| <!DOCTYPE HTML> |
| <script src="/js-test-resources/js-test.js"></script> |
| <script> |
| description("Testing the handling of CORS-enabled fetch in the presence of 'anonymous' redirects."); |
| |
| // Explain the short form descriptions ('=>' representing the redirect.) |
| debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'"); |
| debug(""); |
| |
| var redirect_cors = "anonymous"; |
| |
| window.jsTestIsAsync = true; |
| if (window.testRunner) |
| testRunner.dumpAsText(); |
| |
| function finish() { |
| if (window.testRunner) |
| finishJSTest(); |
| } |
| |
| function fail() { |
| debug("FAIL: " + this.description); |
| runNextTest(); |
| } |
| |
| function pass() { |
| debug("PASS: " + this.description); |
| runNextTest(); |
| } |
| var tests = [ |
| { description: "Anonymous request: anonymous => no-CORS image resource.", |
| url: "http://localhost:8000/security/resources/abe.png", |
| // Redirect is allowed, but fails access check on the non-CORS resource. |
| success: false, |
| access: "anonymous"}, |
| { description: "Anonymous request: anonymous => anonymous-CORS image resource.", |
| url: "http://localhost:8000/security/resources/abe-allow-star.php", |
| // Redirect is allowed, and passes access check on the CORS resource. |
| success: true, |
| access: "anonymous"}, |
| { description: "Credentialled request: anonymous => credentialled image resource (same origin.)", |
| url: "http://localhost:8000/security/resources/abe-allow-credentials.php", |
| // Redirect is not allowed ('*' on the CORS redirect response), no access. |
| success: false, |
| access: "use-credentials"}, |
| { description: "Credentialled request: anonymous => credentialled image resource (cross origin.)", |
| url: "http://127.0.0.1:8000/security/resources/abe-allow-credentials.php", |
| // Redirect is not allowed ('*' on the CORS redirect response), no access. |
| success: false, |
| access: "use-credentials"}, |
| ]; |
| |
| function runNextTest() { |
| if (!tests.length) { |
| finish(); |
| return; |
| } |
| var test = tests.shift(); |
| var img = new Image(); |
| img.onload = test.success ? pass : fail; |
| img.onerror = test.success ? fail : pass; |
| img.crossOrigin = test.access; |
| img.description = test.description; |
| var args = [ "mode=" + redirect_cors, |
| "url=" + test.url]; |
| img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&"); |
| document.body.appendChild(img); |
| } |
| window.onload = runNextTest; |
| </script> |