| <button onclick="presetAuthorization()">Start</button> |
| <pre id="console"></pre> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| function log(message) |
| { |
| document.getElementById('console').appendChild(document.createTextNode(message + '\n')); |
| } |
| |
| function presetAuthorization() |
| { |
| window.addEventListener("message", test, false); |
| window.open("http://localhost:8000/xmlhttprequest/resources/cross-origin-preset-authorization-frame.html"); |
| } |
| |
| function test() |
| { |
| log("Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space.\n") |
| log("You should see several PASS messages followed by a DONE\n"); |
| log("SCRIPT SRC='...' Should succeed, since authorization is sent for cross-origin subresource loads."); |
| var scriptElement = document.createElement("script"); |
| scriptElement.setAttribute("src", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py"); |
| scriptElement.setAttribute("onload", "test_sync_auth_stored()"); |
| scriptElement.setAttribute("onerror", "test_sync_auth_stored()"); |
| document.body.appendChild(scriptElement); |
| } |
| |
| function test_sync_auth_stored() |
| { |
| log("Cross-origin XMLHttpRequest (sync), testing stored authorization."); |
| |
| var req = new XMLHttpRequest; |
| req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", false); |
| req.withCredentials = true; |
| try { |
| req.send(); |
| log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS"); |
| } catch (ex) { |
| log("FAIL: Got an exception. " + ex); |
| } |
| test_sync_cookies(); |
| } |
| |
| function test_sync_cookies() |
| { |
| log("Cross-origin XMLHttpRequest (sync), testing cookies."); |
| |
| var req = new XMLHttpRequest; |
| req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.py", false); |
| req.withCredentials = true; |
| req.send(); |
| if (req.status == 200) |
| log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL"); |
| else |
| log("FAIL: Wrong status code " + req.status); |
| test_async_auth_stored(); |
| } |
| |
| function test_async_auth_stored() |
| { |
| log("Cross-origin XMLHttpRequest (async), testing stored authorization."); |
| |
| var req = new XMLHttpRequest; |
| req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", true); |
| req.withCredentials = true; |
| req.send(); |
| req.onload = function() { |
| log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS"); |
| test_async_cookies(); |
| } |
| req.onerror = function() { |
| log("FAIL: Received error event."); |
| test_async_cookies(); |
| } |
| } |
| |
| function test_async_cookies() |
| { |
| log("Cross-origin XMLHttpRequest (async), testing cookies."); |
| |
| var req = new XMLHttpRequest; |
| req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.py", true); |
| req.withCredentials = true; |
| req.send(); |
| req.onload = function() { |
| log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL"); |
| test_sync_auth_explicit(); |
| } |
| } |
| |
| function test_sync_auth_explicit() |
| { |
| log("Cross-origin XMLHttpRequest (sync), testing authorization with explicitly provided credentials that should be ignored."); |
| |
| var req = new XMLHttpRequest; |
| req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", false, "test2", "test2"); |
| req.withCredentials = true; |
| try { |
| req.send(); |
| if (req.status == 200) |
| log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS"); |
| else |
| log("FAIL: Wrong status code " + req.status); |
| } catch (ex) { |
| log("FAIL: Got an exception. " + ex); |
| } |
| test_async_auth_explicit(); |
| } |
| |
| |
| function test_async_auth_explicit() |
| { |
| log("Cross-origin XMLHttpRequest (async), testing authorization with explicitly provided credentials that should be ignored."); |
| |
| var req = new XMLHttpRequest; |
| req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.py", true, "test2", "test2"); |
| req.withCredentials = true; |
| req.send(); |
| req.onload = function() { |
| if (req.status == 200) |
| log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS"); |
| else |
| log("FAIL: Wrong status code " + req.status); |
| log("DONE"); |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| req.onerror = function() { |
| log("FAIL: Received error event."); |
| log("DONE"); |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| } |
| |
| if (window.testRunner) |
| presetAuthorization(); |
| </script> |