| // META: title=Cross-Origin POST with preflight and FormData body should send body |
| // META: script=/common/get-host-info.sub.js |
| "use strict"; |
| |
| function testCorsFormDataUpload(description, path, method, form, headers, withCredentials) { |
| const test = async_test(description); |
| const client = new XMLHttpRequest(); |
| const url = corsURL(path); |
| |
| client.open(method, url, true); |
| client.withCredentials = withCredentials; |
| for (const key of Object.keys(headers)) { |
| client.setRequestHeader(key, headers[key]); |
| } |
| |
| client.send(form); |
| |
| client.onload = () => { |
| test.step(() => { |
| assert_equals(client.status, 200); |
| assert_regexp_match(client.responseText, /Content-Disposition: form-data/); |
| |
| for (const key of form.keys()) { |
| assert_regexp_match(client.responseText, new RegExp(key)); |
| assert_regexp_match(client.responseText, new RegExp(form.get(key))); |
| } |
| }); |
| test.done(); |
| }; |
| } |
| |
| function corsURL(path) { |
| const url = new URL(path, location.href); |
| url.hostname = get_host_info().REMOTE_HOST; |
| return url.href; |
| } |
| |
| const form = new FormData(); |
| form.append("key", "value"); |
| |
| testCorsFormDataUpload( |
| "Cross-Origin POST FormData body but no preflight", |
| "resources/echo-content-cors.py", |
| "POST", |
| form, |
| {}, |
| false |
| ); |
| |
| testCorsFormDataUpload( |
| "Cross-Origin POST with preflight and FormData body", |
| "resources/echo-content-cors.py", |
| "POST", |
| form, |
| { |
| Authorization: "Bearer access-token" |
| }, |
| true |
| ); |