| if (self.importScripts) { |
| importScripts('/fetch/resources/fetch-test-helpers.js'); |
| importScripts('/fetch/resources/thorough-util.js'); |
| } |
| |
| var {BASE_ORIGIN, OTHER_ORIGIN, BASE_URL, OTHER_BASE_URL} = get_thorough_test_options(); |
| |
| var TEST_TARGETS = [ |
| // Auth check |
| [BASE_URL + 'Auth&mode=same-origin&credentials=omit', |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [BASE_URL + 'Auth&mode=same-origin&credentials=include', |
| [fetchResolved, hasBody], [authCheck1]], |
| [BASE_URL + 'Auth&mode=same-origin&credentials=same-origin', |
| [fetchResolved, hasBody], [authCheck1]], |
| |
| [BASE_URL + 'Auth&mode=cors&credentials=omit', |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [BASE_URL + 'Auth&mode=cors&credentials=include', |
| [fetchResolved, hasBody], [authCheck1]], |
| [BASE_URL + 'Auth&mode=cors&credentials=same-origin', |
| [fetchResolved, hasBody], [authCheck1]], |
| |
| [OTHER_BASE_URL + 'Auth&mode=same-origin&credentials=omit', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=same-origin&credentials=include', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=same-origin&credentials=same-origin', |
| [fetchRejected]], |
| |
| // CORS check tests |
| // Spec: https://fetch.spec.whatwg.org/#concept-cors-check |
| |
| // If origin is null or failure, return failure. |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=omit', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=same-origin', |
| [fetchRejected]], |
| |
| // If credentials mode is not include, |
| // success if ACAOrigin is * or request's origin, or failure otherwise. |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=omit&ACAOrigin=*', |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=omit&ACAOrigin=' + |
| BASE_ORIGIN, |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=omit&ACAOrigin=http://www.example.com', |
| [fetchRejected]], |
| |
| // If credentials mode is include, |
| // success if ACAOrigin is request's origin and ACACredentials=true, |
| // or failure otherwise. |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=*', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN, |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=http://www.example.com', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=*&ACACredentials=true', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + '&ACACredentials=true', |
| [fetchResolved, hasBody, typeCors], [authCheck2]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=http://www.example.com&ACACredentials=true', |
| [fetchRejected]], |
| |
| // Test that Access-Control-Allow-Credentials is case-sensitive. |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + '&ACACredentials=True', |
| [fetchRejected]], |
| |
| // If credentials mode is not include, |
| // success if ACAOrigin is * or request's origin, or failure otherwise. |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=same-origin&ACAOrigin=*', |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=same-origin&ACAOrigin=' + |
| BASE_ORIGIN, |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=same-origin&ACAOrigin=http://www.example.com', |
| [fetchRejected]], |
| |
| // Credential check with CORS preflight. |
| |
| // Resolved because Authentication is not applied to CORS preflight. |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=omit&ACAOrigin=*&PACAOrigin=*&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=same-origin&ACAOrigin=*&PACAOrigin=*&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchResolved, hasBody], [checkJsonpError]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + '&PACAOrigin=' + BASE_ORIGIN + |
| '&ACACredentials=true&PACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchResolved, hasBody, typeCors], [authCheck2]], |
| |
| // Rejected because CORS preflight response returns 401. |
| [OTHER_BASE_URL + 'PAuth&mode=cors&credentials=omit&ACAOrigin=*&PACAOrigin=*&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'PAuth&mode=cors&credentials=same-origin&ACAOrigin=*&pACAOrigin=*&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'PAuth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + '&PACAOrigin=' + BASE_ORIGIN + |
| '&ACACredentials=true&PACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| |
| // Check that Access-Control-Allow-Origin/Access-Control-Allow-Credentials |
| // headers are checked in both CORS preflight and main fetch. |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + |
| '&ACACredentials=true&PACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&PACAOrigin=' + |
| BASE_ORIGIN + |
| '&ACACredentials=true&PACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| [OTHER_BASE_URL + |
| 'Auth&mode=cors&credentials=include&ACAOrigin=*&PACAOrigin=' + BASE_ORIGIN + |
| '&ACACredentials=true&PACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + |
| '&PACAOrigin=*&ACACredentials=true&PACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + '&PACAOrigin=' + BASE_ORIGIN + |
| '&ACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| [OTHER_BASE_URL + 'Auth&mode=cors&credentials=include&ACAOrigin=' + |
| BASE_ORIGIN + '&PACAOrigin=' + BASE_ORIGIN + |
| '&PACACredentials=true&method=PUT&PACAMethods=PUT&PreflightTest=200', |
| [fetchRejected]], |
| ]; |
| |
| if (self.importScripts) { |
| executeTests(TEST_TARGETS); |
| done(); |
| } |