Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(77)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php

Issue 2651943002: Block subresource requests whose URLs include credentials. (Closed)
Patch Set: Test. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <p>Test that null values in XHR login/password parameters are treated correctly. </p> 1 <p>Test that null values in XHR login/password parameters are treated correctly. </p>
2 <p>No auth tokens should be sent with this request.</p> 2 <p>No auth tokens should be sent with this request.</p>
3 <pre id='syncResult'> </pre> 3 <pre id='syncResult'> </pre>
4 <script> 4 <script>
5 if (window.testRunner) 5 if (window.testRunner)
6 testRunner.dumpAsText(); 6 testRunner.dumpAsText();
7 7
8 req = new XMLHttpRequest; 8 try {
9 req.open('POST', '<?php echo 'http://foo:bar@' . $_SERVER['HTTP_HOST'] . '/xmlht tprequest/resources/echo-auth.php' ?>', false, null, null); 9 req = new XMLHttpRequest;
10 req.send(); 10 req.open('POST', '<?php echo 'http://foo:bar@' . $_SERVER['HTTP_HOST'] . '/xml httprequest/resources/echo-auth.php' ?>', false, null, null);
11 document.getElementById('syncResult').firstChild.nodeValue = req.responseText; 11 req.send();
12 console.log("Fail: credentialed URLs should throw.");
13 } catch (e) {
14 console.log("Pass: credentialed URL threw.");
15 }
12 </script> 16 </script>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698