shouldFail("//" + location.host); 44 shouldFail("//" + location.host);
34 shouldFail("://" + location.host); 45 shouldFail("://" + location.host);
35 shouldFail("ftp://" + location.host); 46 shouldFail("ftp://" + location.host);
36 shouldFail("http:://" + location.host); 47 shouldFail("http:://" + location.host);
37 shouldFail("http:/" + location.host); 48 shouldFail("http:/" + location.host);
38 shouldFail("http:" + location.host); 49 shouldFail("http:" + location.host);
39 shouldFail(location.host); 50 shouldFail(location.host);
40 shouldFail(location.protocol + "//" + location.host + "?"); 51 shouldFail(thisOrigin + "?");
41 shouldFail(location.protocol + "//" + location.host + "/"); 52 shouldFail(thisOrigin + "/");
42 shouldFail(location.protocol + "//" + location.host + " /"); 53 shouldFail(thisOrigin + " /");
43 shouldFail(location.protocol + "//" + location.host + "#"); 54 shouldFail(thisOrigin + "#");
44 shouldFail(location.protocol + "//" + location.host + "%23"); 55 shouldFail(thisOrigin + "%23");
45 shouldFail(location.protocol + "//" + location.host + ":80"); 56 shouldFail(thisOrigin + ":80");
46 shouldFail(location.protocol + "//" + location.host + ", *"); 57 shouldFail(thisOrigin + ", *");
47 //shouldFail(location.protocol + "//" + location.host + "\0"); // Doesn't fail o n Linux. See http://wkbug.com/88688 and http://wkbug.com/88139 58 //shouldFail(thisOrigin + "\0"); // Doesn't fail on Linux. See http://wkbug.com/ 88688 and http://wkbug.com/88139
48 shouldFail((location.protocol + "//" + location.host).toUpperCase()); 59 shouldFail(thisOrigin.toUpperCase());
49 shouldFail(location.protocol.toUpperCase() + "//" + location.host); 60 shouldFail(location.protocol.toUpperCase() + "//" + location.host);
50 shouldFail("-"); 61 shouldFail("-");
51 shouldFail("**"); 62 shouldFail("**");
52 shouldFail("\0*"); 63 shouldFail("\0*");
53 //shouldFail("*\0"); // Doesn't fail on Linux. http://wkbug.com/88688 and http:/ /wkbug.com/88139 64 //shouldFail("*\0"); // Doesn't fail on Linux. http://wkbug.com/88688 and http:/ /wkbug.com/88139
54 shouldFail("'*'"); 65 shouldFail("'*'");
55 shouldFail('"*"'); 66 shouldFail('"*"');
56 shouldFail("* *"); 67 shouldFail("* *");
57 shouldFail("*" + location.protocol + "//" + "*"); 68 shouldFail("*" + location.protocol + "//" + "*");
58 shouldFail("*" + location.protocol + "//" + location.host); 69 shouldFail("*" + thisOrigin);
59 shouldFail("* " + location.protocol + "//" + location.host); 70 shouldFail("* " + thisOrigin);
60 shouldFail("*, " + location.protocol + "//" + location.host); 71 shouldFail("*, " + thisOrigin);
61 shouldFail("\0" + location.protocol + "//" + location.host); 72 shouldFail("\0" + thisOrigin);
62 shouldFail("null " + location.protocol + "//" + location.host); 73 shouldFail("null " + thisOrigin);
63 shouldFail('http://example.net'); 74 shouldFail("http://example.net");
64 shouldFail('null'); 75 shouldFail("http://example.net " + thisOrigin);
65 shouldFail(''); 76 shouldFail("http://example.net, " + thisOrigin);
77 shouldFail(["http://example.net", thisOrigin]);
78 shouldFail([thisOrigin, thisOrigin]);
79 shouldFail("null");
80 shouldFail("");
66 shouldFail(location.href); 81 shouldFail(location.href);
67 shouldFail(location.href.replace(/\/[^\/]*$/, '/')); 82 shouldFail(location.href.replace(/\/[^\/]*$/, "/"));
68 shouldFail(location.href.replace(location.hostname, "localhost")); 83 shouldFail(location.href.replace(location.hostname, "localhost"));
69 84
70 </script> 85 </script>
71 </body> 86 </body>
72 </html> 87 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/xmlhttprequest/resources/access-control-allow-lists.php ('k') | LayoutTests/platform/linux/http/tests/xmlhttprequest/origin-exact-matching-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698