| <!DOCTYPE HTML> |
| <script src="/js-test-resources/js-test.js"></script> |
| <script> |
| description("Testing the handling of CORS-enabled <script> fetch in the presence of 'No CORS' redirects."); |
| |
| // Explain the short form descriptions ('=>' representing the redirect.) |
| debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'"); |
| debug(""); |
| |
| var redirect_cors = "no"; |
| |
| window.jsTestIsAsync = true; |
| if (window.testRunner) |
| testRunner.dumpAsText(); |
| |
| function finish() { |
| if (window.testRunner) |
| finishJSTest(); |
| } |
| |
| function fail() { |
| debug("FAIL: " + this.description); |
| runNextTest(); |
| } |
| |
| function pass() { |
| debug("PASS: " + this.description); |
| runNextTest(); |
| } |
| |
| // All redirects are non-CORS, no fetches expected to complete. |
| var tests = [ |
| { description: "Anonymous request: no-CORS => no-CORS script resource.", |
| url: "http://localhost:8000/security/resources/localScript.js", |
| success: false, |
| access: "anonymous"}, |
| { description: "Anonymous request: no-CORS => anonymous-CORS script resource.", |
| url: "http://localhost:8000/security/resources/script-allow-star.php", |
| success: false, |
| access: "anonymous"}, |
| { description: "Credentialled request: no-CORS => credential-CORS script resource (same origin.)", |
| url: "http://localhost:8000/security/resources/script-allow-credentials.php", |
| success: false, |
| access: "use-credentials"}, |
| { description: "Credentialled request: no-CORS => credential-CORS script resource (cross origin.)", |
| url: "http://127.0.0.1:8000/security/resources/script-allow-credentials.php", |
| success: false, |
| access: "use-credentials"}, |
| ]; |
| |
| function runNextTest() { |
| if (!tests.length) { |
| finish(); |
| return; |
| } |
| var test = tests.shift(); |
| var script = document.createElement("script"); |
| script.onload = test.success ? pass : fail; |
| script.onerror = test.success ? fail : pass; |
| script.crossOrigin = test.access; |
| script.description = test.description; |
| var args = [ "mode=" + redirect_cors, |
| "url=" + test.url]; |
| script.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&"); |
| document.body.appendChild(script); |
| } |
| window.onload = runNextTest; |
| </script> |