LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
   <head>
     <title>XMLHttpRequest: ensure user script headers do not get dropped during cross-origin redirections</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
   </head>
   <body>
     <script type="text/javascript">
 function doTest(testName, testURL, simpleRequest, changeOrigin)
 {
   promise_test(function(test) {
     var resolvePromise, rejectPromise;
     var promise = new Promise((resolve, reject) => {
         resolvePromise = resolve;
         rejectPromise = reject;
     });

     var xhr = new XMLHttpRequest;
     xhr.open("GET", testURL);
     xhr.setRequestHeader("accept", "groovy");

     if (!simpleRequest) {
         xhr.setRequestHeader("x-webkit", "funky");
         xhr.setRequestHeader("content-type", "rocky");
         xhr.setRequestHeader("authorization", "Basic QXV0aG9yaXphdGlvbi1IZWFkZXI6QXV0aG9yaXphdGlvbi1IZWFkZXI=");
     }

     xhr.onload = (test) => {
         assert_true(xhr.responseText.indexOf("accept header found: groovy") !== -1, "xhr final request should have an accept=groovy header");
         if (!simpleRequest) {
             assert_true(xhr.responseText.indexOf("x-webkit header found: funky") !== -1, "xhr final request should have a x-webkit=funky header");
             assert_true(xhr.responseText.indexOf("content-type header found: rocky") !== -1, "xhr final request should have a content-type=groovy header");
             assert_true(xhr.responseText.indexOf("not found any authorization header") !== -1, "xhr final request should not have an authorization header");
         }
         testPassed = true;
     }

     xhr.onerror = (e) => {
         rejectPromise("Loading failure");
     }

     var testPassed = false;
     xhr.onloadend = () => {
         testPassed ? resolvePromise() : rejectPromise("testPassed is not true");
     }
     xhr.send();
     return promise;
   }, testName);
 }

 var simpleRequest = true;

 doTest("Check headers after same-origin redirection to same-origin resource (simple request)",
         "resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
         simpleRequest);

 doTest("Check headers after same-origin redirection to same-origin resource (not simple request)",
         "resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
         !simpleRequest);

 doTest("Check headers after same origin redirection to cross-origin resource (simple request)",
         "resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
         simpleRequest);

 doTest("Check headers after same origin redirection to cross-origin resource (not simple request)",
         "resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
         !simpleRequest);

 doTest("Check headers after cross-origin redirection to same-origin resource (simple request)",
         "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
         simpleRequest);

 doTest("Check headers after cross-origin redirection to same-origin resource (not simple request)",
         "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
         !simpleRequest);

 doTest("Check headers after cross-origin redirection to cross-origin resource (simple request)",
         "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
         simpleRequest);

 doTest("Check headers after cross-origin redirection to cross-origin resource (not simple request)",
         "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
         !simpleRequest);

     </script>
   </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>XMLHttpRequest: ensure user script headers do not get dropped during cross-origin redirections</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	</head>
	<body>
	<script type="text/javascript">
	function doTest(testName, testURL, simpleRequest, changeOrigin)
	{
	promise_test(function(test) {
	var resolvePromise, rejectPromise;
	var promise = new Promise((resolve, reject) => {
	resolvePromise = resolve;
	rejectPromise = reject;
	});

	var xhr = new XMLHttpRequest;
	xhr.open("GET", testURL);
	xhr.setRequestHeader("accept", "groovy");

	if (!simpleRequest) {
	xhr.setRequestHeader("x-webkit", "funky");
	xhr.setRequestHeader("content-type", "rocky");
	xhr.setRequestHeader("authorization", "Basic QXV0aG9yaXphdGlvbi1IZWFkZXI6QXV0aG9yaXphdGlvbi1IZWFkZXI=");
	}

	xhr.onload = (test) => {
	assert_true(xhr.responseText.indexOf("accept header found: groovy") !== -1, "xhr final request should have an accept=groovy header");
	if (!simpleRequest) {
	assert_true(xhr.responseText.indexOf("x-webkit header found: funky") !== -1, "xhr final request should have a x-webkit=funky header");
	assert_true(xhr.responseText.indexOf("content-type header found: rocky") !== -1, "xhr final request should have a content-type=groovy header");
	assert_true(xhr.responseText.indexOf("not found any authorization header") !== -1, "xhr final request should not have an authorization header");
	}
	testPassed = true;
	}

	xhr.onerror = (e) => {
	rejectPromise("Loading failure");
	}

	var testPassed = false;
	xhr.onloadend = () => {
	testPassed ? resolvePromise() : rejectPromise("testPassed is not true");
	}
	xhr.send();
	return promise;
	}, testName);
	}

	var simpleRequest = true;

	doTest("Check headers after same-origin redirection to same-origin resource (simple request)",
	"resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
	simpleRequest);

	doTest("Check headers after same-origin redirection to same-origin resource (not simple request)",
	"resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
	!simpleRequest);

	doTest("Check headers after same origin redirection to cross-origin resource (simple request)",
	"resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
	simpleRequest);

	doTest("Check headers after same origin redirection to cross-origin resource (not simple request)",
	"resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
	!simpleRequest);

	doTest("Check headers after cross-origin redirection to same-origin resource (simple request)",
	"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
	simpleRequest);

	doTest("Check headers after cross-origin redirection to same-origin resource (not simple request)",
	"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
	!simpleRequest);

	doTest("Check headers after cross-origin redirection to cross-origin resource (simple request)",
	"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
	simpleRequest);

	doTest("Check headers after cross-origin redirection to cross-origin resource (not simple request)",
	"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
	!simpleRequest);

	</script>
	</body>
	</html>