LayoutTests/http/tests/xmlhttprequest/url-with-credentials.html - WebKit - Git at Google

 <head>
     <script src="/js-test-resources/js-test.js"></script>
     <script>
     function doTest() {
         description(`If the request contains credentials in its url, they should be stripped from it.
                      Also first attempt shouldn't contain basic auth header.`);
         window.jsTestIsAsync = true;

         window.xhr = new XMLHttpRequest();
         const baseUrl = 'http://foo:bar@127.0.0.1:8000/xmlhttprequest/resources/url-with-credentials/';

         /* 1.a [Sync] First trial must be access without credentials. */
         xhr.open('GET', baseUrl + 'authenticate.php', false);
         xhr.send(null);
         shouldBe(() => xhr.responseText, "'User:  Password: '");

         /* 1.b [Sync] Send auth info after getting authorization header. */
         xhr.open('GET', baseUrl + 'authorize.php', false);
         xhr.send(null);
         shouldBe(() => xhr.responseText, "'User: foo Password: bar'");

         /* 2.a [Async] First trial must be access without credentials. */
         xhr.open('GET', baseUrl + 'authenticate.php', true);
         xhr.onerror = xhr.onload = () => {
             shouldBe(() => xhr.responseText, "'User:  Password: '");

             /* 2.b [Async] Send auth info after getting authorization header. */
             xhr.open('GET', baseUrl + 'authorize.php', true);
             xhr.onerror = xhr.onload = () => {
                 shouldBe(() => xhr.responseText, "'User: foo Password: bar'");

                 finishJSTest();
             };
             xhr.send(null);
         };
         xhr.send(null);
     }
     </script>
 </head>

 <body onload="doTest()">
     <div id="description"></div>
     <div id="console"></div>
 </body>

 </html>
	<head>
	<script src="/js-test-resources/js-test.js"></script>
	<script>
	function doTest() {
	description(`If the request contains credentials in its url, they should be stripped from it.
	Also first attempt shouldn't contain basic auth header.`);
	window.jsTestIsAsync = true;

	window.xhr = new XMLHttpRequest();
	const baseUrl = 'http://foo:bar@127.0.0.1:8000/xmlhttprequest/resources/url-with-credentials/';

	/* 1.a [Sync] First trial must be access without credentials. */
	xhr.open('GET', baseUrl + 'authenticate.php', false);
	xhr.send(null);
	shouldBe(() => xhr.responseText, "'User: Password: '");

	/* 1.b [Sync] Send auth info after getting authorization header. */
	xhr.open('GET', baseUrl + 'authorize.php', false);
	xhr.send(null);
	shouldBe(() => xhr.responseText, "'User: foo Password: bar'");

	/* 2.a [Async] First trial must be access without credentials. */
	xhr.open('GET', baseUrl + 'authenticate.php', true);
	xhr.onerror = xhr.onload = () => {
	shouldBe(() => xhr.responseText, "'User: Password: '");

	/* 2.b [Async] Send auth info after getting authorization header. */
	xhr.open('GET', baseUrl + 'authorize.php', true);
	xhr.onerror = xhr.onload = () => {
	shouldBe(() => xhr.responseText, "'User: foo Password: bar'");

	finishJSTest();
	};
	xhr.send(null);
	};
	xhr.send(null);
	}
	</script>
	</head>

	<body onload="doTest()">
	<div id="description"></div>
	<div id="console"></div>
	</body>

	</html>