OLD | NEW |
(Empty) | |
| 1 if (this.document === undefined) { |
| 2 importScripts("/resources/testharness.js"); |
| 3 importScripts("../resources/utils.js"); |
| 4 importScripts("/common/get-host-info.sub.js") |
| 5 } |
| 6 |
| 7 function corsCookies(desc, baseURL1, baseURL2, credentialsMode, cookies) { |
| 8 var urlSetCookie = baseURL1 + dirname(location.pathname) + RESOURCES_DIR + "to
p.txt"; |
| 9 var urlCheckCookies = baseURL2 + dirname(location.pathname) + RESOURCES_DIR +
"inspect-headers.py?cors&headers=cookie"; |
| 10 //enable cors with credentials |
| 11 var urlParameters = "?pipe=header(Access-Control-Allow-Origin," + location.ori
gin + ")"; |
| 12 urlParameters += "|header(Access-Control-Allow-Credentials,true)"; |
| 13 |
| 14 var urlCleanParameters = "?pipe=header(Access-Control-Allow-Origin," + locatio
n.origin + ")"; |
| 15 urlCleanParameters += "|header(Access-Control-Allow-Credentials,true)"; |
| 16 if (cookies) { |
| 17 urlParameters += "|header(Set-Cookie,"; |
| 18 urlParameters += cookies.join(",True)|header(Set-Cookie,") + ",True)"; |
| 19 urlCleanParameters += "|header(Set-Cookie,"; |
| 20 urlCleanParameters += cookies.join("%3B%20max-age=0,True)|header(Set-Cookie
,") + "%3B%20max-age=0,True)"; |
| 21 } |
| 22 |
| 23 var requestInit = {"credentials": credentialsMode, "mode": "cors"}; |
| 24 |
| 25 promise_test(function(test){ |
| 26 return fetch(urlSetCookie + urlParameters, requestInit).then(function(resp)
{ |
| 27 assert_equals(resp.status, 200, "HTTP status is 200"); |
| 28 //check cookies sent |
| 29 return fetch(urlCheckCookies, requestInit); |
| 30 }).then(function(resp) { |
| 31 assert_equals(resp.status, 200, "HTTP status is 200"); |
| 32 assert_false(resp.headers.has("Cookie") , "Cookie header is not exposed in
response"); |
| 33 if (credentialsMode === "include" && baseURL1 === baseURL2) { |
| 34 assert_equals(resp.headers.get("x-request-cookie") , cookies.join("; "),
"Request includes cookie(s)"); |
| 35 } |
| 36 else { |
| 37 assert_false(resp.headers.has("x-request-cookie") , "Request should have
no cookie"); |
| 38 } |
| 39 //clean cookies |
| 40 return fetch(urlSetCookie + urlCleanParameters, {"credentials": "include"}
); |
| 41 }).catch(function(e) { |
| 42 return fetch(urlSetCookie + urlCleanParameters, {"credentials": "include"}
).then(function(resp) { |
| 43 throw e; |
| 44 }) |
| 45 }); |
| 46 }, desc); |
| 47 } |
| 48 |
| 49 var local = get_host_info().HTTP_ORIGIN; |
| 50 var remote = get_host_info().HTTP_REMOTE_ORIGIN; |
| 51 // FIXME: otherRemote might not be accessible on some test environments. |
| 52 var otherRemote = local.replace("http://", "http://www."); |
| 53 |
| 54 corsCookies("Omit mode: no cookie sent", local, local, "omit", ["g=7"]); |
| 55 corsCookies("Include mode: 1 cookie", remote, remote, "include", ["a=1"]); |
| 56 corsCookies("Include mode: local cookies are not sent with remote request", loca
l, remote, "include", ["c=3"]); |
| 57 corsCookies("Include mode: remote cookies are not sent with local request", remo
te, local, "include", ["d=4"]); |
| 58 corsCookies("Same-origin mode: cookies are discarded in cors request", remote, r
emote, "same-origin", ["f=6"]); |
| 59 corsCookies("Include mode: remote cookies are not sent with other remote request
", remote, otherRemote, "include", ["e=5"]); |
| 60 |
| 61 done(); |
OLD | NEW |