blob: 188051ad25527abe6c2e12c5776a748094461ff2 [file] [log] [blame]
<button onclick="presetAuthorization()">Start</button>
<pre id="console"></pre>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
function log(message)
{
document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
}
function presetAuthorization()
{
window.addEventListener("message", test, false);
window.open("http://localhost:8000/xmlhttprequest/resources/cross-origin-preset-authorization-frame.html");
}
function test()
{
log("Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space.\n")
log("You should see several PASS messages followed by a DONE\n");
log("SCRIPT SRC='...' Should succeed, since authorization is sent for cross-origin subresource loads.");
var scriptElement = document.createElement("script");
scriptElement.setAttribute("src", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py");
scriptElement.setAttribute("onload", "test_sync_auth_stored()");
scriptElement.setAttribute("onerror", "test_sync_auth_stored()");
document.body.appendChild(scriptElement);
}
function test_sync_auth_stored()
{
log("Cross-origin XMLHttpRequest (sync), testing stored authorization.");
var req = new XMLHttpRequest;
req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", false);
req.withCredentials = true;
try {
req.send();
log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS");
} catch (ex) {
log("FAIL: Got an exception. " + ex);
}
test_sync_cookies();
}
function test_sync_cookies()
{
log("Cross-origin XMLHttpRequest (sync), testing cookies.");
var req = new XMLHttpRequest;
req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.py", false);
req.withCredentials = true;
req.send();
if (req.status == 200)
log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL");
else
log("FAIL: Wrong status code " + req.status);
test_async_auth_stored();
}
function test_async_auth_stored()
{
log("Cross-origin XMLHttpRequest (async), testing stored authorization.");
var req = new XMLHttpRequest;
req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", true);
req.withCredentials = true;
req.send();
req.onload = function() {
log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS");
test_async_cookies();
}
req.onerror = function() {
log("FAIL: Received error event.");
test_async_cookies();
}
}
function test_async_cookies()
{
log("Cross-origin XMLHttpRequest (async), testing cookies.");
var req = new XMLHttpRequest;
req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.py", true);
req.withCredentials = true;
req.send();
req.onload = function() {
log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL");
test_sync_auth_explicit();
}
}
function test_sync_auth_explicit()
{
log("Cross-origin XMLHttpRequest (sync), testing authorization with explicitly provided credentials that should be ignored.");
var req = new XMLHttpRequest;
req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", false, "test2", "test2");
req.withCredentials = true;
try {
req.send();
if (req.status == 200)
log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS");
else
log("FAIL: Wrong status code " + req.status);
} catch (ex) {
log("FAIL: Got an exception. " + ex);
}
test_async_auth_explicit();
}
function test_async_auth_explicit()
{
log("Cross-origin XMLHttpRequest (async), testing authorization with explicitly provided credentials that should be ignored.");
var req = new XMLHttpRequest;
req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", true, "test2", "test2");
req.withCredentials = true;
req.send();
req.onload = function() {
if (req.status == 200)
log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS");
else
log("FAIL: Wrong status code " + req.status);
log("DONE");
if (window.testRunner)
testRunner.notifyDone();
}
req.onerror = function() {
log("FAIL: Received error event.");
log("DONE");
if (window.testRunner)
testRunner.notifyDone();
}
}
if (window.testRunner)
presetAuthorization();
</script>