| <head> |
| <script src="/js-test-resources/js-test.js"></script> |
| <script> |
| function doTest() { |
| description(`If the request contains credentials in its url, they should be stripped from it. |
| Also first attempt shouldn't contain basic auth header.`); |
| window.jsTestIsAsync = true; |
| |
| window.xhr = new XMLHttpRequest(); |
| const baseUrl = 'http://foo:bar@127.0.0.1:8000/xmlhttprequest/resources/url-with-credentials/'; |
| |
| /* 1.a [Sync] First trial must be access without credentials. */ |
| xhr.open('GET', baseUrl + 'authenticate.py', false); |
| xhr.send(null); |
| shouldBe(() => xhr.responseText, "'User: Password: '"); |
| |
| /* 1.b [Sync] Send auth info after getting authorization header. */ |
| xhr.open('GET', baseUrl + 'authorize.py', false); |
| xhr.send(null); |
| shouldBe(() => xhr.responseText, "'User: foo Password: bar'"); |
| |
| /* 2.a [Async] First trial must be access without credentials. */ |
| xhr.open('GET', baseUrl + 'authenticate.py', true); |
| xhr.onerror = xhr.onload = () => { |
| shouldBe(() => xhr.responseText, "'User: Password: '"); |
| |
| /* 2.b [Async] Send auth info after getting authorization header. */ |
| xhr.open('GET', baseUrl + 'authorize.py', true); |
| xhr.onerror = xhr.onload = () => { |
| shouldBe(() => xhr.responseText, "'User: foo Password: bar'"); |
| |
| finishJSTest(); |
| }; |
| xhr.send(null); |
| }; |
| xhr.send(null); |
| } |
| </script> |
| </head> |
| |
| <body onload="doTest()"> |
| <div id="description"></div> |
| <div id="console"></div> |
| </body> |
| |
| </html> |