OLD | NEW |
(Empty) | |
| 1 if (this.document === undefined) { |
| 2 importScripts("/resources/testharness.js"); |
| 3 importScripts("../resources/utils.js"); |
| 4 } |
| 5 |
| 6 const url = "http://{{host}}:{{ports[http][1]}}" + dirname(location.pathname) +
RESOURCES_DIR + "top.txt", |
| 7 sharedHeaders = "?pipe=header(Access-Control-Expose-Headers,*)|header(Test
,X)|header(Set-Cookie,X)|" |
| 8 |
| 9 promise_test(() => { |
| 10 const headers = "header(Access-Control-Allow-Origin,*)" |
| 11 return fetch(url + sharedHeaders + headers).then(resp => { |
| 12 assert_equals(resp.status, 200) |
| 13 assert_equals(resp.type , "cors") |
| 14 assert_equals(resp.headers.get("test"), "X") |
| 15 assert_equals(resp.headers.get("set-cookie"), null) |
| 16 }) |
| 17 }, "Basic Access-Control-Expose-Headers: * support") |
| 18 |
| 19 promise_test(() => { |
| 20 const origin = location.origin, // assuming an ASCII origin |
| 21 headers = "header(Access-Control-Allow-Origin," + origin + ")|header(Acc
ess-Control-Allow-Credentials,true)" |
| 22 return fetch(url + sharedHeaders + headers, { credentials:"include" }).then(re
sp => { |
| 23 assert_equals(resp.status, 200) |
| 24 assert_equals(resp.type , "cors") |
| 25 assert_equals(resp.headers.get("content-type"), "text/plain") // safelisted |
| 26 assert_equals(resp.headers.get("test"), null) |
| 27 assert_equals(resp.headers.get("set-cookie"), null) |
| 28 }) |
| 29 }, "Cannot use * for credentialed fetches") |
| 30 |
| 31 done(); |
OLD | NEW |