LayoutTests/http/tests/xmlhttprequest/cross-origin-authorization.html - WebKit - Git at Google

 <button onclick="presetAuthorization()">Start</button>
 <pre id="console"></pre>
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
     testRunner.waitUntilDone();
     testRunner.setCanOpenWindows();
 }

 function log(message)
 {
     document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
 }

 function presetAuthorization()
 {
     window.addEventListener("message", test, false);
     window.open("http://localhost:8000/xmlhttprequest/resources/cross-origin-preset-authorization-frame.html");
 }

 function test()
 {
     log("Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space.\n")
     log("You should see several PASS messages followed by a DONE\n");
     log("SCRIPT SRC='...' Should succeed, since authorization is sent for cross-origin subresource loads.");
     var scriptElement = document.createElement("script");
     scriptElement.setAttribute("src", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php");
     scriptElement.setAttribute("onload", "test_sync_auth_stored()");
     scriptElement.setAttribute("onerror", "test_sync_auth_stored()");
     document.body.appendChild(scriptElement);
 }

 function test_sync_auth_stored()
 {
     log("Cross-origin XMLHttpRequest (sync), testing stored authorization.");

     var req = new XMLHttpRequest;
     req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", false);
     req.withCredentials = true;
     try {
         req.send();
         log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS");
     } catch (ex) {
         log("FAIL: Got an exception. " + ex);
     }
     test_sync_cookies();
 }

 function test_sync_cookies()
 {
     log("Cross-origin XMLHttpRequest (sync), testing cookies.");

     var req = new XMLHttpRequest;
     req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.php", false);
     req.withCredentials = true;
     req.send();
     if (req.status == 200)
         log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL");
     else
         log("FAIL: Wrong status code " + req.status);
     test_async_auth_stored();
 }

 function test_async_auth_stored()
 {
     log("Cross-origin XMLHttpRequest (async), testing stored authorization.");

     var req = new XMLHttpRequest;
     req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", true);
     req.withCredentials = true;
     req.send();
     req.onload = function() {
         log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS");
         test_async_cookies();
     }
     req.onerror = function() {
         log("FAIL: Received error event.");
         test_async_cookies();
     }
 }

 function test_async_cookies()
 {
     log("Cross-origin XMLHttpRequest (async), testing cookies.");

     var req = new XMLHttpRequest;
     req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.php", true);
     req.withCredentials = true;
     req.send();
     req.onload = function() {
         log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL");
         test_sync_auth_explicit();
     }
 }

 function test_sync_auth_explicit()
 {
     log("Cross-origin XMLHttpRequest (sync), testing authorization with explicitly provided credentials that should be ignored.");

     var req = new XMLHttpRequest;
     req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", false, "test2", "test2");
     req.withCredentials = true;
     try {
         req.send();
         if (req.status == 200)
             log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS");
         else
             log("FAIL: Wrong status code " + req.status);
     } catch (ex) {
         log("FAIL: Got an exception. " + ex);
     }
     test_async_auth_explicit();
 }


 function test_async_auth_explicit()
 {
     log("Cross-origin XMLHttpRequest (async), testing authorization with explicitly provided credentials that should be ignored.");

     var req = new XMLHttpRequest;
     req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", true, "test2", "test2");
     req.withCredentials = true;
     req.send();
     req.onload = function() {
         if (req.status == 200)
             log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS");
         else
             log("FAIL: Wrong status code " + req.status);
         log("DONE");
         if (window.testRunner)
             testRunner.notifyDone();
     }
     req.onerror = function() {
         log("FAIL: Received error event.");
         log("DONE");
         if (window.testRunner)
             testRunner.notifyDone();
     }
 }

 if (window.testRunner)
     presetAuthorization();
 </script>
	<button onclick="presetAuthorization()">Start</button>
	<pre id="console"></pre>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.waitUntilDone();
	testRunner.setCanOpenWindows();
	}

	function log(message)
	{
	document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
	}

	function presetAuthorization()
	{
	window.addEventListener("message", test, false);
	window.open("http://localhost:8000/xmlhttprequest/resources/cross-origin-preset-authorization-frame.html");
	}

	function test()
	{
	log("Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space.\n")
	log("You should see several PASS messages followed by a DONE\n");
	log("SCRIPT SRC='...' Should succeed, since authorization is sent for cross-origin subresource loads.");
	var scriptElement = document.createElement("script");
	scriptElement.setAttribute("src", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php");
	scriptElement.setAttribute("onload", "test_sync_auth_stored()");
	scriptElement.setAttribute("onerror", "test_sync_auth_stored()");
	document.body.appendChild(scriptElement);
	}

	function test_sync_auth_stored()
	{
	log("Cross-origin XMLHttpRequest (sync), testing stored authorization.");

	var req = new XMLHttpRequest;
	req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", false);
	req.withCredentials = true;
	try {
	req.send();
	log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS");
	} catch (ex) {
	log("FAIL: Got an exception. " + ex);
	}
	test_sync_cookies();
	}

	function test_sync_cookies()
	{
	log("Cross-origin XMLHttpRequest (sync), testing cookies.");

	var req = new XMLHttpRequest;
	req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.php", false);
	req.withCredentials = true;
	req.send();
	if (req.status == 200)
	log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL");
	else
	log("FAIL: Wrong status code " + req.status);
	test_async_auth_stored();
	}

	function test_async_auth_stored()
	{
	log("Cross-origin XMLHttpRequest (async), testing stored authorization.");

	var req = new XMLHttpRequest;
	req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", true);
	req.withCredentials = true;
	req.send();
	req.onload = function() {
	log((req.status == 401) ? "FAIL: 401 Authorization required" : "PASS");
	test_async_cookies();
	}
	req.onerror = function() {
	log("FAIL: Received error event.");
	test_async_cookies();
	}
	}

	function test_async_cookies()
	{
	log("Cross-origin XMLHttpRequest (async), testing cookies.");

	var req = new XMLHttpRequest;
	req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-check-cookies.php", true);
	req.withCredentials = true;
	req.send();
	req.onload = function() {
	log(req.responseText.match(/WK\-cross\-origin/) ? "PASS" : "FAIL");
	test_sync_auth_explicit();
	}
	}

	function test_sync_auth_explicit()
	{
	log("Cross-origin XMLHttpRequest (sync), testing authorization with explicitly provided credentials that should be ignored.");

	var req = new XMLHttpRequest;
	req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", false, "test2", "test2");
	req.withCredentials = true;
	try {
	req.send();
	if (req.status == 200)
	log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS");
	else
	log("FAIL: Wrong status code " + req.status);
	} catch (ex) {
	log("FAIL: Got an exception. " + ex);
	}
	test_async_auth_explicit();
	}


	function test_async_auth_explicit()
	{
	log("Cross-origin XMLHttpRequest (async), testing authorization with explicitly provided credentials that should be ignored.");

	var req = new XMLHttpRequest;
	req.open("GET", "http://localhost:8000/xmlhttprequest/resources/cross-origin-authorization.php", true, "test2", "test2");
	req.withCredentials = true;
	req.send();
	req.onload = function() {
	if (req.status == 200)
	log(req.responseText.match(/test2/) ? "FAIL: Explicit credentials were not ignored" : "PASS");
	else
	log("FAIL: Wrong status code " + req.status);
	log("DONE");
	if (window.testRunner)
	testRunner.notifyDone();
	}
	req.onerror = function() {
	log("FAIL: Received error event.");
	log("DONE");
	if (window.testRunner)
	testRunner.notifyDone();
	}
	}

	if (window.testRunner)
	presetAuthorization();
	</script>