OLD | NEW |
1 <?php | 1 <?php |
2 header("Suborigin: foobar"); | 2 header("Suborigin: foobar"); |
3 ?> | 3 ?> |
4 <!DOCTYPE html> | 4 <!DOCTYPE html> |
5 <html> | 5 <html> |
6 <head> | 6 <head> |
7 <title>Allow suborigin in HTTP header</title> | 7 <title>Allow suborigin in HTTP header</title> |
8 <script src="/resources/testharness.js"></script> | 8 <script src="/resources/testharness.js"></script> |
9 <script src="/resources/testharnessreport.js"></script> | 9 <script src="/resources/testharnessreport.js"></script> |
10 <script src="/security/suborigins/resources/suborigin-cors-lib.js"></script> | 10 <script src="/security/suborigins/resources/suborigin-cors-lib.js"></script> |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
42 } | 42 } |
43 fetch(this.src, options).then(response_func).catch(error_func); | 43 fetch(this.src, options).then(response_func).catch(error_func); |
44 }; | 44 }; |
45 | 45 |
46 var xorigin_preflight_script = "http://127.0.0.1:8000/security/resources/cors-sc
ript.php"; | 46 var xorigin_preflight_script = "http://127.0.0.1:8000/security/resources/cors-sc
ript.php"; |
47 | 47 |
48 // Fetch preflight tests | 48 // Fetch preflight tests |
49 new SuboriginFetchTest( | 49 new SuboriginFetchTest( |
50 false, | 50 false, |
51 "Complex anonymous Fetch preflight, no AC for custom header", | 51 "Complex anonymous Fetch preflight, no AC for custom header", |
52 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000", | 52 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000", |
53 "anonymous").execute(); | 53 "anonymous").execute(); |
54 | 54 |
55 new SuboriginFetchTest( | 55 new SuboriginFetchTest( |
56 true, | 56 true, |
57 "Complex anonymous Fetch preflight, has AC for custom header", | 57 "Complex anonymous Fetch preflight, has AC for custom header", |
58 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000&custom=x-cust
om-header", | 58 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000&custom=x-c
ustom-header", |
59 "anonymous").execute(); | 59 "anonymous").execute(); |
60 | 60 |
61 new SuboriginFetchTest( | 61 new SuboriginFetchTest( |
62 false, | 62 false, |
63 "Complex anonymous Fetch preflight with '*' ACAO, no AC for custom header", | 63 "Complex anonymous Fetch preflight with '*' ACAO, no AC for custom header", |
64 xorigin_preflight_script + "?cors=*", | 64 xorigin_preflight_script + "?cors=*", |
65 "anonymous").execute(); | 65 "anonymous").execute(); |
66 | 66 |
67 new SuboriginFetchTest( | 67 new SuboriginFetchTest( |
68 true, | 68 true, |
69 "Complex anonymous Fetch preflight with '*' ACAO, has AC for custom header", | 69 "Complex anonymous Fetch preflight with '*' ACAO, has AC for custom header", |
70 xorigin_preflight_script + "?cors=*&custom=x-custom-header", | 70 xorigin_preflight_script + "?cors=*&custom=x-custom-header", |
71 "anonymous").execute(); | 71 "anonymous").execute(); |
72 | 72 |
73 new SuboriginFetchTest( | 73 new SuboriginFetchTest( |
74 false, | 74 false, |
75 "Complex Fetch with credentials preflight, no AC for custom header", | 75 "Complex Fetch with credentials preflight, no AC for custom header", |
76 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000&credentials=t
rue", | 76 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000&credential
s=true", |
77 "use-credentials").execute(); | 77 "use-credentials").execute(); |
78 | 78 |
79 new SuboriginFetchTest( | 79 new SuboriginFetchTest( |
80 true, | 80 true, |
81 "Complex Fetch with credentials preflight, has AC for custom header", | 81 "Complex Fetch with credentials preflight, has AC for custom header", |
82 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000&credentials=t
rue&custom=x-custom-header", | 82 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000&credential
s=true&custom=x-custom-header", |
83 "use-credentials").execute(); | 83 "use-credentials").execute(); |
84 | 84 |
85 new SuboriginFetchTest( | 85 new SuboriginFetchTest( |
86 false, | 86 false, |
87 "Complex Fetch with credentials preflight with '*' ACAO, no AC for custom he
ader", | 87 "Complex Fetch with credentials preflight with '*' ACAO, no AC for custom he
ader", |
88 xorigin_preflight_script + "?cors=*&credentials=true", | 88 xorigin_preflight_script + "?cors=*&credentials=true", |
89 "use-credentials").execute(); | 89 "use-credentials").execute(); |
90 | 90 |
91 new SuboriginFetchTest( | 91 new SuboriginFetchTest( |
92 false, | 92 false, |
93 "Complex Fetch with credentials preflight with '*' ACAO, has AC for custom h
eader", | 93 "Complex Fetch with credentials preflight with '*' ACAO, has AC for custom h
eader", |
94 xorigin_preflight_script + "?cors=*&credentials=true&custom=x-custom-header"
, | 94 xorigin_preflight_script + "?cors=*&credentials=true&custom=x-custom-header"
, |
95 "use-credentials").execute(); | 95 "use-credentials").execute(); |
96 </script> | 96 </script> |
97 </body> | 97 </body> |
98 </html> | 98 </html> |
OLD | NEW |