<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[213914] trunk/LayoutTests</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/213914">213914</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2017-03-14 10:30:19 -0700 (Tue, 14 Mar 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Import web-platform-tests/cors
https://bugs.webkit.org/show_bug.cgi?id=169565
Patch by Youenn Fablet <youenn@apple.com> on 2017-03-14
Reviewed by Sam Weinig.
LayoutTests/imported/w3c:
* resources/import-expectations.json:
* web-platform-tests/cors/304-expected.txt: Added.
* web-platform-tests/cors/304.htm: Added.
* web-platform-tests/cors/OWNERS: Added.
* web-platform-tests/cors/README.md: Added.
* web-platform-tests/cors/allow-headers-expected.txt: Added.
* web-platform-tests/cors/allow-headers.htm: Added.
* web-platform-tests/cors/basic-expected.txt: Added.
* web-platform-tests/cors/basic.htm: Added.
* web-platform-tests/cors/credentials-flag-expected.txt: Added.
* web-platform-tests/cors/credentials-flag.htm: Added.
* web-platform-tests/cors/late-upload-events-expected.txt: Added.
* web-platform-tests/cors/late-upload-events.htm: Added.
* web-platform-tests/cors/origin-expected.txt: Added.
* web-platform-tests/cors/origin.htm: Added.
* web-platform-tests/cors/preflight-cache-expected.txt: Added.
* web-platform-tests/cors/preflight-cache.htm: Added.
* web-platform-tests/cors/preflight-failure-expected.txt: Added.
* web-platform-tests/cors/preflight-failure.htm: Added.
* web-platform-tests/cors/redirect-origin-expected.txt: Added.
* web-platform-tests/cors/redirect-origin.htm: Added.
* web-platform-tests/cors/redirect-preflight-2-expected.txt: Added.
* web-platform-tests/cors/redirect-preflight-2.htm: Added.
* web-platform-tests/cors/redirect-preflight-expected.txt: Added.
* web-platform-tests/cors/redirect-preflight.htm: Added.
* web-platform-tests/cors/redirect-userinfo-expected.txt: Added.
* web-platform-tests/cors/redirect-userinfo.htm: Added.
* web-platform-tests/cors/remote-origin-expected.txt: Added.
* web-platform-tests/cors/remote-origin.htm: Added.
* web-platform-tests/cors/request-headers-expected.txt: Added.
* web-platform-tests/cors/request-headers.htm: Added.
* web-platform-tests/cors/resources/304.py: Added.
(error):
(main):
* web-platform-tests/cors/resources/checkandremove.py: Added.
(main):
* web-platform-tests/cors/resources/cors-cookie.py: Added.
(main):
* web-platform-tests/cors/resources/cors-headers.asis: Added.
* web-platform-tests/cors/resources/cors-makeheader.py: Added.
(main):
* web-platform-tests/cors/resources/preflight.py: Added.
(main):
* web-platform-tests/cors/resources/remote-xhrer.html: Added.
* web-platform-tests/cors/resources/status.py: Added.
(main):
* web-platform-tests/cors/resources/w3c-import.log: Added.
* web-platform-tests/cors/response-headers-expected.txt: Added.
* web-platform-tests/cors/response-headers.htm: Added.
* web-platform-tests/cors/simple-requests-expected.txt: Added.
* web-platform-tests/cors/simple-requests.htm: Added.
* web-platform-tests/cors/status-async-expected.txt: Added.
* web-platform-tests/cors/status-async.htm: Added.
* web-platform-tests/cors/status-expected.txt: Added.
* web-platform-tests/cors/status-preflight-expected.txt: Added.
* web-platform-tests/cors/status-preflight.htm: Added.
* web-platform-tests/cors/status.htm: Added.
* web-platform-tests/cors/support.js: Added.
(dirname):
* web-platform-tests/cors/w3c-import.log: Added.
LayoutTests:
* tests-options.json:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkLayoutTestsTestExpectationsorig">trunk/LayoutTests/TestExpectations.orig</a></li>
<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsimportedw3cresourcesimportexpectationsjson">trunk/LayoutTests/imported/w3c/resources/import-expectations.json</a></li>
<li><a href="#trunkLayoutTeststestsoptionsjson">trunk/LayoutTests/tests-options.json</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>trunk/LayoutTests/imported/w3c/web-platform-tests/cors/</li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscors304expectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscors304htm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsOWNERS">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/OWNERS</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsREADMEmd">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/README.md</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsallowheadersexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsallowheadershtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsbasicexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsbasichtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorscredentialsflagexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorscredentialsflaghtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorslateuploadeventsexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorslateuploadeventshtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsoriginhtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorspreflightcacheexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorspreflightcachehtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorspreflightfailureexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorspreflightfailurehtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectoriginhtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflight2expectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflight2htm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflightexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflighthtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectuserinfoexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsredirectuserinfohtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsremoteoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsremoteoriginhtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsrequestheadersexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsrequestheadershtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers.htm</a></li>
<li>trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/</li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresources304py">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/304.py</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescheckandremovepy">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/checkandremove.py</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescorscookiepy">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-cookie.py</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescorsheadersasis">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-headers.asis</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescorsmakeheaderpy">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-makeheader.py</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcespreflightpy">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight.py</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcesremotexhrerhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/remote-xhrer.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcesstatuspy">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/status.py</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresourcesw3cimportlog">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/w3c-import.log</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresponseheadersexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsresponseheadershtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorssimplerequestsexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorssimplerequestshtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsstatusasyncexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsstatusasynchtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsstatusexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsstatuspreflightexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsstatuspreflighthtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsstatushtm">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status.htm</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorssupportjs">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/support.js</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscorsw3cimportlog">trunk/LayoutTests/imported/w3c/web-platform-tests/cors/w3c-import.log</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (213913 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog        2017-03-14 17:21:17 UTC (rev 213913)
+++ trunk/LayoutTests/ChangeLog        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -1,3 +1,12 @@
</span><ins>+2017-03-14 Youenn Fablet <youenn@apple.com>
+
+ Import web-platform-tests/cors
+ https://bugs.webkit.org/show_bug.cgi?id=169565
+
+ Reviewed by Sam Weinig.
+
+ * tests-options.json:
+
</ins><span class="cx"> 2017-03-14 Antoine Quint <graouts@apple.com>
</span><span class="cx">
</span><span class="cx"> [Modern Media Controls] iOS may attempt to load fullscreen icon variants
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (213913 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations        2017-03-14 17:21:17 UTC (rev 213913)
+++ trunk/LayoutTests/TestExpectations        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -302,6 +302,20 @@
</span><span class="cx"> webkit.org/b/154310 [ Debug ] imported/w3c/web-platform-tests/html/dom/reflection-text.html [ Skip ]
</span><span class="cx"> webkit.org/b/162517 [ Debug ] imported/w3c/web-platform-tests/html/the-xhtml-syntax/parsing-xhtml-documents/xhtml-mathml-dtd-entity-support.htm [ Skip ]
</span><span class="cx">
</span><ins>+# Tests that are flaky due to console log / error messages
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/basic.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/credentials-flag.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/preflight-cache.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/preflight-failure.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/redirect-origin.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/redirect-preflight.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/redirect-preflight-2.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/simple-requests.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/simple-requests.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/status-preflight.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/status-async.htm [ Failure ]
+webkit.org/b/169565 imported/w3c/web-platform-tests/cors/304.htm [ Failure ]
+
</ins><span class="cx"> # WPT tests that fail after doing full test repository reimport and need further investigation
</span><span class="cx"> imported/w3c/web-platform-tests/XMLHttpRequest/send-entity-body-document.htm [ Pass Failure Timeout ]
</span><span class="cx"> imported/w3c/web-platform-tests/dom/nodes/Document-createElement-namespace.html [ Pass Failure ]
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectationsorig"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations.orig (213913 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations.orig        2017-03-14 17:21:17 UTC (rev 213913)
+++ trunk/LayoutTests/TestExpectations.orig        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -35,6 +35,9 @@
</span><span class="cx"> media/controls/ipad [ Skip ]
</span><span class="cx"> fast/text-autosizing [ Skip ]
</span><span class="cx">
</span><ins>+# window.showModalDialog is only tested in DumpRenderTree on Mac.
+editing/execCommand/show-modal-dialog-during-execCommand.html [ Skip ]
+
</ins><span class="cx"> fast/shadow-dom/touch-event-on-text-assigned-to-slot.html [ Skip ]
</span><span class="cx">
</span><span class="cx"> fast/forms/attributed-strings.html [ Skip ]
</span><span class="lines">@@ -711,6 +714,12 @@
</span><span class="cx"> imported/w3c/web-platform-tests/webrtc/no-media-call.html [ Failure ]
</span><span class="cx"> imported/w3c/web-platform-tests/webrtc/promises-call.html [ Failure ]
</span><span class="cx">
</span><ins>+# Need updating wptserve
+imported/w3c/web-platform-tests/XMLHttpRequest/setrequestheader-content-type.htm [ Skip ]
+imported/w3c/web-platform-tests/XMLHttpRequest/open-url-redirected-worker-origin.htm [ Skip ]
+imported/w3c/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/NavigatorID.html [ Skip ]
+imported/w3c/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/NavigatorID.worker.html [ Skip ]
+
</ins><span class="cx"> # Only iOS WK1 has testRunner.setPagePaused.
</span><span class="cx"> fast/dom/timer-fire-after-page-pause.html [ Skip ]
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (213913 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog        2017-03-14 17:21:17 UTC (rev 213913)
+++ trunk/LayoutTests/imported/w3c/ChangeLog        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -1,3 +1,71 @@
</span><ins>+2017-03-14 Youenn Fablet <youenn@apple.com>
+
+ Import web-platform-tests/cors
+ https://bugs.webkit.org/show_bug.cgi?id=169565
+
+ Reviewed by Sam Weinig.
+
+ * resources/import-expectations.json:
+ * web-platform-tests/cors/304-expected.txt: Added.
+ * web-platform-tests/cors/304.htm: Added.
+ * web-platform-tests/cors/OWNERS: Added.
+ * web-platform-tests/cors/README.md: Added.
+ * web-platform-tests/cors/allow-headers-expected.txt: Added.
+ * web-platform-tests/cors/allow-headers.htm: Added.
+ * web-platform-tests/cors/basic-expected.txt: Added.
+ * web-platform-tests/cors/basic.htm: Added.
+ * web-platform-tests/cors/credentials-flag-expected.txt: Added.
+ * web-platform-tests/cors/credentials-flag.htm: Added.
+ * web-platform-tests/cors/late-upload-events-expected.txt: Added.
+ * web-platform-tests/cors/late-upload-events.htm: Added.
+ * web-platform-tests/cors/origin-expected.txt: Added.
+ * web-platform-tests/cors/origin.htm: Added.
+ * web-platform-tests/cors/preflight-cache-expected.txt: Added.
+ * web-platform-tests/cors/preflight-cache.htm: Added.
+ * web-platform-tests/cors/preflight-failure-expected.txt: Added.
+ * web-platform-tests/cors/preflight-failure.htm: Added.
+ * web-platform-tests/cors/redirect-origin-expected.txt: Added.
+ * web-platform-tests/cors/redirect-origin.htm: Added.
+ * web-platform-tests/cors/redirect-preflight-2-expected.txt: Added.
+ * web-platform-tests/cors/redirect-preflight-2.htm: Added.
+ * web-platform-tests/cors/redirect-preflight-expected.txt: Added.
+ * web-platform-tests/cors/redirect-preflight.htm: Added.
+ * web-platform-tests/cors/redirect-userinfo-expected.txt: Added.
+ * web-platform-tests/cors/redirect-userinfo.htm: Added.
+ * web-platform-tests/cors/remote-origin-expected.txt: Added.
+ * web-platform-tests/cors/remote-origin.htm: Added.
+ * web-platform-tests/cors/request-headers-expected.txt: Added.
+ * web-platform-tests/cors/request-headers.htm: Added.
+ * web-platform-tests/cors/resources/304.py: Added.
+ (error):
+ (main):
+ * web-platform-tests/cors/resources/checkandremove.py: Added.
+ (main):
+ * web-platform-tests/cors/resources/cors-cookie.py: Added.
+ (main):
+ * web-platform-tests/cors/resources/cors-headers.asis: Added.
+ * web-platform-tests/cors/resources/cors-makeheader.py: Added.
+ (main):
+ * web-platform-tests/cors/resources/preflight.py: Added.
+ (main):
+ * web-platform-tests/cors/resources/remote-xhrer.html: Added.
+ * web-platform-tests/cors/resources/status.py: Added.
+ (main):
+ * web-platform-tests/cors/resources/w3c-import.log: Added.
+ * web-platform-tests/cors/response-headers-expected.txt: Added.
+ * web-platform-tests/cors/response-headers.htm: Added.
+ * web-platform-tests/cors/simple-requests-expected.txt: Added.
+ * web-platform-tests/cors/simple-requests.htm: Added.
+ * web-platform-tests/cors/status-async-expected.txt: Added.
+ * web-platform-tests/cors/status-async.htm: Added.
+ * web-platform-tests/cors/status-expected.txt: Added.
+ * web-platform-tests/cors/status-preflight-expected.txt: Added.
+ * web-platform-tests/cors/status-preflight.htm: Added.
+ * web-platform-tests/cors/status.htm: Added.
+ * web-platform-tests/cors/support.js: Added.
+ (dirname):
+ * web-platform-tests/cors/w3c-import.log: Added.
+
</ins><span class="cx"> 2017-03-13 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><span class="cx"> Sync web-platform-tests up to revision a5b95cb31914507088a4eda16f7674bbc6f3313f
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cresourcesimportexpectationsjson"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/resources/import-expectations.json (213913 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/resources/import-expectations.json        2017-03-14 17:21:17 UTC (rev 213913)
+++ trunk/LayoutTests/imported/w3c/resources/import-expectations.json        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -106,7 +106,7 @@
</span><span class="cx"> "web-platform-tests/console": "skip",
</span><span class="cx"> "web-platform-tests/content-security-policy": "skip",
</span><span class="cx"> "web-platform-tests/cookies": "skip",
</span><del>- "web-platform-tests/cors": "skip",
</del><ins>+ "web-platform-tests/cors": "import",
</ins><span class="cx"> "web-platform-tests/css-typed-om": "skip",
</span><span class="cx"> "web-platform-tests/css-values": "skip",
</span><span class="cx"> "web-platform-tests/cssom": "skip",
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscors304expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/304.py?id=1&r=%s1489438094491
+CONSOLE MESSAGE: line 27: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/304.py?id=1&r=%s1489438094491 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/304.py?id=3&r=%s1489438094498
+CONSOLE MESSAGE: line 27: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/304.py?id=3&r=%s1489438094498 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/304.py?id=5&r=%s1489438094500
+CONSOLE MESSAGE: line 27: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/304.py?id=5&r=%s1489438094500 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/304.py?id=7&r=%s1489438094501
+CONSOLE MESSAGE: line 27: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/304.py?id=7&r=%s1489438094501 due to access control checks.
+CORS - 304 Responses
+
+
+FAIL A 304 response with no CORS headers inherits from the stored response assert_equals: didn't get successful 1st response; expected "Success" but got ""
+FAIL A 304 can expand Access-Control-Expose-Headers assert_equals: didn't get successful 1st response; expected "Success" but got ""
+FAIL A 304 can contract Access-Control-Expose-Headers assert_equals: didn't get successful 1st response; expected "Success" but got ""
+FAIL A 304 can change Access-Control-Allow-Origin assert_equals: didn't get successful 1st response; expected "Success" but got ""
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscors304htm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/304.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,97 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - 304 Responses</title>
+<meta name=author title="Mark Nottingham" href="mailto:mnot@mnot.net">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>CORS - 304 Responses</h1>
+<div id=log></div>
+<script>
+
+
+/*
+ * 304 Responses
+ */
+
+// A header used to correlate requests and responses
+var state_header = "content-language"
+
+/* Make a request; call ready(client) when done */
+function req(url, id, t, ready) {
+ var client = new XMLHttpRequest()
+ client.open('GET', url, true)
+ client.setRequestHeader(state_header, id)
+ client.send()
+ client.onreadystatechange = function() {
+ if (client.readyState == client.DONE) {
+ t.step(function() {
+ assert_true(client.status != 299, "req " + id + " server says: " + client.responseText)
+ })
+ ready(client)
+ }
+ }
+ return client
+}
+
+/*
+ * Make two requests to test cache behaviour.
+ * The second is made after the first is done and a delay, to make sure it gets into cache.
+ */
+function two_reqs(id1, id2, should_have_same_body, t, done) {
+ var rand = Date.now()
+ var url = CROSSDOMAIN + 'resources/304.py?id=' + id1 + '&r=%s' + rand
+
+ var client1 = req(url, id1, t, function(client1) {
+ t.step(function() {
+ assert_equals(client1.response, "Success", "didn't get successful 1st response;")
+ assert_equals(client1.getResponseHeader(state_header), id1, "1st response didn't come from server;")
+ })
+
+ t.step_timeout(function() {
+ req(url, id2, t, function(client2) {
+ t.step(function() {
+ if (should_have_same_body) {
+ assert_equals(client1.response, client2.response, "response bodies were different;")
+// var res_id2 = client2.getResponseHeader(state_header)
+// assert_not_equals(res_id2, id1, "2nd response doesn't appear to have updated cached headers;")
+// assert_not_equals(res_id2, null, "2nd response didn't expose request identifier;")
+// assert_equals(res_id2, id2, "2nd response is associated with a different request (!);")
+ }
+ done(client1, client2)
+ })
+ t.done()
+ })
+ }, 5000)
+ })
+}
+
+async_test(function(t) {
+ two_reqs('1', '2', true, t, function(client1, client2) {
+ assert_equals(client1.getResponseHeader("A"), null, "'A' header exposed without permission;")
+ })
+}, "A 304 response with no CORS headers inherits from the stored response")
+
+async_test(function(t) {
+ two_reqs('3', '4', true, t, function(client1, client2) {
+ assert_equals(client2.getResponseHeader("A"), "4", "304 didn't expose 'A' header, even though allowed;")
+ assert_equals(client2.getResponseHeader("B"), "4", "304 didn't expose 'B' header even though allowed;")
+ })
+}, "A 304 can expand Access-Control-Expose-Headers")
+
+async_test(function(t) {
+ two_reqs('5', '6', true, t, function(client1, client2) {
+ assert_equals(client2.getResponseHeader("B"), null, "2nd 304 exposed 'B' header;")
+ })
+}, "A 304 can contract Access-Control-Expose-Headers")
+
+async_test(function(t) {
+ two_reqs('7', '8', false, t, function(client1, client2) {
+ assert_not_equals(client1.response, client2.response, "Access granted even though 304 updated it to disallow;")
+ })
+}, "A 304 can change Access-Control-Allow-Origin")
+
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsOWNERS"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/OWNERS (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/OWNERS         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/OWNERS        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+@zqzhang
+@odinho
+@hillbrad
+@jdm
+@annevk
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsREADMEmd"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/README.md (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/README.md         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/README.md        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+Tests for the [Fetch Standard](https://fetch.spec.whatwg.org/).
+
+These tests are located here as originally the CORS protocol was defined on its own.
+
+More CORS tests can be found in
+
+* /fetch
+* /XMLHttpRequest
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsallowheadersexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,92 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%20*%20%20
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%09*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%20http%3A%2F%2Flocalhost%3A8800%20%20%20%09%20
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%09http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Fwww1.localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=ftp%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3Alocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%3F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%20%2F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%23
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2523
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%3A80
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2C%20*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%00
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=HTTP%3A%2F%2FLOCALHOST%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=HTTP%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=-
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=**
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%00*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%00
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin='*'
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%22*%22
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%20*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*http%3A%2F%2F*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%2C%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%00http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=null%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Fexample.net
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=null
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fallow-headers.htm
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2Fcors%2F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2F
+Access-Control-Allow-Headers handling
+
+
+FAIL Allow origin: * The operation was aborted.
+FAIL Allow origin: _*__ The operation was aborted.
+FAIL Allow origin: [tab]* The operation was aborted.
+FAIL Allow origin: http://localhost:8800 The operation was aborted.
+FAIL Allow origin: _http://localhost:8800 The operation was aborted.
+FAIL Allow origin: _http://localhost:8800___[tab]_ The operation was aborted.
+FAIL Allow origin: [tab]http://localhost:8800 The operation was aborted.
+PASS Disallow origin: http://www1.localhost:8800
+PASS Disallow origin: //localhost:8800
+PASS Disallow origin: ://localhost:8800
+PASS Disallow origin: ftp://localhost:8800
+PASS Disallow origin: http:://localhost:8800
+PASS Disallow origin: http:/localhost:8800
+PASS Disallow origin: http:localhost:8800
+PASS Disallow origin: localhost:8800
+PASS Disallow origin: http://localhost:8800?
+PASS Disallow origin: http://localhost:8800/
+PASS Disallow origin: http://localhost:8800 /
+PASS Disallow origin: http://localhost:8800#
+PASS Disallow origin: http://localhost:8800%23
+PASS Disallow origin: http://localhost:8800:80
+PASS Disallow origin: http://localhost:8800, *
+PASS Disallow origin: http://localhost:8800\0
+PASS Disallow origin: HTTP://LOCALHOST:8800
+PASS Disallow origin: HTTP://localhost:8800
+PASS Disallow origin: -
+PASS Disallow origin: **
+PASS Disallow origin: \0*
+PASS Disallow origin: *\0
+PASS Disallow origin: '*'
+PASS Disallow origin: "*"
+PASS Disallow origin: * *
+PASS Disallow origin: *http://*
+PASS Disallow origin: *http://localhost:8800
+PASS Disallow origin: * http://localhost:8800
+PASS Disallow origin: *, http://localhost:8800
+PASS Disallow origin: \0http://localhost:8800
+PASS Disallow origin: null http://localhost:8800
+PASS Disallow origin: http://example.net
+PASS Disallow origin: null
+PASS Disallow origin:
+PASS Disallow origin: http://localhost:8800/cors/allow-headers.htm
+PASS Disallow origin: http://localhost:8800/cors/
+PASS Disallow origin: http://www1.localhost:8800/cors/
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsallowheadershtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,89 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Access-Control-Allow-Headers handling</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Access-Control-Allow-Headers handling</h1>
+
+<div id=log></div>
+
+<script>
+
+/*
+ * Origin header
+ */
+function shouldPass(origin) {
+ test(function () {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN
+ + '/resources/cors-makeheader.py?origin='
+ + encodeURIComponent(origin),
+ false)
+ client.send()
+ r = JSON.parse(client.response)
+ var host = location.protocol + "//" + location.host
+ assert_equals(r['origin'], host, 'Request Origin: should be ' + host)
+ }, 'Allow origin: ' + origin.replace(/\t/g, "[tab]").replace(/ /g, '_'));
+}
+
+shouldPass('*');
+shouldPass(' * ');
+shouldPass('        *');
+shouldPass(location.protocol + "//" + location.host);
+shouldPass(" "+location.protocol + "//" + location.host);
+shouldPass(" "+location.protocol + "//" + location.host + "          ");
+shouldPass("        "+location.protocol + "//" + location.host);
+
+
+function shouldFail(origin) {
+ test(function () {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN
+ + '/resources/cors-makeheader.py?origin='
+ + encodeURIComponent(origin),
+ false)
+ assert_throws(null, function() { client.send() }, 'send')
+ }, 'Disallow origin: ' + origin.replace('\0', '\\0'));
+}
+
+shouldFail(location.protocol + "//" + SUBDOMAIN + "." + location.host)
+shouldFail("//" + location.host)
+shouldFail("://" + location.host)
+shouldFail("ftp://" + location.host)
+shouldFail("http:://" + location.host)
+shouldFail("http:/" + location.host)
+shouldFail("http:" + location.host)
+shouldFail(location.host)
+shouldFail(location.protocol + "//" + location.host + "?")
+shouldFail(location.protocol + "//" + location.host + "/")
+shouldFail(location.protocol + "//" + location.host + " /")
+shouldFail(location.protocol + "//" + location.host + "#")
+shouldFail(location.protocol + "//" + location.host + "%23")
+shouldFail(location.protocol + "//" + location.host + ":80")
+shouldFail(location.protocol + "//" + location.host + ", *")
+shouldFail(location.protocol + "//" + location.host + "\0")
+shouldFail((location.protocol + "//" + location.host).toUpperCase())
+shouldFail(location.protocol.toUpperCase() + "//" + location.host)
+shouldFail("-")
+shouldFail("**")
+shouldFail("\0*")
+shouldFail("*\0")
+shouldFail("'*'")
+shouldFail('"*"')
+shouldFail("* *")
+shouldFail("*" + location.protocol + "//" + "*")
+shouldFail("*" + location.protocol + "//" + location.host)
+shouldFail("* " + location.protocol + "//" + location.host)
+shouldFail("*, " + location.protocol + "//" + location.host)
+shouldFail("\0" + location.protocol + "//" + location.host)
+shouldFail("null " + location.protocol + "//" + location.host)
+shouldFail('http://example.net')
+shouldFail('null')
+shouldFail('')
+shouldFail(location.href)
+shouldFail(dirname(location.href))
+shouldFail(CROSSDOMAIN)
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsbasicexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?get_value=hest_er_best&origin=none&1
+CONSOLE MESSAGE: line 49: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?get_value=hest_er_best&origin=none&1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8801/cors/resources/cors-makeheader.py?get_value=hest_er_best&origin=none&3
+CONSOLE MESSAGE: line 49: XMLHttpRequest cannot load http://www1.localhost:8801/cors/resources/cors-makeheader.py?get_value=hest_er_best&origin=none&3 due to access control checks.
+Blocked access to external URL https://www1.localhost:9443/cors/resources/cors-makeheader.py?get_value=hest_er_best&origin=none&4
+CONSOLE MESSAGE: line 49: XMLHttpRequest cannot load https://www1.localhost:9443/cors/resources/cors-makeheader.py?get_value=hest_er_best&origin=none&4 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?get_value=hest_er_best&1
+CONSOLE MESSAGE: line 47: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?get_value=hest_er_best&1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8801/cors/resources/cors-makeheader.py?get_value=hest_er_best&3
+CONSOLE MESSAGE: line 47: XMLHttpRequest cannot load http://www1.localhost:8801/cors/resources/cors-makeheader.py?get_value=hest_er_best&3 due to access control checks.
+Blocked access to external URL https://www1.localhost:9443/cors/resources/cors-makeheader.py?get_value=hest_er_best&4
+CONSOLE MESSAGE: line 47: XMLHttpRequest cannot load https://www1.localhost:9443/cors/resources/cors-makeheader.py?get_value=hest_er_best&4 due to access control checks.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8801/cors/resources/cors-makeheader.py?get_value=hest_er_best&origin=none&2 due to access control checks.
+
+PASS Same domain basic usage
+FAIL Cross domain basic usage assert_true: Got CORS-allowed response expected true got false
+PASS Same domain different port
+FAIL Cross domain different port assert_true: Got CORS-allowed response expected true got false
+FAIL Cross domain different protocol assert_true: Got CORS-allowed response expected true got false
+FAIL Same domain different protocol different port assert_true: Got CORS-allowed response expected true got false
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsbasichtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/basic.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,63 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Basic CORS</title>
+<link rel=help href=https://fetch.spec.whatwg.org/>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+<div id=log></div>
+
+<script>
+
+var counter = 0;
+
+function cors(desc, scheme, subdomain, port) {
+ if (!scheme) {
+ var url = "";
+ } else {
+ if (!port) {
+ port = location.port;
+ }
+ var url = scheme + "://" + (subdomain ? subdomain + "." : "") + location.hostname + ":" + port + dirname(location.pathname)
+ }
+ async_test(desc).step(function() {
+ var client = new XMLHttpRequest();
+ this.count = counter++;
+
+ client.open("GET", url + "resources/cors-makeheader.py?get_value=hest_er_best&origin=none&" + this.count);
+
+ client.onreadystatechange = this.step_func(function(e) {
+ // First request, test that it fails with no origin
+ if (client.readyState < 4) return;
+ if (!url)
+ assert_true(client.response.indexOf("hest_er_best") != -1, "Got response");
+ else
+ assert_false(!!client.response, "Got CORS-disallowed response");
+
+ client = new XMLHttpRequest();
+ client.open("GET", url + "resources/cors-makeheader.py?get_value=hest_er_best&" + this.count);
+ client.onreadystatechange = this.step_func(function(e) {
+ // Second request, test that it passes with the allowed-origin
+ if (client.readyState < 4) return;
+ assert_true(client.response.indexOf("hest_er_best") != -1, "Got CORS-allowed response");
+ this.done();
+ });
+ client.send();
+ });
+ client.send();
+ });
+}
+
+cors("Same domain basic usage");
+cors("Cross domain basic usage", "http", "www1");
+cors("Same domain different port", "http", undefined, PORT);
+
+cors("Cross domain different port", "http", "www1", PORT);
+
+cors("Cross domain different protocol", "https", "www1", PORTS);
+
+cors("Same domain different protocol different port", "https", undefined, PORTS);
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorscredentialsflagexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,34 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-cookie.py?ident=1489438094875_1
+CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-cookie.py?ident=1489438094875_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-cookie.py?ident=1489438094877_2
+CONSOLE MESSAGE: line 70: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-cookie.py?ident=1489438094877_2 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-cookie.py?ident=1489438094879_3
+CONSOLE MESSAGE: line 100: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-cookie.py?ident=1489438094879_3 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=TRUE
+CONSOLE MESSAGE: line 118: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=TRUE due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=True
+CONSOLE MESSAGE: line 118: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=True due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=%22true%22
+CONSOLE MESSAGE: line 118: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=%22true%22 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=false
+CONSOLE MESSAGE: line 118: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=false due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=1
+CONSOLE MESSAGE: line 118: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=0
+CONSOLE MESSAGE: line 118: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?credentials=0 due to access control checks.
+CORS - Access-Control-Allow-Credentials
+
+
+Harness Error (TIMEOUT), message = null
+
+PASS Setting withCredentials on a sync XHR object should not throw
+TIMEOUT Don't send cookie by default Test timed out
+TIMEOUT Don't send cookie part 2 Test timed out
+TIMEOUT Don't obey Set-Cookie when withCredentials=false Test timed out
+PASS Access-Control-Allow-Credentials: TRUE should be disallowed (async)
+PASS Access-Control-Allow-Credentials: True should be disallowed (async)
+PASS Access-Control-Allow-Credentials: "true" should be disallowed (async)
+PASS Access-Control-Allow-Credentials: false should be disallowed (async)
+PASS Access-Control-Allow-Credentials: 1 should be disallowed (async)
+PASS Access-Control-Allow-Credentials: 0 should be disallowed (async)
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorscredentialsflaghtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,129 @@
</span><ins>+<!DOCTYPE html>
+<title>CORS - Access-Control-Allow-Credentials</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>CORS - Access-Control-Allow-Credentials</h1>
+<div id=log></div>
+<script>
+
+var url = CROSSDOMAIN + 'resources/cors-cookie.py?ident='
+
+
+/*
+ * widthCredentials
+ */
+// XXX Do some https tests here as well
+
+test(function () {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN, false)
+ client.withCredentials = true;
+}, 'Setting withCredentials on a sync XHR object should not throw')
+
+async_test(function () {
+ var id = new Date().getTime() + '_1',
+ client = new XMLHttpRequest()
+ client.open("GET", url + id, true)
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "NO_COOKIE")
+ client.open("GET", url + id, true)
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "NO_COOKIE")
+ this.done()
+ })
+ client.send(null)
+ })
+ client.send(null)
+
+}, "Don't send cookie by default");
+
+async_test(function () {
+ var id = new Date().getTime() + '_2',
+ client = new XMLHttpRequest()
+
+ client.open("GET", url + id, true)
+ client.withCredentials = true
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "NO_COOKIE", "No cookie in initial request");
+
+ /* We have cookie, but the browser shouldn't send */
+ client.open("GET", url + id, true)
+ client.withCredentials = false
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "NO_COOKIE", "No cookie after withCredentials=false sync request")
+
+ /* Reads and deletes the cookie */
+ client.open("GET", url + id, true)
+ client.withCredentials = true
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "COOKIE", "Cookie sent in withCredentials=true sync request")
+ this.done()
+ })
+ client.send(null)
+ })
+ client.send(null)
+ })
+ client.send(null)
+}, "Don't send cookie part 2");
+
+async_test(function () {
+ var id = new Date().getTime() + '_3',
+ client = new XMLHttpRequest()
+
+ /* Shouldn't set the response cookie */
+ client.open("GET", url + id, true)
+ client.withCredentials = false
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "NO_COOKIE", "first");
+
+ /* Sets the cookie */
+ client.open("GET", url + id, true)
+ client.withCredentials = true
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "NO_COOKIE", "second")
+
+ /* Reads and deletes the cookie */
+ client.open("GET", url + id, true)
+ client.withCredentials = true
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "COOKIE", "third")
+ this.done()
+ })
+ client.send(null)
+ })
+ client.send(null)
+ })
+ client.send(null)
+}, "Don't obey Set-Cookie when withCredentials=false");
+
+function test_response_header(allow) {
+ var resp_test = async_test('Access-Control-Allow-Credentials: ' + allow + ' should be disallowed (async)')
+ resp_test.step(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET',
+ CROSSDOMAIN + 'resources/cors-makeheader.py?credentials=' + allow,
+ true)
+ client.withCredentials = true;
+ client.onload = resp_test.step_func(function() {
+ assert_unreached("onload")
+ })
+ client.onerror = resp_test.step_func(function () {
+ assert_equals(client.readyState, client.DONE, 'readyState')
+ resp_test.done()
+ })
+ client.send()
+ })
+}
+
+test_response_header('TRUE')
+test_response_header('True')
+test_response_header('"true"')
+test_response_header('false')
+test_response_header('1')
+test_response_header('0')
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorslateuploadeventsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?headers=custom-header
+CONSOLE MESSAGE: line 30: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks.
+Adding upload event listeners after send()
+
+
+FAIL Late listeners: No preflight assert_equals: expected 200 but got 0
+FAIL Late listeners: Preflight assert_equals: expected 200 but got 0
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorslateuploadeventshtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,40 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Adding upload event listeners after send()</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Adding upload event listeners after send()</h1>
+
+<div id=log></div>
+
+<script>
+function doTest(desc, headers) {
+ async_test("Late listeners: " + desc).step(function() {
+ var client = new XMLHttpRequest();
+ var eventCounter = 0;
+ client.open("POST", CROSSDOMAIN + "resources/status.py?headers=custom-header");
+
+ for (var name in headers) {
+ client.setRequestHeader(name, headers[name]);
+ }
+
+ client.onreadystatechange = this.step_func(function(e) {
+ // Irrelevant if request is not finished
+ if (client.readyState < 4) return;
+ assert_equals(client.status, 200);
+ assert_equals(eventCounter, 0, 'Events fired, but should not have');
+ this.done();
+ });
+ client.send((new Array(3000)).join('xo'));
+ client.upload.onprogress = client.upload.onloadend = client.upload.onloadstart = client.upload.onload = this.step_func(function(e) {
+ eventCounter++;
+ assert_unreached("Upload events should not fire, but did: " + e.type);
+ });
+ });
+}
+
+doTest("No preflight", {});
+doTest("Preflight", {"custom-header":"test"});
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,120 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%20*%20%20
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%09*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%20http%3A%2F%2Flocalhost%3A8800%20%20%20%09%20
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%09http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Fwww1.localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=ftp%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3Alocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%3F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%20%2F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%23
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2523
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%3A80
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2C%20*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%00
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=HTTP%3A%2F%2FLOCALHOST%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=HTTP%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=-
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=**
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%00*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%00
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin='*'
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%22*%22
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%20*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%20null
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*http%3A%2F%2F*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*%2C%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=%00http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=null%20http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Fexample.net
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=null
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=null%20*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Forigin.htm
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800%2Fcors%2F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2F
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=.localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*.localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2F.localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2F*.localhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=&origin2=*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*&origin2=
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*&origin2=*
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=&origin2=http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=*&origin2=http%3A%2F%2Flocalhost%3A8800
+Blocked access to external URL http://www1.localhost:8800/cors//resources/cors-makeheader.py?origin=http%3A%2F%2Flocalhost%3A8800&origin2=http%3A%2F%2Flocalhost%3A8800
+Access-Control-Allow-Origin handling
+
+
+FAIL Allow origin: * The operation was aborted.
+FAIL Allow origin: _*__ The operation was aborted.
+FAIL Allow origin: [tab]* The operation was aborted.
+FAIL Allow origin: http://localhost:8800 The operation was aborted.
+FAIL Allow origin: _http://localhost:8800 The operation was aborted.
+FAIL Allow origin: _http://localhost:8800___[tab]_ The operation was aborted.
+FAIL Allow origin: [tab]http://localhost:8800 The operation was aborted.
+PASS Disallow origin: http://www1.localhost:8800
+PASS Disallow origin: //localhost:8800
+PASS Disallow origin: ://localhost:8800
+PASS Disallow origin: ftp://localhost:8800
+PASS Disallow origin: http:://localhost:8800
+PASS Disallow origin: http:/localhost:8800
+PASS Disallow origin: http:localhost:8800
+PASS Disallow origin: localhost:8800
+PASS Disallow origin: http://localhost:8800?
+PASS Disallow origin: http://localhost:8800/
+PASS Disallow origin: http://localhost:8800 /
+PASS Disallow origin: http://localhost:8800#
+PASS Disallow origin: http://localhost:8800%23
+PASS Disallow origin: http://localhost:8800:80
+PASS Disallow origin: http://localhost:8800, *
+PASS Disallow origin: http://localhost:8800\0
+PASS Disallow origin: HTTP://LOCALHOST:8800
+PASS Disallow origin: HTTP://localhost:8800
+PASS Disallow origin: -
+PASS Disallow origin: **
+PASS Disallow origin: \0*
+PASS Disallow origin: *\0
+PASS Disallow origin: '*'
+PASS Disallow origin: "*"
+PASS Disallow origin: * *
+PASS Disallow origin: * null
+PASS Disallow origin: *http://*
+PASS Disallow origin: *http://localhost:8800
+PASS Disallow origin: * http://localhost:8800
+PASS Disallow origin: *, http://localhost:8800
+PASS Disallow origin: \0http://localhost:8800
+PASS Disallow origin: null http://localhost:8800
+PASS Disallow origin: http://example.net
+PASS Disallow origin: null
+PASS Disallow origin: null *
+PASS Disallow origin:
+PASS Disallow origin: http://localhost:8800/cors/origin.htm
+PASS Disallow origin: http://localhost:8800/cors/
+PASS Disallow origin: http://www1.localhost:8800/cors/
+PASS Disallow origin: localhost:8800
+PASS Disallow origin: .localhost:8800
+PASS Disallow origin: *.localhost:8800
+PASS Disallow origin: http://localhost:8800
+PASS Disallow origin: http://.localhost:8800
+PASS Disallow origin: http://*.localhost:8800
+PASS Disallow multiple headers (, *)
+PASS Disallow multiple headers (*, )
+PASS Disallow multiple headers (*, *)
+PASS Disallow multiple headers (, http://localhost:8800)
+PASS Disallow multiple headers (*, http://localhost:8800)
+PASS Disallow multiple headers (http://localhost:8800, http://localhost:8800)
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsoriginhtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/origin.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,119 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Access-Control-Allow-Origin handling</title>
+<link rel=help href=https://fetch.spec.whatwg.org/>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Access-Control-Allow-Origin handling</h1>
+
+<div id=log></div>
+
+<script>
+
+/*
+ * Origin header
+ */
+function shouldPass(origin) {
+ test(function () {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN
+ + '/resources/cors-makeheader.py?origin='
+ + encodeURIComponent(origin),
+ false)
+ client.send()
+ r = JSON.parse(client.response)
+ var host = location.protocol + "//" + location.host
+ assert_equals(r['origin'], host, 'Request Origin: should be ' + host)
+ }, 'Allow origin: ' + origin.replace(/\t/g, "[tab]").replace(/ /g, '_'));
+}
+
+shouldPass('*');
+shouldPass(' * ');
+shouldPass('        *');
+shouldPass(location.protocol + "//" + location.host);
+shouldPass(" "+location.protocol + "//" + location.host);
+shouldPass(" "+location.protocol + "//" + location.host + "          ");
+shouldPass("        "+location.protocol + "//" + location.host);
+
+
+function shouldFail(origin) {
+ test(function () {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN
+ + '/resources/cors-makeheader.py?origin='
+ + encodeURIComponent(origin),
+ false)
+ assert_throws(null, function() { client.send() }, 'send')
+ }, 'Disallow origin: ' + origin.replace(/\0/g, "\\0"));
+}
+
+shouldFail(location.protocol + "//" + SUBDOMAIN + "." + location.host)
+shouldFail("//" + location.host)
+shouldFail("://" + location.host)
+shouldFail("ftp://" + location.host)
+shouldFail("http:://" + location.host)
+shouldFail("http:/" + location.host)
+shouldFail("http:" + location.host)
+shouldFail(location.host)
+shouldFail(location.protocol + "//" + location.host + "?")
+shouldFail(location.protocol + "//" + location.host + "/")
+shouldFail(location.protocol + "//" + location.host + " /")
+shouldFail(location.protocol + "//" + location.host + "#")
+shouldFail(location.protocol + "//" + location.host + "%23")
+shouldFail(location.protocol + "//" + location.host + ":80")
+shouldFail(location.protocol + "//" + location.host + ", *")
+shouldFail(location.protocol + "//" + location.host + "\0")
+shouldFail((location.protocol + "//" + location.host).toUpperCase())
+shouldFail(location.protocol.toUpperCase() + "//" + location.host)
+shouldFail("-")
+shouldFail("**")
+shouldFail("\0*")
+shouldFail("*\0")
+shouldFail("'*'")
+shouldFail('"*"')
+shouldFail("* *")
+shouldFail("* null")
+shouldFail("*" + location.protocol + "//" + "*")
+shouldFail("*" + location.protocol + "//" + location.host)
+shouldFail("* " + location.protocol + "//" + location.host)
+shouldFail("*, " + location.protocol + "//" + location.host)
+shouldFail("\0" + location.protocol + "//" + location.host)
+shouldFail("null " + location.protocol + "//" + location.host)
+shouldFail('http://example.net')
+shouldFail('null')
+shouldFail('null *')
+shouldFail('')
+shouldFail(location.href)
+shouldFail(dirname(location.href))
+shouldFail(CROSSDOMAIN)
+shouldFail(location.host.replace(/^[^\.]+\./, ""))
+shouldFail("." + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("*." + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("http://" + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("http://." + location.host.replace(/^[^\.]+\./, ""))
+shouldFail("http://*." + location.host.replace(/^[^\.]+\./, ""))
+
+function doubleOrigin(origin, origin2) {
+ test(function () {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN
+ + '/resources/cors-makeheader.py?origin='
+ + encodeURIComponent(origin)
+ + '&origin2=' + encodeURIComponent(origin2),
+ false)
+ assert_throws(null, function() { client.send() }, 'send')
+ }, 'Disallow multiple headers (' + origin + ', ' + origin2 + ')');
+}
+
+doubleOrigin('', '*');
+doubleOrigin('*', '');
+doubleOrigin('*', '*');
+doubleOrigin('', location.protocol + "//" + location.host);
+doubleOrigin('*', location.protocol + "//" + location.host);
+doubleOrigin(location.protocol + "//" + location.host, location.protocol + "//" + location.host);
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorspreflightcacheexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=7ec9a471-9f36-47f4-8d2b-82be1a6ebd87
+CONSOLE MESSAGE: line 34: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/preflight.py?token=7ec9a471-9f36-47f4-8d2b-82be1a6ebd87 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=7875264a-b4e7-4ff5-b722-9d47a7b65d3d
+CONSOLE MESSAGE: line 34: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/preflight.py?token=7875264a-b4e7-4ff5-b722-9d47a7b65d3d due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=a1b8f4df-357b-4bc2-9167-f8e4b4acdc12&max_age=0
+CONSOLE MESSAGE: line 34: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/preflight.py?token=a1b8f4df-357b-4bc2-9167-f8e4b4acdc12&max_age=0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=0328e3a7-7b6e-41d4-9ad3-7229edf8fae2&max_age=-1
+CONSOLE MESSAGE: line 34: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/preflight.py?token=0328e3a7-7b6e-41d4-9ad3-7229edf8fae2&max_age=-1 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/preflight.py?max_age=1&token=e9729b23-4089-4d28-8cee-6a3c547664ca due to access control checks.
+Preflight cache
+
+
+FAIL Test preflight A network error occurred.
+FAIL preflight for x-print should be cached A network error occurred.
+FAIL age = 0, should not be cached A network error occurred.
+FAIL age = -1, should not be cached A network error occurred.
+FAIL preflight first request, second from cache, wait, third should preflight again assert_unreached: Got unexpected error event on the XHR object Reached unreachable code
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorspreflightcachehtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,140 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - preflight cache</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/common/utils.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Preflight cache</h1>
+
+<div id=log></div>
+<script>
+
+/*
+ * Cache
+ */
+
+function did_preflight(expect, client, settings) {
+ var uuid_token = (settings && settings.token) || token();
+ if(!settings)
+ settings = {}
+
+ set = {
+ method: 'method' in settings ? settings.method : 'GET',
+ extra: 'extra' in settings ? '&' + settings.extra : ''
+ }
+
+ client.open(set.method,
+ CROSSDOMAIN + 'resources/preflight.py?token=' + uuid_token + set.extra,
+ false)
+ client.setRequestHeader('x-print', uuid_token)
+ client.send()
+
+ client.open('GET', 'resources/preflight.py?check&token=' + uuid_token, false)
+ client.send()
+ assert_equals(client.response, expect === true ? '1' : '0', "did preflight")
+ return uuid_token;
+}
+
+/*
+ * Should run preflight
+ */
+
+test(function() {
+ var time = new Date().getTime()
+ var client = new XMLHttpRequest()
+ did_preflight(true, client);
+},
+'Test preflight')
+
+test(function() {
+ var time = new Date().getTime()
+ var client = new XMLHttpRequest()
+
+ var id = did_preflight(true, client)
+ did_preflight(false, client, {token: id})
+},
+'preflight for x-print should be cached')
+
+test(function() {
+ var time = new Date().getTime()
+ var client = new XMLHttpRequest()
+
+ var id = did_preflight(true, client, {extra:'max_age=0'})
+ did_preflight(true, client, {extra:'max_age=0', token: id})
+},
+'age = 0, should not be cached')
+
+test(function() {
+ var time = new Date().getTime()
+ var client = new XMLHttpRequest()
+
+ var id = did_preflight(true, client, {extra:'max_age=-1'})
+ did_preflight(true, client, {extra:'max_age=-1', token: id})
+},
+'age = -1, should not be cached');
+
+(function() {
+ var test = async_test("preflight first request, second from cache, wait, third should preflight again", { timeout: 6000 }),
+ time = new Date().getTime(),
+ dothing = function (url, msg, set_request, func) {
+ client = new XMLHttpRequest(),
+ client.open('GET', url, true)
+ if (set_request)
+ client.setRequestHeader('x-print', msg)
+ client.onload = test.step_func(function() {
+ assert_equals(client.response, msg, "response " + url)
+ if (func)
+ test.step(func)
+ })
+ client.onerror = test.step_func(function(e) {
+ assert_unreached("Got unexpected error event on the XHR object")
+ })
+ client.send()
+ }
+
+ var token1 = token();
+ test.step(function() {
+ /* First cycle, gets x-print into the cache, with timeout 1 */
+ var request_url = CROSSDOMAIN + 'resources/preflight.py?max_age=1&token=' + token1;
+ dothing(request_url,
+ 'first', true, function() {
+ test = test;
+
+ /* Check if we did a preflight like we expected */
+ dothing('resources/preflight.py?check&1&token=' + token1,
+ '1', false, function() {
+ test = test;
+ dothing(request_url,
+ 'second', true, function() {
+ test = test;
+
+ /* Check that we didn't do a preflight (hasn't gone 1 second yet) */
+ dothing('resources/preflight.py?check&2&token=' + token1,
+ '0', false, function() {
+ test = test;
+
+ /* Wait until the preflight cache age is old (and thus cleared) */
+ test.step_timeout(() => {
+ dothing(request_url,
+ 'third', true, function() {
+ test = test;
+
+ /* Expect that we did indeed do a preflight */
+ dothing('resources/preflight.py?check&3&token=' + token1,
+ '1', false, function() {
+ test.done()
+ })
+ })
+ }, 1500)
+ })
+ })
+ })
+ })
+ })
+})();
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorspreflightfailureexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,74 @@
</span><ins>+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%260&code=100&preflight=100&1 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%262&code=101&preflight=101&3 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%264&code=300&preflight=300&5 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%266&code=301&preflight=301&7 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%268&code=302&preflight=302&9 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2610&code=303&preflight=303&11 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2612&code=304&preflight=304&13 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2614&code=305&preflight=305&15 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2616&code=306&preflight=306&17 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2618&code=307&preflight=307&19 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2620&code=308&preflight=308&21 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2622&code=400&preflight=400&23 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2624&code=401&preflight=401&25 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2626&code=402&preflight=402&27 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2628&code=403&preflight=403&29 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2630&code=404&preflight=404&31 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2632&code=405&preflight=405&33 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2634&code=406&preflight=406&35 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2636&code=407&preflight=407&37 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2638&code=408&preflight=408&39 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2640&code=409&preflight=409&41 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2642&code=410&preflight=410&43 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2644&code=411&preflight=411&45 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2646&code=412&preflight=412&47 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2648&code=413&preflight=413&49 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2650&code=414&preflight=414&51 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2652&code=415&preflight=415&53 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2654&code=416&preflight=416&55 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2656&code=417&preflight=417&57 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2658&code=500&preflight=500&59 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2660&code=501&preflight=501&61 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2662&code=502&preflight=502&63 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2664&code=503&preflight=503&65 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2666&code=504&preflight=504&67 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%2668&code=505&preflight=505&69 due to access control checks.
+Preflight responds with non-2XX status code
+
+
+PASS Should throw error if preflight respond with 100
+PASS Should throw error if preflight respond with 101
+PASS Should throw error if preflight respond with 300
+PASS Should throw error if preflight respond with 301
+PASS Should throw error if preflight respond with 302
+PASS Should throw error if preflight respond with 303
+PASS Should throw error if preflight respond with 304
+PASS Should throw error if preflight respond with 305
+PASS Should throw error if preflight respond with 306
+PASS Should throw error if preflight respond with 307
+PASS Should throw error if preflight respond with 308
+PASS Should throw error if preflight respond with 400
+PASS Should throw error if preflight respond with 401
+PASS Should throw error if preflight respond with 402
+PASS Should throw error if preflight respond with 403
+PASS Should throw error if preflight respond with 404
+PASS Should throw error if preflight respond with 405
+PASS Should throw error if preflight respond with 406
+PASS Should throw error if preflight respond with 407
+PASS Should throw error if preflight respond with 408
+PASS Should throw error if preflight respond with 409
+PASS Should throw error if preflight respond with 410
+PASS Should throw error if preflight respond with 411
+PASS Should throw error if preflight respond with 412
+PASS Should throw error if preflight respond with 413
+PASS Should throw error if preflight respond with 414
+PASS Should throw error if preflight respond with 415
+PASS Should throw error if preflight respond with 416
+PASS Should throw error if preflight respond with 417
+PASS Should throw error if preflight respond with 500
+PASS Should throw error if preflight respond with 501
+PASS Should throw error if preflight respond with 502
+PASS Should throw error if preflight respond with 503
+PASS Should throw error if preflight respond with 504
+PASS Should throw error if preflight respond with 505
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorspreflightfailurehtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,54 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - Preflight responds with non-2XX status code</title>
+<meta name=author title="Fernando Jiménez Moreno" href="mailto:ferjmoreno@gmail.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Preflight responds with non-2XX status code</h1>
+
+<div id=log></div>
+<script>
+
+// Request count for cache busting and easy identifying of request in traffic
+// analyzer.
+var req_c = 0;
+
+var CROSSDOMAIN_URL = CROSSDOMAIN + 'resources/cors-makeheader.py?';
+
+/*
+ * Redirection with preflights.
+ */
+function preflight_failure(code) {
+ var desc = 'Should throw error if preflight respond with ' + code;
+ async_test(desc).step(function() {
+ var client = new XMLHttpRequest();
+ var redirect =
+ encodeURIComponent(CROSSDOMAIN_URL + 'headers=x-test&' + req_c++);
+
+ client.open('GET',
+ CROSSDOMAIN_URL + 'headers=x-test&location=' + redirect
+ + '&code=' + code + '&preflight=' + code
+ + '&' + req_c++,
+ true /* async */);
+ client.setRequestHeader('x-test', 'test');
+ client.onerror = this.step_func(function() {
+ this.done();
+ });
+ client.onreadystatechange = this.step_func(function() {
+ assert_equals(client.status, 0);
+ });
+ client.onload = this.step_func(function() {
+ assert_unreached('Unexpected onload');
+ });
+ client.send(null);
+ });
+}
+[100, 101,
+ 300, 301, 302, 303, 304, 305, 306, 307, 308,
+ 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417,
+ 500, 501, 502, 503, 504, 505].forEach(preflight_failure);
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,133 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2610_1&10_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2610_1&10_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2611_1&11_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2611_1&11_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2612_1&12_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2612_1&12_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2613_1&13_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2613_1&13_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2614_1&14_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2614_1&14_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2615_1&15_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2615_1&15_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2616_1&16_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2616_1&16_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2617_1&17_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2617_1&17_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2618_1&18_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2618_1&18_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2619_1&19_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&location=http%3A%2F%2Flocalhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2619_1&19_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2620_1&20_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2620_1&20_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2621_1&21_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2621_1&21_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2622_1&22_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2622_1&22_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2623_1&23_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2623_1&23_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2624_1&24_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2624_1&24_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2625_1&25_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2625_1&25_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2626_1&26_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2626_1&26_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2627_1&27_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2627_1&27_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2628_1&28_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2628_1&28_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2629_1&29_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2629_1&29_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2630_1&30_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2630_1&30_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2631_1&31_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2631_1&31_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2632_1&32_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2632_1&32_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2633_1&33_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2633_1&33_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2634_1&34_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2634_1&34_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2635_1&35_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Flocalhost%3A8800%26get_value%3Dlast%2635_1&35_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2636_1&36_0
+CONSOLE MESSAGE: line 144: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnull%26get_value%3Dlast%2636_1&36_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2637_1&37_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dnone%26get_value%3Dlast%2637_1&37_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2638_1&38_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2638_1&38_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2639_1&39_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2639_1&39_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Fwww1.localhost%3A8800%26get_value%3Dlast%2640_1&40_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Fwww1.localhost%3A8800%26get_value%3Dlast%2640_1&40_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Fwww1.localhost%3A8800%26get_value%3Dlast%2641_1&41_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&location=http%3A%2F%2Fwww2.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3Dhttp%3A%2F%2Fwww1.localhost%3A8800%26get_value%3Dlast%2641_1&41_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://www1.localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2642_1&42_0
+CONSOLE MESSAGE: line 168: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://www1.localhost:8800&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Forigin%3D*%26get_value%3Dlast%2642_1&42_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&0_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&0_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&get_value=last&1_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&get_value=last&1_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&get_value=last&2_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&get_value=last&2_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&get_value=last&3_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&get_value=last&3_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&4_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&4_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&get_value=last&6_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=null&get_value=last&6_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&get_value=last&5_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=http://localhost:8800&get_value=last&5_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&8_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&8_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&9_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&get_value=last&9_1 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&get_value=last&7_1
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=none&get_value=last&7_1 due to access control checks.
+CORS redirect handling
+
+
+FAIL local (*) to remote (*), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+FAIL local (*) to remote (http://localhost:8800), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+PASS local (*) to remote (null), expect to fail
+PASS local (*) to remote (none), expect to fail
+FAIL local (http://localhost:8800) to remote (*), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+FAIL local (http://localhost:8800) to remote (http://localhost:8800), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+PASS local (http://localhost:8800) to remote (null), expect to fail
+PASS local (http://localhost:8800) to remote (none), expect to fail
+FAIL local (null) to remote (*), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+FAIL local (none) to remote (*), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+FAIL remote (*) to local (*), expect origin=null assert_true: Got response expected true got false
+PASS remote (*) to local (http://localhost:8800), expect to fail
+FAIL remote (*) to local (null), expect origin=null assert_true: Got response expected true got false
+PASS remote (*) to local (none), expect to fail
+FAIL remote (http://localhost:8800) to local (*), expect origin=null assert_true: Got response expected true got false
+PASS remote (http://localhost:8800) to local (http://localhost:8800), expect to fail
+FAIL remote (http://localhost:8800) to local (null), expect origin=null assert_true: Got response expected true got false
+PASS remote (http://localhost:8800) to local (none), expect to fail
+PASS remote (null) to local (*), expect to fail
+PASS remote (none) to local (*), expect to fail
+FAIL remote (*) to remote (*), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+FAIL remote (*) to remote (http://localhost:8800), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+PASS remote (*) to remote (null), expect to fail
+PASS remote (*) to remote (none), expect to fail
+FAIL remote (http://localhost:8800) to remote (*), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+FAIL remote (http://localhost:8800) to remote (http://localhost:8800), expect origin=http://localhost:8800 assert_true: Got response expected true got false
+PASS remote (http://localhost:8800) to remote (null), expect to fail
+PASS remote (http://localhost:8800) to remote (none), expect to fail
+PASS remote (null) to remote (*), expect to fail
+PASS remote (none) to remote (*), expect to fail
+FAIL remote (*) to remote2 (*), expect origin=null assert_true: Got response expected true got false
+PASS remote (*) to remote2 (http://localhost:8800), expect to fail
+FAIL remote (*) to remote2 (null), expect origin=null assert_true: Got response expected true got false
+PASS remote (*) to remote2 (none), expect to fail
+FAIL remote (http://localhost:8800) to remote2 (*), expect origin=null assert_true: Got response expected true got false
+PASS remote (http://localhost:8800) to remote2 (http://localhost:8800), expect to fail
+FAIL remote (http://localhost:8800) to remote2 (null), expect origin=null assert_true: Got response expected true got false
+PASS remote (http://localhost:8800) to remote2 (none), expect to fail
+PASS remote (null) to remote2 (*), expect to fail
+PASS remote (none) to remote2 (*), expect to fail
+PASS remote (*) to remote (http://www1.localhost:8800), expect to fail
+PASS remote (*) to remote2 (http://www1.localhost:8800), expect to fail
+PASS remote (http://www1.localhost:8800) to remote (*), expect to fail
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectoriginhtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,195 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - redirect</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>CORS redirect handling</h1>
+
+<div id=log></div>
+
+<script>
+
+ // Test count for cache busting and easy identifying of request in traffic analyzer
+ var num_test = 0,
+
+ origin = location.protocol + "//" + location.host,
+ remote_origin = origin.replace('://', '://' + SUBDOMAIN + '.'),
+
+ local = dirname(location.href) + 'resources/cors-makeheader.py',
+ remote = local.replace('://', '://' + SUBDOMAIN + '.'),
+ remote2 = local.replace('://', '://' + SUBDOMAIN2 + '.');
+
+
+ /* First page Redirect to Expect what */
+
+ // local -> remote
+
+ redir_test([ 'local', '*' ], [ 'remote', '*' ], origin );
+ redir_test([ 'local', '*' ], [ 'remote', origin ], origin );
+ redir_test([ 'local', '*' ], [ 'remote', 'null' ], 'disallow');
+ redir_test([ 'local', '*' ], [ 'remote', 'none' ], 'disallow');
+
+ redir_test([ 'local', origin ], [ 'remote', '*' ], origin );
+ redir_test([ 'local', origin ], [ 'remote', origin ], origin );
+ redir_test([ 'local', origin ], [ 'remote', 'null' ], 'disallow');
+ redir_test([ 'local', origin ], [ 'remote', 'none' ], 'disallow');
+
+ redir_test([ 'local', 'null' ], [ 'remote', '*' ], origin );
+ redir_test([ 'local', 'none' ], [ 'remote', '*' ], origin );
+
+
+ // remote -> local
+
+ redir_test([ 'remote', '*' ], [ 'local', '*' ], 'null' );
+ redir_test([ 'remote', '*' ], [ 'local', origin ], 'disallow');
+ redir_test([ 'remote', '*' ], [ 'local', 'null' ], 'null' );
+ redir_test([ 'remote', '*' ], [ 'local', 'none' ], 'disallow');
+
+ redir_test([ 'remote', origin ], [ 'local', '*' ], 'null' );
+ redir_test([ 'remote', origin ], [ 'local', origin ], 'disallow');
+ redir_test([ 'remote', origin ], [ 'local', 'null' ], 'null' );
+ redir_test([ 'remote', origin ], [ 'local', 'none' ], 'disallow');
+
+ redir_test([ 'remote', 'null' ], [ 'local', '*' ], 'disallow');
+ redir_test([ 'remote', 'none' ], [ 'local', '*' ], 'disallow');
+
+
+ // remote -> remote
+
+ redir_test([ 'remote', '*' ], [ 'remote', '*' ], origin );
+ redir_test([ 'remote', '*' ], [ 'remote', origin ], origin );
+ redir_test([ 'remote', '*' ], [ 'remote', 'null' ], 'disallow');
+ redir_test([ 'remote', '*' ], [ 'remote', 'none' ], 'disallow');
+
+ redir_test([ 'remote', origin ], [ 'remote', '*' ], origin );
+ redir_test([ 'remote', origin ], [ 'remote', origin ], origin );
+ redir_test([ 'remote', origin ], [ 'remote', 'null' ], 'disallow');
+ redir_test([ 'remote', origin ], [ 'remote', 'none' ], 'disallow');
+
+ redir_test([ 'remote', 'null' ], [ 'remote', '*' ], 'disallow');
+ redir_test([ 'remote', 'none' ], [ 'remote', '*' ], 'disallow');
+
+
+ // remote -> remote2
+
+ redir_test([ 'remote', '*' ], [ 'remote2', '*' ], 'null' );
+ redir_test([ 'remote', '*' ], [ 'remote2', origin ], 'disallow');
+ redir_test([ 'remote', '*' ], [ 'remote2', 'null' ], 'null' );
+ redir_test([ 'remote', '*' ], [ 'remote2', 'none' ], 'disallow');
+
+ redir_test([ 'remote', origin ], [ 'remote2', '*' ], 'null' );
+ redir_test([ 'remote', origin ], [ 'remote2', origin ], 'disallow');
+ redir_test([ 'remote', origin ], [ 'remote2', 'null' ], 'null');
+ redir_test([ 'remote', origin ], [ 'remote2', 'none' ], 'disallow');
+
+ redir_test([ 'remote', 'null' ], [ 'remote2', '*' ], 'disallow');
+ redir_test([ 'remote', 'none' ], [ 'remote2', '*' ], 'disallow');
+
+
+ // Bonus weird edge checks
+
+ redir_test([ 'remote', '*' ], [ 'remote', remote_origin ], 'disallow');
+ redir_test([ 'remote', '*' ], [ 'remote2', remote_origin ], 'disallow');
+ redir_test([ 'remote', remote_origin ], [ 'remote', "*" ], 'disallow');
+
+
+
+ /*
+ * The helpers
+ */
+
+ function redir_test(first, second, expect_origin) {
+ var first_url, second_url,
+ urls = { "remote": remote, "local": local, "remote2": remote2 };
+
+ first_url = urls[first[0]] + "?origin=" + first[1];
+ second_url = urls[second[0]] + "?origin=" + second[1];
+
+ if (expect_origin=="disallow") {
+ shouldFail(first[0]+" ("+first[1]+") to "
+ + second[0]+" ("+second[1]+"), expect to fail", [ first_url, second_url ]);
+ }
+ else {
+ shouldPass(first[0]+" ("+first[1]+") to "
+ + second[0]+" ("+second[1]+"), expect origin="+expect_origin, expect_origin, [ first_url, second_url ]);
+ }
+
+ }
+
+ function shouldPass(desc, expected_origin, urls) {
+ var test_id = num_test,
+ t = async_test(desc);
+
+ num_test++;
+
+ t.step(function() {
+ var final_url,
+ client = new XMLHttpRequest();
+
+ client.open('GET', buildURL(urls, test_id));
+
+ client.onreadystatechange = t.step_func(function() {
+ if (client.readyState != client.DONE)
+ return;
+ assert_true(!!client.response, "Got response");
+ r = JSON.parse(client.response)
+ assert_equals(r['origin'], expected_origin, 'Origin Header')
+ assert_equals(r['get_value'], 'last', 'get_value')
+ t.done();
+ });
+ client.send(null)
+ });
+ }
+
+ function shouldFail(desc, urls) {
+ var test_id = num_test,
+ t = async_test(desc);
+
+ num_test++;
+
+ t.step(function() {
+ var client = new XMLHttpRequest();
+
+ client.open('GET', buildURL(urls, test_id));
+
+ client.onreadystatechange = t.step_func(function() {
+ if (client.readyState != client.DONE)
+ return;
+ assert_false(!!client.response, "Got response");
+ });
+ client.onerror = t.step_func(function(e) {
+ t.done();
+ });
+
+ client.send(null)
+ });
+ }
+
+
+ function buildURL(urls, id) {
+ var tmp_url;
+
+ if (typeof(urls) == "string") {
+ return urls + "&" + id + "_0";
+ }
+
+ for (var i = urls.length; i--; ) {
+ if (!tmp_url)
+ {
+ tmp_url = urls[i] + "&get_value=last&" + id + "_" + i;
+ continue;
+ }
+ tmp_url = urls[i]
+ + "&location="
+ + encodeURIComponent(tmp_url)
+ + "&" + id + "_" + i;
+ }
+
+ return tmp_url;
+ }
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflight2expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?origin=*&ident=fail_1489438122639 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=custom-header&origin=*&token=6de9061c-4017-44fc-a211-22e46653293f due to access control checks.
+Preflight after redirect
+
+
+PASS Same-origin custom-header request, redirect to cross-origin fails after doing a non-successful preflight
+FAIL Same-origin custom-header request, redirect to cross-origin succeeds after doing a preflight assert_unreached: Error during request Reached unreachable code
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflight2htm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,55 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - preflight after a redirect</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+<script src=/common/utils.js></script>
+
+<h1>Preflight after redirect</h1>
+
+<div id=log></div>
+<script>
+
+async_test(function() {
+ var test_id = "fail_" + new Date().getTime()
+ var client = new XMLHttpRequest()
+ var last_url = CROSSDOMAIN + 'resources/cors-makeheader.py?origin=*&ident=' + test_id
+
+ client.open('GET', 'resources/cors-makeheader.py?origin=*&location=' + encodeURIComponent(last_url))
+ client.setRequestHeader('custom-header', 'admin')
+ client.onerror = this.step_func(function() {
+ this.done()
+ })
+ client.onload = this.step_func(function(e) { assert_unreached("Request should not succeed!") })
+ client.send()
+}, "Same-origin custom-header request, redirect to cross-origin fails after doing a non-successful preflight")
+
+
+async_test(function() {
+ var client = new XMLHttpRequest()
+ var uuid_token = token();
+ var last_url = CROSSDOMAIN + 'resources/cors-makeheader.py?headers=custom-header&origin=*&token=' + uuid_token;
+
+ client.open('GET', 'resources/cors-makeheader.py?origin=*&location=' + encodeURIComponent(last_url))
+ client.setRequestHeader('custom-header', 'admin')
+ client.onload = this.step_func(function() {
+ // Test that I got custom-header
+
+ /* To check whether we did a preflight */
+ client.open('GET', 'resources/cors-makeheader.py?check&token=' + uuid_token)
+ client.onload = this.step_func(function() {
+ assert_equals(client.response, "1", "did preflight")
+ this.done()
+ })
+ client.onerror = this.step_func(function(e) { assert_unreached("Error on getting preflight data") })
+ client.send()
+ })
+ client.onerror = this.step_func(function(e) { assert_unreached("Error during request", e) })
+ client.send()
+}, "Same-origin custom-header request, redirect to cross-origin succeeds after doing a preflight")
+
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflightexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?preflight=200&headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%260&code=301&1 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?preflight=200&headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%262&code=302&3 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?preflight=200&headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%264&code=303&5 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?preflight=200&headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%266&code=307&7 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?preflight=200&headers=x-test&location=http%3A%2F%2Fwww1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3Fheaders%3Dx-test%268&code=308&9 due to access control checks.
+Redirect with preflight
+
+
+FAIL Should allow redirect 301 after succesful (200) preflight assert_equals: Successfull redirect expected 200 but got 0
+FAIL Should allow redirect 302 after succesful (200) preflight assert_equals: Successfull redirect expected 200 but got 0
+FAIL Should allow redirect 303 after succesful (200) preflight assert_equals: Successfull redirect expected 200 but got 0
+FAIL Should allow redirect 307 after succesful (200) preflight assert_equals: Successfull redirect expected 200 but got 0
+FAIL Should allow redirect 308 after succesful (200) preflight assert_equals: Successfull redirect expected 200 but got 0
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectpreflighthtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,47 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - redirect with preflight</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+<meta name=author title="Fernando Jiménez Moreno" href="mailto:ferjmoreno@gmail.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Redirect with preflight</h1>
+
+<div id=log></div>
+<script>
+
+// Request count for cache busting and easy identifying of request in traffic
+// analyzer.
+var req_c = 0;
+
+var CROSSDOMAIN_URL = CROSSDOMAIN + 'resources/cors-makeheader.py?';
+
+/*
+ * Redirection after successfull (200) preflight.
+ */
+function redir_after_successfull_preflight(code) {
+ var desc = 'Should allow redirect ' + code + ' after succesful (200) preflight';
+ async_test(desc).step(function() {
+ var client = new XMLHttpRequest();
+ var redirect = encodeURIComponent(
+ CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-test&' + req_c++
+ );
+
+ client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?'
+ + 'preflight=200&headers=x-test&location='
+ + redirect + '&code=' + code + '&' + req_c++,
+ true /* async */);
+ client.setRequestHeader('x-test', 'test');
+ client.onreadystatechange = this.step_func(function() {
+ assert_equals(client.status, 200, 'Successfull redirect');
+ this.done();
+ });
+ client.send(null);
+ });
+}
+[301, 302, 303, 307, 308].forEach(redir_after_successfull_preflight);
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectuserinfoexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2Ftest%3Atest%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%260_1&0_0
+CONSOLE MESSAGE: line 61: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2Ftest%3Atest%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%260_1&0_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2Fuser%3A%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%261_1&1_0
+CONSOLE MESSAGE: line 61: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2Fuser%3A%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%261_1&1_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2Fuser%3A%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%262_1&2_0
+CONSOLE MESSAGE: line 61: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2Fuser%3A%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%262_1&2_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2F%3A%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%263_1&3_0
+CONSOLE MESSAGE: line 61: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2F%3A%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%263_1&3_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2F%3Apass%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%264_1&4_0
+CONSOLE MESSAGE: line 61: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2F%3Apass%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%264_1&4_0 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2F%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%265_1&5_0
+CONSOLE MESSAGE: line 84: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?&location=http%3A%2F%2F%40www1.localhost%3A8800%2Fcors%2Fresources%2Fcors-makeheader.py%3F%26get_value%3Dlast%265_1&5_0 due to access control checks.
+CORS userinfo redirect handling
+
+
+PASS Disallow redirect with userinfo (//user:pass@)
+PASS Disallow redirect with userinfo (//user:@)
+PASS Disallow redirect with userinfo (//user@)
+PASS Disallow redirect with userinfo (//:@)
+PASS Disallow redirect with userinfo (//:pass@)
+FAIL Allow redirect with userinfo (//@) assert_true: Got response expected true got false
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsredirectuserinfohtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,110 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - redirect with userinfo</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odinho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>CORS userinfo redirect handling</h1>
+
+<div id=log></div>
+
+<script>
+
+ // Test count for cache busting and easy identifying of request in traffic analyzer
+ var num_test = 0
+
+ shouldFail("Disallow redirect with userinfo (//user:pass@)", [
+ CROSSDOMAIN + "resources/cors-makeheader.py?",
+ CROSSDOMAIN.replace("http://", "http://test:test@") + "resources/cors-makeheader.py?"]);
+
+ shouldFail("Disallow redirect with userinfo (//user:@)", [
+ CROSSDOMAIN + "resources/cors-makeheader.py?",
+ CROSSDOMAIN.replace("http://", "http://user:@") + "resources/cors-makeheader.py?"]);
+
+ shouldFail("Disallow redirect with userinfo (//user@)", [
+ CROSSDOMAIN + "resources/cors-makeheader.py?",
+ CROSSDOMAIN.replace("http://", "http://user:@") + "resources/cors-makeheader.py?"]);
+
+ shouldFail("Disallow redirect with userinfo (//:@)", [
+ CROSSDOMAIN + "resources/cors-makeheader.py?",
+ CROSSDOMAIN.replace("http://", "http://:@") + "resources/cors-makeheader.py?"]);
+
+ shouldFail("Disallow redirect with userinfo (//:pass@)", [
+ CROSSDOMAIN + "resources/cors-makeheader.py?",
+ CROSSDOMAIN.replace("http://", "http://:pass@") + "resources/cors-makeheader.py?"]);
+
+ shouldPass("Allow redirect with userinfo (//@)", [
+ CROSSDOMAIN + "resources/cors-makeheader.py?",
+ CROSSDOMAIN.replace("http://", "http://@") + "resources/cors-makeheader.py?"]);
+
+ function shouldFail(desc, urls) {
+ var test_id = num_test,
+ t = async_test(desc);
+
+ num_test++;
+
+ t.step(function() {
+ var client = new XMLHttpRequest();
+
+ client.open('GET', buildURL(urls, test_id));
+
+ client.onload = t.step_func(function() {
+ assert_false(!!client.response, "Got response");
+ });
+ client.onerror = t.step_func(function(e) {
+ t.done();
+ });
+
+ client.send(null)
+ });
+ }
+
+ function shouldPass(desc, urls) {
+ var test_id = num_test,
+ t = async_test(desc);
+
+ num_test++;
+
+ t.step(function() {
+ var client = new XMLHttpRequest();
+
+ client.open('GET', buildURL(urls, test_id));
+
+ client.onreadystatechange = t.step_func(function() {
+ if (client.readyState != client.DONE)
+ return;
+ assert_true(!!client.response, "Got response");
+ r = JSON.parse(client.response)
+ assert_equals(r['get_value'], 'last', 'get_value')
+ t.done();
+ });
+ client.send(null)
+ });
+ }
+
+ function buildURL(urls, id) {
+ var tmp_url;
+
+ if (typeof(urls) == "string") {
+ return urls + "&" + id + "_0";
+ }
+
+ for (var i = urls.length; i--; ) {
+ if (!tmp_url)
+ {
+ tmp_url = urls[i] + "&get_value=last&" + id + "_" + i;
+ continue;
+ }
+ tmp_url = urls[i]
+ + "&location="
+ + encodeURIComponent(tmp_url)
+ + "&" + id + "_" + i;
+ }
+
+ return tmp_url;
+ }
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsremoteoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/remote-xhrer.html
+Access-Control-Allow-Origin handling
+
+
+Harness Error (TIMEOUT), message = null
+
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsremoteoriginhtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,121 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Access-Control-Allow-Origin handling</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Access-Control-Allow-Origin handling</h1>
+
+<div id=log></div>
+
+<script>
+
+var remote_tests = [];
+var iframe = document.createElement("iframe")
+iframe.src = CROSSDOMAIN + 'resources/remote-xhrer.html';
+document.body.appendChild(iframe);
+
+function reverseOrigin(expect_pass, origin)
+{
+ var real_origin = origin.replace("<host>", REMOTE_HOST)
+ .replace("<remote_origin>", location.protocol + "//" + location.host)
+ .replace("<origin>", REMOTE_ORIGIN)
+ .replace("<protocol>", REMOTE_PROTOCOL)
+ .replace("<HOST>", REMOTE_HOST.toUpperCase())
+ .replace("<ORIGIN>", REMOTE_ORIGIN.toUpperCase())
+ .replace("<PROTOCOL>", REMOTE_PROTOCOL.toUpperCase());
+
+ var t = async_test((expect_pass ? 'Allow origin: ' : 'Disallow origin: ') + real_origin
+ .replace(/\0/g, "\\0")
+ .replace(/\t/g, "[tab]")
+ .replace(/ /g, '_'));
+ t.step(function() {
+ this.test_url = dirname(location.href)
+ + 'resources/cors-makeheader.py?origin='
+ + encodeURIComponent(real_origin);
+ iframe.contentWindow.postMessage({ url: this.test_url, origin: origin }, "*");
+ });
+
+ if (expect_pass)
+ {
+ t.callback = t.step_func(function(e) {
+ assert_equals(e.state, "load");
+ r = JSON.parse(e.response)
+ assert_equals(r['origin'], REMOTE_ORIGIN, 'Request Origin: should be ' + REMOTE_ORIGIN)
+ this.done();
+ });
+ }
+ else
+ {
+ t.callback = t.step_func(function(e) {
+ assert_equals(e.state, "error");
+ assert_equals(e.response, "");
+ this.done();
+ });
+ }
+
+ remote_tests[origin] = t;
+}
+
+function shouldPass(origin) { reverseOrigin(true, origin); }
+function shouldFail(origin) { reverseOrigin(false, origin); }
+
+
+iframe.onload = function() {
+ shouldPass('*');
+ shouldPass(' * ');
+ shouldPass('        *');
+ shouldPass("<origin>");
+ shouldPass(" <origin>");
+ shouldPass(" <origin>          ");
+ shouldPass("        <origin>");
+
+ shouldFail("<remote_origin>")
+ shouldFail("//" + "<host>")
+ shouldFail("://" + "<host>")
+ shouldFail("ftp://" + "<host>")
+ shouldFail("http:://" + "<host>")
+ shouldFail("http:/" + "<host>")
+ shouldFail("http:" + "<host>")
+ shouldFail("<host>")
+ shouldFail("<origin>" + "?")
+ shouldFail("<origin>" + "/")
+ shouldFail("<origin>" + " /")
+ shouldFail("<origin>" + "#")
+ shouldFail("<origin>" + "%23")
+ shouldFail("<origin>" + ":80")
+ shouldFail("<origin>" + ", *")
+ shouldFail("<origin>" + "\0")
+ shouldFail(("<ORIGIN>"))
+ shouldFail("<PROTOCOL>//<host>")
+ shouldFail("<protocol>//<HOST>")
+ shouldFail("-")
+ shouldFail("**")
+ shouldFail("\0*")
+ shouldFail("*\0")
+ shouldFail("'*'")
+ shouldFail('"*"')
+ shouldFail("* *")
+ shouldFail("*" + "<protocol>" + "//" + "*")
+ shouldFail("*" + "<origin>")
+ shouldFail("* " + "<origin>")
+ shouldFail("*, " + "<origin>")
+ shouldFail("\0" + "<origin>")
+ shouldFail("null " + "<origin>")
+ shouldFail('http://example.net')
+ shouldFail('null')
+ shouldFail('')
+ shouldFail(location.href)
+ shouldFail(dirname(location.href))
+ shouldFail(CROSSDOMAIN)
+}
+
+window.addEventListener("message", function(e) {
+ remote_tests[e.data.origin].callback(e.data);
+});
+
+add_completion_callback(function() {
+ iframe.parentElement.removeChild(iframe);
+});
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsrequestheadersexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
+CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print,
+CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
+CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
+CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
+Request headers
+
+
+FAIL basic request header A network error occurred.
+FAIL Simple request headers need not be in allow-headers A network error occurred.
+PASS Unspecified request headers are disallowed
+FAIL Strange allowheaders (case insensitive) A network error occurred.
+PASS INVALID_STATE_ERR on setRequestHeader before open()
+FAIL INVALID_STATE_ERR on setRequestHeader after send() The operation was aborted.
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsrequestheadershtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,80 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - request headers - Access-Control-Allow-Headers</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Request headers</h1>
+<div id=log></div>
+<script>
+
+/*
+ * Request Headers
+ */
+
+test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print', false)
+ client.setRequestHeader('x-print', 'unicorn')
+ client.send(null)
+
+ res = JSON.parse(client.response)
+ assert_equals(res['x-print'], 'unicorn')
+}, 'basic request header')
+
+test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print,', false)
+ client.setRequestHeader('x-print', 'unicorn')
+ client.setRequestHeader('content-type', 'text/plain')
+ client.setRequestHeader('accept', 'test')
+ client.setRequestHeader('accept-language', 'nn')
+ client.setRequestHeader('content-language', 'nn')
+ client.send(null)
+
+ res = JSON.parse(client.response)
+ assert_equals(res['x-print'], 'unicorn')
+ assert_equals(res['content-type'], 'text/plain')
+ assert_equals(res['accept'], 'test')
+ assert_equals(res['accept-language'], 'nn')
+ assert_equals(res['content-language'], 'nn')
+}, 'Simple request headers need not be in allow-headers')
+
+test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=x-print', false)
+ client.setRequestHeader('x-print', 'unicorn')
+ client.setRequestHeader('y-print', 'unicorn')
+ assert_throws(null, function() { client.send(null) })
+}, 'Unspecified request headers are disallowed')
+
+test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
+ client.setRequestHeader('x-print', 'unicorn')
+ client.setRequestHeader('y-print', 'narwhal')
+ client.send(null)
+
+ res = JSON.parse(client.response)
+ assert_equals(res['x-print'], 'unicorn')
+ assert_equals(res['y-print'], 'narwhal')
+}, 'Strange allowheaders (case insensitive)')
+
+test(function() {
+ var client = new XMLHttpRequest()
+ assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
+},
+'INVALID_STATE_ERR on setRequestHeader before open()')
+
+test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT', false)
+ client.send()
+ assert_throws('INVALID_STATE_ERR', function() { client.setRequestHeader('x-print', 'unicorn') })
+},
+'INVALID_STATE_ERR on setRequestHeader after send()')
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresources304py"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/304.py (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/304.py         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/304.py        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,62 @@
</span><ins>+#!/usr/bin/env python
+
+# A header used to correlate requests and responses
+state_header = "content-language"
+
+# Static ETag to use (and expect)
+etag = "abcdef"
+
+def error(msg):
+ return (299, "Client Error"), [
+ ('content-type', 'text/plain'),
+ ('access-control-allow-origin', "*"),
+ ('access-control-expose-headers', state_header),
+ ('cache-control', 'no-store')
+ ], msg
+
+def main(request, response):
+ headers = []
+
+ inm = request.headers.get('if-none-match', None)
+ raw_req_num = request.headers.get(state_header, None)
+ if raw_req_num == None:
+ return error("no req_num header in request")
+ else:
+ req_num = int(raw_req_num)
+ if req_num > 8:
+ return error("req_num %s out of range" % req_num)
+
+ headers.append(("Access-Control-Expose-Headers", state_header))
+ headers.append((state_header, req_num))
+ headers.append(("A", req_num))
+ headers.append(("B", req_num))
+
+ if req_num % 2: # odd requests are the first in a test pair
+ if inm:
+ # what are you doing here? This should be a fresh request.
+ return error("If-None-Match on first request")
+ else:
+ status = 200, "OK"
+ headers.append(("Access-Control-Allow-Origin", "*"))
+ headers.append(("Content-Type", "text/plain"))
+ headers.append(("Cache-Control", "private, max-age=3, must-revalidate"))
+ headers.append(("ETag", etag))
+ return status, headers, "Success"
+ else: # even requests are the second in a pair, and should have a good INM.
+ if inm != etag:
+ # Bad browser.
+ if inm == None:
+ return error("If-None-Match missing")
+ else:
+ return error("If-None-Match '%s' mismatches")
+ else:
+ if req_num == 2:
+ pass # basic, vanilla check
+ elif req_num == 4:
+ headers.append(("Access-Control-Expose-Headers", "a, b"))
+ elif req_num == 6:
+ headers.append(("Access-Control-Expose-Headers", "a"))
+ elif req_num == 8:
+ headers.append(("Access-Control-Allow-Origin", "other.origin.example:80"))
+ status = 304, "Not Modified"
+ return status, headers, ""
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescheckandremovepy"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/checkandremove.py (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/checkandremove.py         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/checkandremove.py        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+def main(request, response):
+ token = request.GET.first("token")
+ if request.server.stash.remove(token) is not None:
+ return "1"
+ else:
+ return "0"
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescorscookiepy"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-cookie.py (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-cookie.py         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-cookie.py        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+
+def main(request, response):
+ origin = request.GET.first("origin", request.headers["origin"])
+ credentials = request.GET.first("credentials", "true")
+
+ headers = [("Content-Type", "text/plain")]
+ if origin != 'none':
+ headers.append(("Access-Control-Allow-Origin", origin))
+ if credentials != 'none':
+ headers.append(("Access-Control-Allow-Credentials", credentials))
+
+ ident = request.GET.first('ident', 'test')
+
+ if ident in request.cookies:
+ body = request.cookies[ident].value
+ response.delete_cookie(ident)
+ else:
+ response.set_cookie(ident, "COOKIE");
+ body = "NO_COOKIE"
+
+ return headers, body
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescorsheadersasis"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-headers.asis (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-headers.asis         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-headers.asis        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,24 @@
</span><ins>+HTTP/1.1 200 OK
+Access-Control-Allow-Origin: *
+Access-Control-Expose-Headers: X-Custom-Header, X-Custom-Header-Empty, X-Custom-Header-Comma, X-Custom-Header-Bytes
+Access-Control-Expose-Headers: X-Second-Expose
+Access-Control-Expose-Headers: Date
+Content-Type: text/plain
+X-Custom-Header: test
+X-Custom-Header: test
+Set-Cookie: test1=t1;max-age=2
+Set-Cookie2: test2=t2;Max-Age=2
+X-Custom-Header-Empty:
+X-Custom-Header-Comma: 1
+X-Custom-Header-Comma: 2
+X-Custom-Header-Bytes: …
+X-Nonexposed: unicorn
+X-Second-Expose: flyingpig
+Cache-Control: no-cache
+Content-Language: nn
+Expires: Thu, 01 Dec 1994 16:00:00 GMT
+Last-Modified: Thu, 01 Dec 1994 10:00:00 GMT
+Pragma: no-cache
+Date: Wed, 22 Oct 2013 10:00:00 GMT
+
+TEST
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcescorsmakeheaderpy"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-makeheader.py (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-makeheader.py         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-makeheader.py        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,67 @@
</span><ins>+import json
+
+def main(request, response):
+ origin = request.GET.first("origin", request.headers.get('origin'))
+
+ if "check" in request.GET:
+ token = request.GET.first("token")
+ value = request.server.stash.take(token)
+ if value is not None:
+ if request.GET.first("check", None) == "keep":
+ request.server.stash.put(token, value)
+ body = "1"
+ else:
+ body = "0"
+ return [("Content-Type", "text/plain")], body
+
+
+ if origin != 'none':
+ response.headers.set("Access-Control-Allow-Origin", origin)
+ if 'origin2' in request.GET:
+ response.headers.append("Access-Control-Allow-Origin", request.GET.first('origin2'))
+
+ #Preflight
+ if 'headers' in request.GET:
+ response.headers.set("Access-Control-Allow-Headers", request.GET.first('headers'))
+ if 'credentials' in request.GET:
+ response.headers.set("Access-Control-Allow-Credentials", request.GET.first('credentials'))
+ if 'methods' in request.GET:
+ response.headers.set("Access-Control-Allow-Methods", request.GET.first('methods'))
+
+ code_raw = request.GET.first('code', None)
+ if code_raw:
+ code = int(code_raw)
+ else:
+ code = None
+ if request.method == 'OPTIONS':
+ #Override the response code if we're in a preflight and it's asked
+ if 'preflight' in request.GET:
+ code = int(request.GET.first('preflight'))
+
+ #Log that the preflight actually happened if we have an ident
+ if 'token' in request.GET:
+ request.server.stash.put(request.GET['token'], True)
+
+ if 'location' in request.GET:
+ if code is None:
+ code = 302
+
+ if code >= 300 and code < 400:
+ response.headers.set("Location", request.GET.first('location'))
+
+ headers = {}
+ for name, values in request.headers.iteritems():
+ if len(values) == 1:
+ headers[name] = values[0]
+ else:
+ #I have no idea, really
+ headers[name] = values
+
+ headers['get_value'] = request.GET.first('get_value', '')
+
+ body = json.dumps(headers)
+
+ if code:
+ return (code, "StatusText"), [], body
+ else:
+ return body
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcespreflightpy"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight.py (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight.py         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight.py        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+def main(request, response):
+ headers = [("Content-Type", "text/plain")]
+
+ if "check" in request.GET:
+ token = request.GET.first("token")
+ value = request.server.stash.take(token)
+ if value == None:
+ body = "0"
+ else:
+ if request.GET.first("check", None) == "keep":
+ request.server.stash.put(token, value)
+ body = "1"
+
+ return headers, body
+
+ if request.method == "OPTIONS":
+ if not "Access-Control-Request-Method" in request.headers:
+ response.set_error(400, "No Access-Control-Request-Method header")
+ return "ERROR: No access-control-request-method in preflight!"
+
+ headers.append(("Access-Control-Allow-Methods",
+ request.headers['Access-Control-Request-Method']))
+
+ if "max_age" in request.GET:
+ headers.append(("Access-Control-Max-Age", request.GET['max_age']))
+
+ if "token" in request.GET:
+ request.server.stash.put(request.GET.first("token"), 1)
+
+ headers.append(("Access-Control-Allow-Origin", "*"))
+ headers.append(("Access-Control-Allow-Headers", "x-print"))
+
+ body = request.headers.get("x-print", "NO")
+
+ return headers, body
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcesremotexhrerhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/remote-xhrer.html (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/remote-xhrer.html         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/remote-xhrer.html        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,28 @@
</span><ins>+<!doctype html>
+<title>Child helper</title>
+
+<script>
+window.addEventListener("message", function(e) {
+// e.source.postMessage(e.data, e.origin);
+
+ var client = new XMLHttpRequest();
+ var localurl = e.data.url
+ .replace("<host>", location.host)
+ .replace("<protocol>", location.protocol);
+
+ client.open('GET', localurl, true);
+ client.onload = function() {
+ e.data.state = "load";
+ e.data.response = client.response;
+ e.source.postMessage(e.data, e.origin);
+ }
+ client.onerror = function() {
+ e.data.state = "error";
+ e.data.response = client.response;
+ e.source.postMessage(e.data, e.origin);
+ }
+ client.send();
+});
+</script>
+
+The remote window
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcesstatuspy"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/status.py (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/status.py         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/status.py        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,37 @@
</span><ins>+def main(request, response):
+ response.headers.set("Access-Control-Allow-Origin", request.headers.get("origin") )
+ response.headers.set("Access-Control-Expose-Headers", "X-Request-Method")
+
+ if request.method == 'OPTIONS':
+ response.headers.set("Access-Control-Allow-Methods", "GET, CHICKEN, HEAD, POST, PUT")
+
+ if 'headers' in request.GET:
+ response.headers.set("Access-Control-Allow-Headers", request.GET.first('headers'))
+
+ response.headers.set("X-Request-Method", request.method)
+
+ response.headers.set("X-A-C-Request-Method", request.headers.get("Access-Control-Request-Method", ""));
+
+
+ #This should reasonably work for most response codes.
+ try:
+ code = int(request.GET.first("code", 200))
+ except ValueError:
+ code = 200
+
+ text = request.GET.first("text", "OMG")
+
+ if request.method == "OPTIONS" and "preflight" in request.GET:
+ try:
+ code = int(request.GET.first('preflight'))
+ except KeyError, ValueError:
+ pass
+
+ status = code, text
+
+ if "type" in request.GET:
+ response.headers.set("Content-Type", request.GET.first('type'))
+
+ body = request.GET.first('content', "")
+
+ return status, [], body
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresourcesw3cimportlog"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/w3c-import.log (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/w3c-import.log         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/resources/w3c-import.log        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the W3C CSS or WPT github:
+        https://github.com/w3c/csswg-test
+        https://github.com/w3c/web-platform-tests
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/304.py
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/checkandremove.py
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-cookie.py
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-headers.asis
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/cors-makeheader.py
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/preflight.py
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/remote-xhrer.html
+/LayoutTests/imported/w3c/web-platform-tests/cors/resources/status.py
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresponseheadersexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+CONSOLE MESSAGE: line 82: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-headers.asis due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-headers.asis
+Response headers
+
+
+FAIL getResponseHeader: Expose Access-Control-Expose-Headers (x-custom-header-comma) The operation was aborted.
+FAIL getResponseHeader: Expose second Access-Control-Expose-Headers (x-second-expose) The operation was aborted.
+FAIL getResponseHeader: Don't trim whitespace The operation was aborted.
+FAIL getResponseHeader: x-custom-header bytes The operation was aborted.
+FAIL getResponseHeader: Exposed server field readable (Date) The operation was aborted.
+FAIL getResponseHeader: Cache-Control: readable by default The operation was aborted.
+FAIL getResponseHeader: Content-Language: readable by default The operation was aborted.
+FAIL getResponseHeader: Expires: readable by default The operation was aborted.
+FAIL getResponseHeader: Last-Modified: readable by default The operation was aborted.
+FAIL getResponseHeader: Pragma: readable by default The operation was aborted.
+FAIL getResponseHeader: Server: unreadable by default The operation was aborted.
+FAIL getResponseHeader: X-Powered-By: unreadable by default The operation was aborted.
+FAIL getResponseHeader: Combined testing of cors response headers assert_equals: x-custom-header expected (string) "test, test" but got (object) null
+FAIL getResponse: don't expose x-nonexposed The operation was aborted.
+FAIL getAllResponseHeaders: don't expose x-nonexposed The operation was aborted.
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsresponseheadershtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,103 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - Response headers</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Response headers</h1>
+<div id=log></div>
+<script>
+
+/*
+ * Response Headers
+ */
+
+function check_response_header(head, value, desc) {
+ test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-headers.asis', false)
+ client.send(null)
+
+ if (typeof value === 'function')
+ value(client, head)
+ else
+ assert_equals(client.getResponseHeader(head), value, head)
+ },
+ desc)
+}
+check_response_header('X-Custom-Header-Comma', '1, 2', 'getResponseHeader: Expose Access-Control-Expose-Headers (x-custom-header-comma)')
+check_response_header('X-Second-Expose', 'flyingpig', 'getResponseHeader: Expose second Access-Control-Expose-Headers (x-second-expose)')
+check_response_header(' x-custom-header', null, 'getResponseHeader: Don\'t trim whitespace')
+check_response_header('x-custom-header-bytes', "\xE2\x80\xA6", 'getResponseHeader: x-custom-header bytes')
+check_response_header('Date',
+ function(client, head) { assert_true(client.getResponseHeader(head).length > 2) },
+ 'getResponseHeader: Exposed server field readable (Date)')
+
+function default_readable(head, value) {
+ check_response_header(head, value, 'getResponseHeader: '+head+': readable by default')
+}
+default_readable("Cache-Control", "no-cache");
+default_readable("Content-Language", "nn");
+default_readable("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");
+default_readable("Last-Modified", "Thu, 01 Dec 1994 10:00:00 GMT");
+default_readable("Pragma", "no-cache");
+
+
+function default_unreadable(head) {
+ check_response_header(head, null, 'getResponseHeader: '+head+': unreadable by default')
+}
+default_unreadable("Server")
+default_unreadable("X-Powered-By")
+
+
+async_test("getResponseHeader: Combined testing of cors response headers")
+.step(function()
+{
+ var client = new XMLHttpRequest();
+ client.open("GET", CROSSDOMAIN + 'resources/cors-headers.asis')
+ window.c=client;
+ client.onreadystatechange = this.step_func(function()
+ {
+ if (client.readyState == 1)
+ {
+ assert_equals(client.getResponseHeader("x-custom-header"), null, 'x-custom-header')
+ }
+ if (client.readyState > 1)
+ {
+ assert_equals(client.getResponseHeader("x-custom-header"), "test, test", 'x-custom-header')
+ assert_equals(client.getResponseHeader("x-custom-header-empty"), "", 'x-custom-header-empty')
+ assert_equals(client.getResponseHeader("set-cookie"), null)
+ assert_equals(client.getResponseHeader("set-cookie2"), null)
+ assert_equals(client.getResponseHeader("x-non-existent-header"), null)
+ assert_equals(client.getResponseHeader("x-nonexposed"), null)
+ }
+ if (client.readyState == 4)
+ {
+ this.done()
+ }
+ })
+ client.send()
+})
+
+test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-headers.asis', false)
+ client.send(null)
+ assert_equals(client.getResponseHeader("x-custom-header"), "test, test", 'x-custom-header')
+ assert_equals(client.getResponseHeader("x-nonexposed"), null, 'x-nonexposed')
+}, "getResponse: don't expose x-nonexposed")
+
+test(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-headers.asis', false)
+ client.send(null)
+
+ h = client.getAllResponseHeaders().toLowerCase()
+ assert_true( h.indexOf('x-custom-header') >= 0, 'x-custom-header present')
+ assert_true( h.indexOf('x-nonexposed') === -1, 'x-nonexposed not present')
+}, "getAllResponseHeaders: don't expose x-nonexposed")
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorssimplerequestsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,54 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=392a30cd-ce3d-4663-85f4-5b95816600b8
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=bdc783ee-bc1a-4a80-8206-9ff503a2335f
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=7f937523-74aa-4ba0-8fe6-8a39fb111f47
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=35ba3c52-65b8-4b34-b2cb-553765266f57
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=5cb24269-d166-4abd-8347-c0337cc6ca47
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=7bf64789-3840-4b6b-96e4-2d2e27587619
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=c44f6790-53b8-4993-b0b1-e21a3cc3d245
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=a56a5860-7f84-4aa5-8e89-9caabc49b7ad
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=bfef417e-6a08-4467-ae21-d093b0b72d43
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=4d2914db-3e65-4004-8aa2-5b416d3bd139
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=545e6e0a-ab91-425c-9fee-d7c76bda8f77
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=b95b5f11-7b56-4283-85c0-af71766d239b
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=9c6e28cf-2e5a-41c8-8ba0-e353ab96d8b4
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=10a72420-e8c1-4284-911a-2f66e7959016
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=2fc8911b-9594-4abd-83af-7c8caeb58e17
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=0bde01ea-410c-45e1-9d25-2a59714db8f8
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=0272d215-0f1c-4517-8069-ac8135e2f905
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=098da67a-9610-4892-8e70-db38ab79afce
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=f2d525c1-f373-47af-a6fe-6a1b62658356
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=f967e5a3-7df3-4ad2-9d38-0f8064fad2d2
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=b6010190-0f35-4998-a0c1-331119a76a0e
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=ae19d0d4-657d-4333-97be-2332eb0a683a
+Blocked access to external URL http://www1.localhost:8800/cors/resources/preflight.py?token=350fc654-7f4c-4a0d-94fe-c02f3e9b953d
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/preflight.py?token=e3ceb821-d17d-404e-91ef-705b61832c7e due to access control checks.
+Simple requests
+
+Simple requests shouldn't trigger preflight
+
+
+FAIL No preflight GET and {"Accept":"test"} The operation was aborted.
+FAIL No preflight HEAD and {"Accept":"test"} The operation was aborted.
+FAIL No preflight POST and {"Accept":"test"} The operation was aborted.
+FAIL No preflight GET and {"accept-language":"test"} The operation was aborted.
+FAIL No preflight HEAD and {"accept-language":"test"} The operation was aborted.
+FAIL No preflight POST and {"accept-language":"test"} The operation was aborted.
+FAIL No preflight GET and {"CONTENT-language":"test"} The operation was aborted.
+FAIL No preflight HEAD and {"CONTENT-language":"test"} The operation was aborted.
+FAIL No preflight POST and {"CONTENT-language":"test"} The operation was aborted.
+FAIL No preflight GET and {"Content-Type":"application/x-www-form-urlencoded"} The operation was aborted.
+FAIL No preflight HEAD and {"Content-Type":"application/x-www-form-urlencoded"} The operation was aborted.
+FAIL No preflight POST and {"Content-Type":"application/x-www-form-urlencoded"} The operation was aborted.
+FAIL No preflight GET and {"content-type":"multipart/form-data"} The operation was aborted.
+FAIL No preflight HEAD and {"content-type":"multipart/form-data"} The operation was aborted.
+FAIL No preflight POST and {"content-type":"multipart/form-data"} The operation was aborted.
+FAIL No preflight GET and {"content-type":"text/plain"} The operation was aborted.
+FAIL No preflight HEAD and {"content-type":"text/plain"} The operation was aborted.
+FAIL No preflight POST and {"content-type":"text/plain"} The operation was aborted.
+FAIL No preflight GET and {"accept":"test","accept-language":"test","content-language":"test","content-type":"text/plain; parameter=whatever"} The operation was aborted.
+FAIL No preflight HEAD and {"accept":"test","accept-language":"test","content-language":"test","content-type":"text/plain; parameter=whatever"} The operation was aborted.
+FAIL No preflight POST and {"accept":"test","accept-language":"test","content-language":"test","content-type":"text/plain; parameter=whatever"} The operation was aborted.
+FAIL No preflight Get and {"content-type":"text/plain; parameter=extra_bonus"} The operation was aborted.
+FAIL No preflight post and {"content-type":"text/plain"} The operation was aborted.
+FAIL Check simple headers (async) assert_unreached: onerror Reached unreachable code
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorssimplerequestshtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,91 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - simple requests</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+<script src=/common/utils.js></script>
+
+<h1>Simple requests</h1>
+<p>Simple requests shouldn't trigger preflight</p>
+
+<div id=log></div>
+<script>
+
+var test_c = 0;
+
+function check_simple(method, headers)
+{
+ test(function() {
+ var client = new XMLHttpRequest()
+ var uuid_token = token();
+ client.open(method, CROSSDOMAIN + 'resources/preflight.py?token='
+ + uuid_token, false)
+ for (head in headers)
+ client.setRequestHeader(head, headers[head])
+ client.send("data")
+ assert_equals(client.getResponseHeader('content-type'), "text/plain")
+ if (method == 'HEAD')
+ assert_equals(client.response, '', 'response')
+ else
+ assert_equals(client.response, 'NO', 'response')
+
+ client.open('GET', 'resources/preflight.py?check&token='
+ + uuid_token, false)
+ client.send("data")
+ assert_equals(client.response, "0", "Found preflight log")
+ },
+ 'No preflight ' + method + ' and ' + JSON.stringify(headers))
+}
+
+function check_simple_headers(headers) {
+ check_simple('GET', headers)
+ check_simple('HEAD', headers)
+ check_simple('POST', headers)
+}
+
+check_simple_headers({'Accept': 'test'})
+check_simple_headers({'accept-language': 'test'})
+check_simple_headers({'CONTENT-language': 'test'})
+
+check_simple_headers({'Content-Type': 'application/x-www-form-urlencoded'})
+check_simple_headers({'content-type': 'multipart/form-data'})
+check_simple_headers({'content-type': 'text/plain'})
+
+check_simple_headers({
+ 'accept': 'test',
+ 'accept-language': 'test',
+ 'content-language': 'test',
+ 'content-type': 'text/plain; parameter=whatever'
+ })
+
+check_simple('Get', {'content-type': 'text/plain; parameter=extra_bonus'})
+check_simple('post', {'content-type': 'text/plain'})
+
+
+/* Extra async test */
+
+var simple_async = async_test("Check simple headers (async)")
+simple_async.step(function (){
+ var time = new Date().getTime(),
+ client = new XMLHttpRequest()
+ var uuid_token = token();
+ client.open('POST', CROSSDOMAIN + 'resources/preflight.py?token='
+ + uuid_token, true)
+
+ client.setRequestHeader('Accept', 'jewelry')
+ client.setRequestHeader('accept-language', 'nn_NO,nn,en')
+ client.setRequestHeader('content-type', 'text/plain; parameter=extra')
+ client.setRequestHeader('content-Language', 'nn_NO')
+
+ client.onload = simple_async.step_func(function() {
+ assert_equals(client.getResponseHeader('content-type'), "text/plain", 'content-type response header')
+ assert_equals(client.response, 'NO', 'response')
+ simple_async.done()
+ })
+ client.onerror = simple_async.step_func(function () { assert_unreached('onerror') })
+ client.send()
+})
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsstatusasyncexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,67 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=Not%20today.&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=Not%20today.&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=201&text=OK/Created&content=Not%20today%2001.&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=201&text=OK/Created&content=Not%20today%2001.&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=202&text=OK/Accepted&content=Not%20today%2002.&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=202&text=OK/Accepted&content=Not%20today%2002.&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=203&text=OK/Non-Authoritative%20Information&content=Not%20today%2003.&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=203&text=OK/Non-Authoritative%20Information&content=Not%20today%2003.&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=204&text=OK/No%20Content&content=&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=204&text=OK/No%20Content&content=&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=205&text=OK/Reset%20Content&content=&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=205&text=OK/Reset%20Content&content=&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=206&text=OK/Partial%20Content&content=Not%20today%2006.&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=206&text=OK/Partial%20Content&content=Not%20today%2006.&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=209&text=OK&content=Not%20today%2009.&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=209&text=OK&content=Not%20today%2009.&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=299&text=OK&content=Not%20today%2099.&type=
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=299&text=OK&content=Not%20today%2099.&type= due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=%3Cx%3E402%3C/x%3E&type=text/xml
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=%3Cx%3E402%3C/x%3E&type=text/xml due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=Nice!&type=text/doesnotmatter
+CONSOLE MESSAGE: line 39: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=Nice!&type=text/doesnotmatter due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=400&headers=x-nonsimple&text=OHAI
+CONSOLE MESSAGE: line 91: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=400&headers=x-nonsimple&text=OHAI due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=401&headers=x-nonsimple&text=OHAI
+CONSOLE MESSAGE: line 91: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=401&headers=x-nonsimple&text=OHAI due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=404&headers=x-nonsimple&text=OHAI
+CONSOLE MESSAGE: line 91: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=404&headers=x-nonsimple&text=OHAI due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?code=500&headers=x-nonsimple&text=OHAI
+CONSOLE MESSAGE: line 91: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=500&headers=x-nonsimple&text=OHAI due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=400&type=text/plain due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=200&text=OK&content=bah&type= due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=699&headers=x-nonsimple&text=OHAI due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=501&headers=x-nonsimple&text=OHAI due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=400&headers=x-nonsimple&text=OHAI due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=401&headers=x-nonsimple&text=OHAI due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=404&headers=x-nonsimple&text=OHAI due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=699&headers=x-nonsimple&text=OHAI due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?code=501&headers=x-nonsimple&text=OHAI due to access control checks.
+Status returned
+
+
+FAIL Status on GET 200 assert_equals: response status expected 200 but got 0
+FAIL Status on GET 201 assert_equals: response status expected 201 but got 0
+FAIL Status on GET 202 assert_equals: response status expected 202 but got 0
+FAIL Status on GET 203 assert_equals: response status expected 203 but got 0
+FAIL Status on GET 204 assert_equals: response status expected 204 but got 0
+FAIL Status on GET 205 assert_equals: response status expected 205 but got 0
+FAIL Status on GET 206 assert_equals: response status expected 206 but got 0
+FAIL Status on GET 209 assert_equals: response status expected 209 but got 0
+FAIL Status on GET 299 assert_equals: response status expected 299 but got 0
+FAIL Status on POST 200 assert_equals: response status expected 200 but got 0
+FAIL Status on HEAD 200 assert_equals: response status expected 200 but got 0
+FAIL Status on PUT 200 assert_equals: response status expected 200 but got 0
+FAIL Status on CHICKEN 200 assert_equals: response status expected 200 but got 0
+FAIL Status on GET 400 assert_equals: response status expected 400 but got 0
+FAIL Status on HEAD 401 assert_equals: response status expected 401 but got 0
+FAIL Status on POST 404 assert_equals: response status expected 404 but got 0
+FAIL Status on POST 500 assert_equals: response status expected 500 but got 0
+PASS Status on PUT 699
+PASS Status on CHICKEN 501
+PASS Status on GET 400 (nonsimple)
+PASS Status on HEAD 401 (nonsimple)
+PASS Status on POST 404 (nonsimple)
+PASS Status on PUT 699 (nonsimple)
+PASS Status on CHICKEN 501 (nonsimple)
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsstatusasynchtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-async.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,114 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - status</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+<meta name=timeout content=long>
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Status returned</h1>
+
+<div id=log></div>
+<script>
+
+function statusRequest(method, code, text, content, type) {
+ async_test("Status on " + method + " " + code, { timeout: 15000 })
+ .step(function() {
+ var client = new XMLHttpRequest()
+ client.open(method, CROSSDOMAIN + "resources/status.py?code="
+ + code + "&text=" + text + "&content=" + content + "&type=" + type, true)
+ client.onreadystatechange = this.step_func(function() {
+ if (client.readyState != client.DONE)
+ return
+
+ assert_equals(client.status, code, 'response status')
+ assert_equals(client.statusText, text, 'response status text')
+ assert_equals(client.getResponseHeader("X-Request-Method"), method, 'method')
+ if(method != "HEAD") {
+ if(type == "text/xml") {
+ assert_equals(client.responseXML.documentElement.localName,
+ "x", 'responseXML')
+ }
+ assert_equals(client.response, content, 'response content')
+ }
+ this.done()
+ })
+
+ client.send(null)
+ })
+}
+
+ /* method code text content type */
+ statusRequest("GET", 200, 'OK', 'Not today.', '')
+ statusRequest("GET", 201, 'OK/Created', 'Not today 01.', '')
+ statusRequest("GET", 202, 'OK/Accepted', 'Not today 02.', '')
+ statusRequest("GET", 203, 'OK/Non-Authoritative Information', 'Not today 03.', '')
+ statusRequest("GET", 204, 'OK/No Content', '', '') // specifically no-content
+ statusRequest("GET", 205, 'OK/Reset Content', '', '') // specifically no-content
+ statusRequest("GET", 206, 'OK/Partial Content', 'Not today 06.', '')
+ statusRequest("GET", 209, 'OK', 'Not today 09.', '')
+ statusRequest("GET", 299, 'OK', 'Not today 99.', '')
+ statusRequest("POST", 200, 'OK', '<x>402<\/x>', 'text/xml')
+ statusRequest("HEAD", 200, 'OK', 'Nice!', 'text/doesnotmatter')
+ statusRequest("PUT", 200, 'OK', '400', 'text/plain')
+ statusRequest("CHICKEN", 200, 'OK', 'bah', '')
+
+
+function statusRequestFail(method, code, expect_code, nonsimple) {
+ if (expect_code === undefined)
+ expect_code = code
+
+ async_test("Status on " + method + " " + code + (nonsimple?' (nonsimple)':''), { timeout: 15000 })
+ .step(function() {
+ var client = new XMLHttpRequest()
+
+ client.open(method, CROSSDOMAIN + "resources/status.py?code="
+ + code + '&headers=x-nonsimple&text=OHAI', true)
+
+ if (nonsimple)
+ client.setRequestHeader('x-nonsimple', true)
+
+ client.onreadystatechange = this.step_func(function() {
+ if (client.readyState < client.HEADERS_RECEIVED)
+ return
+ assert_equals(client.response, "", "response data")
+ assert_equals(client.status, expect_code, "response status")
+ /* Response code 200 forces webserver to send OK(?) */
+ if(expect_code == 200)
+ assert_equals(client.statusText, "OK", "response statusText")
+ else
+ assert_equals(client.statusText, (expect_code == 0 ? "" : "OHAI"), "response statusText")
+ if (client.readyState == client.DONE)
+ this.done()
+ })
+
+ client.onerror = this.step_func(function(e) {
+ assert_unreached("Got error event.")
+ })
+
+ client.send()
+ })
+}
+
+ /* expect
+ method code status */
+ statusRequestFail("GET", 400)
+ statusRequestFail("HEAD", 401)
+ statusRequestFail("POST", 404)
+ statusRequestFail("POST", 500)
+
+ /* Preflight response status is not 200, so the algorithm set status to 0. */
+ statusRequestFail("PUT", 699, 0)
+ statusRequestFail("CHICKEN", 501, 0)
+
+ /* "forced"
+ preflight */
+ statusRequestFail("GET", 400, 0, true)
+ statusRequestFail("HEAD", 401, 0, true)
+ statusRequestFail("POST", 404, 0, true)
+ statusRequestFail("PUT", 699, 0, true)
+ statusRequestFail("CHICKEN", 501, 0, true)
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsstatusexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,23 @@
</span><ins>+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?1&origin=none&code=400
+CONSOLE MESSAGE: line 55: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?1&origin=none&code=400 due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?3&headers=x-custom&code=400
+CONSOLE MESSAGE: line 55: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?3&headers=x-custom&code=400 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?2&origin=none&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?4&headers=x-custom&code=400&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?5&headers=x-custom&preflight=400 due to access control checks.
+The returned status code in different scenarios
+
+ allowed preflight response | status |
+ ------- --------- -------- | ------ |
+ 1 no x 400 | 0 |
+ 2 no 200 x | 0 |
+ 3 yes x 400 | 400 |
+ 4 yes 200 400 | 400 |
+ 5 yes 400 x | 0 |
+
+PASS 1. CORS disallowed, response status 400.
+PASS 2. CORS disallowed, preflight status 200.
+FAIL 3. CORS allowed, response status 400. assert_unreached: error event Reached unreachable code
+FAIL 4. CORS allowed, preflight status 200, response status 400. assert_unreached: error event Reached unreachable code
+PASS 5. CORS allowed, preflight status 400.
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsstatuspreflightexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight-expected.txt (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight-expected.txt        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,36 @@
</span><ins>+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?1&code=200&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?2&code=204&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?3&code=400&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?4&code=401&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?5&code=200&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?6&code=204&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?7&code=400&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?8&code=401&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?9&code=501&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?10&code=699&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?11&code=204&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?12&code=400&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?13&code=401&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?14&code=404&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?15&code=699&headers=x-nonsimple&preflight=200 due to access control checks.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?16&code=501&headers=x-nonsimple&preflight=200 due to access control checks.
+Status after preflight
+
+
+FAIL CORS - status after preflight on GET 200 assert_equals: response status expected 200 but got 0
+FAIL CORS - status after preflight on GET 204 assert_equals: response status expected 204 but got 0
+FAIL CORS - status after preflight on GET 400 assert_equals: response status expected 400 but got 0
+FAIL CORS - status after preflight on GET 401 assert_equals: response status expected 401 but got 0
+FAIL CORS - status after preflight on HEAD 200 assert_equals: response status expected 200 but got 0
+FAIL CORS - status after preflight on HEAD 204 assert_equals: response status expected 204 but got 0
+FAIL CORS - status after preflight on HEAD 400 assert_equals: response status expected 400 but got 0
+FAIL CORS - status after preflight on HEAD 401 assert_equals: response status expected 401 but got 0
+FAIL CORS - status after preflight on HEAD 501 assert_equals: response status expected 501 but got 0
+FAIL CORS - status after preflight on HEAD 699 assert_equals: response status expected 699 but got 0
+FAIL CORS - status after preflight on POST 204 assert_equals: response status expected 204 but got 0
+FAIL CORS - status after preflight on POST 400 assert_equals: response status expected 400 but got 0
+FAIL CORS - status after preflight on POST 401 assert_equals: response status expected 401 but got 0
+FAIL CORS - status after preflight on POST 404 assert_equals: response status expected 404 but got 0
+FAIL CORS - status after preflight on PUT 699 assert_equals: response status expected 699 but got 0
+FAIL CORS - status after preflight on CHICKEN 501 assert_equals: response status expected 501 but got 0
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsstatuspreflighthtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,65 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS - status after preflight</title>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=support.js?pipe=sub></script>
+
+<h1>Status after preflight</h1>
+
+<div id=log></div>
+<script>
+var counter = 0
+
+function statusAfterPreflight(method, code) {
+ counter++
+
+ async_test(document.title + " on " + method + " " + code).step(function() {
+ var client = new XMLHttpRequest()
+ client.open(method, CROSSDOMAIN + "resources/status.py?" + counter
+ +"&code=" + code + '&headers=x-nonsimple&preflight=200', true)
+
+ client.setRequestHeader('x-nonsimple', true)
+ client.onreadystatechange = this.step_func(function() {
+ if (client.readyState < client.HEADERS_RECEIVED)
+ return
+ assert_equals(client.response, "", "response data")
+ assert_equals(client.status, code, "response status")
+ if (client.readyState == client.DONE) {
+ /* Wait for spurious error events */
+ this.step_timeout(() => { this.done() }, 10)
+ }
+ })
+
+ client.onerror = this.step_func(function() {
+ assert_unreached("Shouldn't throw no error event!")
+ })
+
+ client.send()
+ })
+}
+
+/* method code */
+statusAfterPreflight("GET", 200)
+statusAfterPreflight("GET", 204)
+statusAfterPreflight("GET", 400)
+statusAfterPreflight("GET", 401)
+
+statusAfterPreflight("HEAD", 200)
+statusAfterPreflight("HEAD", 204)
+statusAfterPreflight("HEAD", 400)
+statusAfterPreflight("HEAD", 401)
+statusAfterPreflight("HEAD", 501)
+statusAfterPreflight("HEAD", 699)
+
+statusAfterPreflight("POST", 204)
+statusAfterPreflight("POST", 400)
+statusAfterPreflight("POST", 401)
+statusAfterPreflight("POST", 404)
+
+statusAfterPreflight("PUT", 699)
+statusAfterPreflight("CHICKEN", 501)
+
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsstatushtm"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status.htm (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status.htm         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/status.htm        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,80 @@
</span><ins>+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>CORS status</title>
+<link rel=help href=https://fetch.spec.whatwg.org/>
+<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="support.js?pipe=sub"></script>
+
+<h1>The returned status code in different scenarios</h1>
+
+<script>
+
+ var counter = 0
+
+ function testit(allow, preflight, response, status) {
+ async_test(
+ (++counter) + '. ' +
+ (allow ? 'CORS allowed' : 'CORS disallowed') +
+ (preflight ? ', preflight status '+preflight : '') +
+ (response ? ', response status '+response : '') +
+ '.'
+ ).step(function() {
+ var client = new XMLHttpRequest()
+ client.open('GET', CROSSDOMAIN + 'resources/cors-makeheader.py?' + counter +
+ (allow ? '&headers=x-custom': '&origin=none') +
+ (response ? '&code='+response : '') +
+ (preflight ? '&preflight='+preflight : '')
+ )
+
+ if (preflight)
+ client.setRequestHeader('X-Custom', 'preflight')
+
+ client.onload = this.step_func(function() {
+ if (!status)
+ assert_unreached("load event")
+
+ /* Allow spurious error events to fire */
+ this.step_timeout(() => {
+ assert_equals(client.status, status, "status")
+ this.done()
+ }, 10)
+ })
+
+ client.onerror = this.step_func(function() {
+ if (status)
+ assert_unreached("error event")
+
+ assert_equals(client.readyState, client.DONE, 'readyState')
+ assert_equals(client.status, 0, 'status')
+ this.done()
+ })
+
+ client.send()
+
+ })
+ }
+
+ /* allow pref resp status */
+ testit(false, null, 400, 0)
+ testit(false, 200, null, 0)
+ testit(true, null, 400, 400)
+ testit(true, 200, 400, 400)
+ testit(true, 400, null, 0)
+
+</script>
+
+<pre>
+ allowed preflight response | status |
+ ------- --------- -------- | ------ |
+ 1 no x 400 | 0 |
+ 2 no 200 x | 0 |
+ 3 yes x 400 | 400 |
+ 4 yes 200 400 | 400 |
+ 5 yes 400 x | 0 |
+</pre>
+
+<div id=log></div>
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorssupportjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/support.js (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/support.js         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/support.js        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+// For ignoring exception names (just for testing)
+/*
+_real_assert_throws = assert_throws;
+function assert_throws(d, func, desc) {
+ try {
+ func();
+ } catch(e) {
+ return true;
+ }
+ assert_unreached("Didn't throw!");
+}
+*/
+
+function dirname(path) {
+ return path.replace(/\/[^\/]*$/, '/')
+}
+
+/* This subdomain should point to this same location */
+var SUBDOMAIN = 'www1'
+var SUBDOMAIN2 = 'www2'
+var PORT = {{ports[http][1]}}
+//XXX HTTPS
+var PORTS = {{ports[https][0]}}
+
+/* Changes http://example.com/abc/def/cool.htm to http://www1.example.com/abc/def/ */
+var CROSSDOMAIN = dirname(location.href)
+ .replace('://', '://' + SUBDOMAIN + '.')
+var REMOTE_HOST = SUBDOMAIN + '.' + location.host
+var REMOTE_PROTOCOL = location.protocol
+var REMOTE_ORIGIN = REMOTE_PROTOCOL + '//' + REMOTE_HOST
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscorsw3cimportlog"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/w3c-import.log (0 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/w3c-import.log         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/w3c-import.log        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -0,0 +1,39 @@
</span><ins>+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the W3C CSS or WPT github:
+        https://github.com/w3c/csswg-test
+        https://github.com/w3c/web-platform-tests
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/cors/304.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/OWNERS
+/LayoutTests/imported/w3c/web-platform-tests/cors/README.md
+/LayoutTests/imported/w3c/web-platform-tests/cors/allow-headers.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/basic.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/credentials-flag.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/origin.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-cache.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/preflight-failure.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-origin.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight-2.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-preflight.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/redirect-userinfo.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/remote-origin.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/response-headers.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/simple-requests.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/status-async.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/status-preflight.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/status.htm
+/LayoutTests/imported/w3c/web-platform-tests/cors/support.js
</ins></span></pre></div>
<a id="trunkLayoutTeststestsoptionsjson"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/tests-options.json (213913 => 213914)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/tests-options.json        2017-03-14 17:21:17 UTC (rev 213913)
+++ trunk/LayoutTests/tests-options.json        2017-03-14 17:30:19 UTC (rev 213914)
</span><span class="lines">@@ -209,6 +209,9 @@
</span><span class="cx"> "imported/w3c/web-platform-tests/XMLHttpRequest/xmlhttprequest-timeout-worker-twice.html": [
</span><span class="cx"> "slow"
</span><span class="cx"> ],
</span><ins>+ "imported/w3c/web-platform-tests/cors/status-async.htm": [
+ "slow"
+ ],
</ins><span class="cx"> "imported/w3c/web-platform-tests/dom/nodes/Document-characterSet-normalization.html": [
</span><span class="cx"> "slow"
</span><span class="cx"> ],
</span></span></pre>
</div>
</div>
</body>
</html>