blob: e2472a922a482159bb16e97442b21997dadd3362 [file] [log] [blame]
<head>
<script src="/js-test-resources/js-test.js"></script>
<script>
function doTest() {
description(`If the request contains credentials in its url, they should be stripped from it.
Also first attempt shouldn't contain basic auth header.`);
window.jsTestIsAsync = true;
window.xhr = new XMLHttpRequest();
const baseUrl = 'http://foo:bar@127.0.0.1:8000/xmlhttprequest/resources/url-with-credentials/';
/* 1.a [Sync] First trial must be access without credentials. */
xhr.open('GET', baseUrl + 'authenticate.py', false);
xhr.send(null);
shouldBe(() => xhr.responseText, "'User: Password: '");
/* 1.b [Sync] Send auth info after getting authorization header. */
xhr.open('GET', baseUrl + 'authorize.py', false);
xhr.send(null);
shouldBe(() => xhr.responseText, "'User: foo Password: bar'");
/* 2.a [Async] First trial must be access without credentials. */
xhr.open('GET', baseUrl + 'authenticate.py', true);
xhr.onerror = xhr.onload = () => {
shouldBe(() => xhr.responseText, "'User: Password: '");
/* 2.b [Async] Send auth info after getting authorization header. */
xhr.open('GET', baseUrl + 'authorize.py', true);
xhr.onerror = xhr.onload = () => {
shouldBe(() => xhr.responseText, "'User: foo Password: bar'");
finishJSTest();
};
xhr.send(null);
};
xhr.send(null);
}
</script>
</head>
<body onload="doTest()">
<div id="description"></div>
<div id="console"></div>
</body>
</html>