OLD | NEW |
1 <?php | 1 <?php |
2 header("Suborigin: foobar"); | 2 header("Suborigin: foobar"); |
3 ?> | 3 ?> |
4 <!DOCTYPE html> | 4 <!DOCTYPE html> |
5 <html> | 5 <html> |
6 <head> | 6 <head> |
7 <title>Allow suborigin in HTTP header</title> | 7 <title>Allow suborigin in HTTP header</title> |
8 <script src="/resources/testharness.js"></script> | 8 <script src="/resources/testharness.js"></script> |
9 <script src="/resources/testharnessreport.js"></script> | 9 <script src="/resources/testharnessreport.js"></script> |
10 <script src="/security/suborigins/resources/suborigin-cors-lib.js"></script> | 10 <script src="/security/suborigins/resources/suborigin-cors-lib.js"></script> |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
48 xhr.setRequestHeader("x-custom-header", "foobar"); | 48 xhr.setRequestHeader("x-custom-header", "foobar"); |
49 xhr.send(); | 49 xhr.send(); |
50 }; | 50 }; |
51 | 51 |
52 var xorigin_preflight_script = "http://127.0.0.1:8000/security/resources/cors-sc
ript.php"; | 52 var xorigin_preflight_script = "http://127.0.0.1:8000/security/resources/cors-sc
ript.php"; |
53 | 53 |
54 // XHR preflight tests | 54 // XHR preflight tests |
55 new SuboriginXHRTest( | 55 new SuboriginXHRTest( |
56 false, | 56 false, |
57 "Complex anonymous XHR preflight, no AC for custom header", | 57 "Complex anonymous XHR preflight, no AC for custom header", |
58 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000", | 58 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000", |
59 "anonymous").execute(); | 59 "anonymous").execute(); |
60 | 60 |
61 new SuboriginXHRTest( | 61 new SuboriginXHRTest( |
62 true, | 62 true, |
63 "Complex anonymous XHR preflight, has AC for custom header", | 63 "Complex anonymous XHR preflight, has AC for custom header", |
64 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000&custom=x-cust
om-header", | 64 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000&custom=x-c
ustom-header", |
65 "anonymous").execute(); | 65 "anonymous").execute(); |
66 | 66 |
67 new SuboriginXHRTest( | 67 new SuboriginXHRTest( |
68 false, | 68 false, |
69 "Complex anonymous XHR preflight with '*' ACAO, no AC for custom header", | 69 "Complex anonymous XHR preflight with '*' ACAO, no AC for custom header", |
70 xorigin_preflight_script + "?cors=*", | 70 xorigin_preflight_script + "?cors=*", |
71 "anonymous").execute(); | 71 "anonymous").execute(); |
72 | 72 |
73 new SuboriginXHRTest( | 73 new SuboriginXHRTest( |
74 true, | 74 true, |
75 "Complex anonymous XHR preflight with '*' ACAO, has AC for custom header", | 75 "Complex anonymous XHR preflight with '*' ACAO, has AC for custom header", |
76 xorigin_preflight_script + "?cors=*&custom=x-custom-header", | 76 xorigin_preflight_script + "?cors=*&custom=x-custom-header", |
77 "anonymous").execute(); | 77 "anonymous").execute(); |
78 | 78 |
79 new SuboriginXHRTest( | 79 new SuboriginXHRTest( |
80 false, | 80 false, |
81 "Complex XHR with credentials preflight, no AC for custom header", | 81 "Complex XHR with credentials preflight, no AC for custom header", |
82 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000&credentials=t
rue", | 82 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000&credential
s=true", |
83 "use-credentials").execute(); | 83 "use-credentials").execute(); |
84 | 84 |
85 new SuboriginXHRTest( | 85 new SuboriginXHRTest( |
86 true, | 86 true, |
87 "Complex XHR with credentials preflight, has AC for custom header", | 87 "Complex XHR with credentials preflight, has AC for custom header", |
88 xorigin_preflight_script + "?cors=http://foobar_127.0.0.1:8000&credentials=t
rue&custom=x-custom-header", | 88 xorigin_preflight_script + "?cors=http-so://foobar.127.0.0.1:8000&credential
s=true&custom=x-custom-header", |
89 "use-credentials").execute(); | 89 "use-credentials").execute(); |
90 | 90 |
91 new SuboriginXHRTest( | 91 new SuboriginXHRTest( |
92 false, | 92 false, |
93 "Complex XHR with credentials preflight with '*' ACAO, no AC for custom head
er", | 93 "Complex XHR with credentials preflight with '*' ACAO, no AC for custom head
er", |
94 xorigin_preflight_script + "?cors=*&credentials=true", | 94 xorigin_preflight_script + "?cors=*&credentials=true", |
95 "use-credentials").execute(); | 95 "use-credentials").execute(); |
96 | 96 |
97 new SuboriginXHRTest( | 97 new SuboriginXHRTest( |
98 false, | 98 false, |
99 "Complex XHR with credentials preflight with '*' ACAO, has AC for custom hea
der", | 99 "Complex XHR with credentials preflight with '*' ACAO, has AC for custom hea
der", |
100 xorigin_preflight_script + "?cors=*&credentials=true&custom=x-custom-header"
, | 100 xorigin_preflight_script + "?cors=*&credentials=true&custom=x-custom-header"
, |
101 "use-credentials").execute(); | 101 "use-credentials").execute(); |
102 </script> | 102 </script> |
103 </body> | 103 </body> |
104 </html> | 104 </html> |
OLD | NEW |