| <!doctype html> |
| <html> |
| <head> |
| <title>XMLHttpRequest: send() - Redirect to CORS-enabled resource</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <div id="log"></div> |
| <script> |
| function extractBody(body) { |
| if (body === null) { |
| return { body: "", type: "NO" }; |
| } |
| if (typeof body === "string") { |
| return { body: body, type: "text/plain;charset=UTF-8" }; |
| } |
| if (body instanceof Uint8Array) { |
| const arr = Array.prototype.slice.call(body); |
| return { body: String.fromCharCode.apply(null, arr), type: "NO" } |
| } |
| return { body: "EXTRACT NOT IMPLEMENTED", type: "EXTRACT NOT IMPLEMENTED" } |
| } |
| |
| function redirect(code, name = code, method = "GET", body = null, explicitType = null, safelistContentType = false) { |
| async_test(t => { |
| let { body: expectedBody, type: expectedType } = extractBody(body); |
| if (explicitType !== null) { |
| expectedType = explicitType; |
| } |
| let expectedMethod = method; |
| if (((code === "301" || code === "302") && method === "POST") || (code === "303" && method !== "GET" && method !== "HEAD")) { |
| expectedMethod = "GET"; |
| expectedBody = ""; |
| expectedType = "NO"; |
| } |
| const client = new XMLHttpRequest(); |
| client.onreadystatechange = t.step_func(() => { |
| if (client.readyState === 4) { |
| if ((expectedMethod === "GET" && expectedType === "NO") || explicitType !== "application/x-pony" || safelistContentType) { |
| assert_equals(client.status, 200); |
| assert_equals(client.getResponseHeader("x-request-method"), expectedMethod); |
| assert_equals(client.getResponseHeader("x-request-content-type"), expectedType); |
| assert_equals(client.getResponseHeader("x-request-data"), expectedBody); |
| } else { |
| // "application/x-pony" is not safelisted by corsenabled.py -> network error |
| assert_equals(client.status, 0); |
| assert_equals(client.statusText, ""); |
| assert_equals(client.responseText, ""); |
| assert_equals(client.responseXML, null); |
| } |
| t.done(); |
| } |
| }); |
| let safelist = ""; |
| if (safelistContentType) { |
| safelist = "?safelist_content_type"; |
| } |
| client.open(method, "resources/redirect.py?location="+encodeURIComponent("http://www2."+location.host+(location.pathname.replace(/[^\/]+$/, ''))+'resources/corsenabled.py')+safelist+"&code=" + code); |
| if (explicitType !== null) { |
| client.setRequestHeader("Content-Type", explicitType); |
| } |
| client.send(body); |
| }, document.title + " (" + name + ")"); |
| } |
| // corsenabled.py safelists methods GET, POST, PUT, and FOO |
| redirect("301") |
| redirect("301", "301 GET with explicit Content-Type", "GET", null, "application/x-pony") |
| redirect("301", "301 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true) |
| redirect("303", "303 GET with explicit Content-Type safelisted", "GET", null, "application/x-pony", true) |
| redirect("302") |
| redirect("303") |
| redirect("302", "302 FOO with string and explicit Content-Type safelisted", "FOO", "test", "application/x-pony", true) |
| redirect("303", "303 FOO with string and explicit Content-Type safelisted", "FOO", "test", "application/x-pony", true) |
| redirect("307") |
| redirect("307", "307 post with null", "POST", null) |
| redirect("307", "307 post with string", "POST", "hello") |
| redirect("307", "307 post with typed array", "POST", new Uint8Array([65, 66, 67])) |
| redirect("301", "301 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| redirect("301", "301 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/x-pony", true) |
| redirect("302", "302 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| redirect("307", "307 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| redirect("307", "307 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony") |
| redirect("308", "308 POST with string and explicit Content-Type", "POST", "yoyo", "application/x-pony") |
| redirect("308", "308 FOO with string and explicit Content-Type", "FOO", "yoyo", "application/x-pony") |
| redirect("308", "308 FOO with string and explicit Content-Type text/plain", "FOO", "yoyo", "text/plain") |
| redirect("308", "308 FOO with string and explicit Content-Type multipart/form-data", "FOO", "yoyo", "multipart/form-data") |
| redirect("308", "308 FOO with string and explicit Content-Type safelisted", "FOO", "yoyo", "application/thunderstorm", true) |
| redirect("307", "307 POST with string and explicit Content-Type safelisted", "POST", "yoyo", "application/thunderstorm", true) |
| </script> |
| </body> |
| </html> |