blob: ba7d213a58243b6b3e4b0d64e05f7899803eea41 [file] [log] [blame]
<!DOCTYPE HTML>
<script src="/js-test-resources/js-test.js"></script>
<script>
description("Testing the handling of CORS-enabled <script> fetch in the presence of 'No CORS' redirects.");
// Explain the short form descriptions ('=>' representing the redirect.)
debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
debug("");
var redirect_cors = "no";
window.jsTestIsAsync = true;
if (window.testRunner)
testRunner.dumpAsText();
function finish() {
if (window.testRunner)
finishJSTest();
}
function fail() {
debug("FAIL: " + this.description);
runNextTest();
}
function pass() {
debug("PASS: " + this.description);
runNextTest();
}
// All redirects are non-CORS, no fetches expected to complete.
var tests = [
{ description: "Anonymous request: no-CORS => no-CORS script resource.",
url: "http://localhost:8000/security/resources/localScript.js",
success: false,
access: "anonymous"},
{ description: "Anonymous request: no-CORS => anonymous-CORS script resource.",
url: "http://localhost:8000/security/resources/script-allow-star.php",
success: false,
access: "anonymous"},
{ description: "Credentialled request: no-CORS => credential-CORS script resource (same origin.)",
url: "http://localhost:8000/security/resources/script-allow-credentials.php",
success: false,
access: "use-credentials"},
{ description: "Credentialled request: no-CORS => credential-CORS script resource (cross origin.)",
url: "http://127.0.0.1:8000/security/resources/script-allow-credentials.php",
success: false,
access: "use-credentials"},
];
function runNextTest() {
if (!tests.length) {
finish();
return;
}
var test = tests.shift();
var script = document.createElement("script");
script.onload = test.success ? pass : fail;
script.onerror = test.success ? fail : pass;
script.crossOrigin = test.access;
script.description = test.description;
var args = [ "mode=" + redirect_cors,
"url=" + test.url];
script.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
document.body.appendChild(script);
}
window.onload = runNextTest;
</script>