chromium/third_party/blink/web_tests/external/wpt/cors/redirect-origin.htm

<!DOCTYPE html>
<meta charset=utf-8>
<title>CORS - redirect</title>
<meta name=author title="Odin Hørthe Omdal" href="mailto:[email protected]">

<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=support.js?pipe=sub></script>

<h1>CORS redirect handling</h1>

<div id=log></div>

<script>

    // Test count for cache busting and easy identifying of request in traffic analyzer
    var num_test = 0,

        origin         = location.protocol + "//" + location.host,
        remote_origin  = origin.replace('://', '://' + SUBDOMAIN + '.'),

        local   = dirname(location.href) + 'resources/cors-makeheader.py',
        remote  = local.replace('://', '://' + SUBDOMAIN + '.'),
        remote2 = local.replace('://', '://' + SUBDOMAIN2 + '.');


    /*           First page           Redirect to          Expect what  */

    // local -> remote

    redir_test([ 'local',  '*'    ], [ 'remote', '*'    ], origin    );
    redir_test([ 'local',  '*'    ], [ 'remote', origin ], origin    );
    redir_test([ 'local',  '*'    ], [ 'remote', 'null' ], 'disallow');
    redir_test([ 'local',  '*'    ], [ 'remote', 'none' ], 'disallow');

    redir_test([ 'local',  origin ], [ 'remote', '*'    ], origin    );
    redir_test([ 'local',  origin ], [ 'remote', origin ], origin    );
    redir_test([ 'local',  origin ], [ 'remote', 'null' ], 'disallow');
    redir_test([ 'local',  origin ], [ 'remote', 'none' ], 'disallow');

    redir_test([ 'local',  'null' ], [ 'remote', '*'    ], origin    );
    redir_test([ 'local',  'none' ], [ 'remote', '*'    ], origin    );


    // remote -> local

    redir_test([ 'remote',  '*'    ], [ 'local', '*'    ], 'null'    );
    redir_test([ 'remote',  '*'    ], [ 'local', origin ], 'disallow');
    redir_test([ 'remote',  '*'    ], [ 'local', 'null' ], 'null'    );
    redir_test([ 'remote',  '*'    ], [ 'local', 'none' ], 'disallow');

    redir_test([ 'remote',  origin ], [ 'local', '*'    ], 'null'    );
    redir_test([ 'remote',  origin ], [ 'local', origin ], 'disallow');
    redir_test([ 'remote',  origin ], [ 'local', 'null' ], 'null'    );
    redir_test([ 'remote',  origin ], [ 'local', 'none' ], 'disallow');

    redir_test([ 'remote',  'null' ], [ 'local', '*'    ], 'disallow');
    redir_test([ 'remote',  'none' ], [ 'local', '*'    ], 'disallow');


    // remote -> remote

    redir_test([ 'remote',  '*'    ], [ 'remote', '*'    ], origin    );
    redir_test([ 'remote',  '*'    ], [ 'remote', origin ], origin    );
    redir_test([ 'remote',  '*'    ], [ 'remote', 'null' ], 'disallow');
    redir_test([ 'remote',  '*'    ], [ 'remote', 'none' ], 'disallow');

    redir_test([ 'remote',  origin ], [ 'remote', '*'    ], origin    );
    redir_test([ 'remote',  origin ], [ 'remote', origin ], origin    );
    redir_test([ 'remote',  origin ], [ 'remote', 'null' ], 'disallow');
    redir_test([ 'remote',  origin ], [ 'remote', 'none' ], 'disallow');

    redir_test([ 'remote',  'null' ], [ 'remote', '*'    ], 'disallow');
    redir_test([ 'remote',  'none' ], [ 'remote', '*'    ], 'disallow');


    // remote -> remote2

    redir_test([ 'remote',  '*'    ], [ 'remote2', '*'    ], 'null'    );
    redir_test([ 'remote',  '*'    ], [ 'remote2', origin ], 'disallow');
    redir_test([ 'remote',  '*'    ], [ 'remote2', 'null' ], 'null'    );
    redir_test([ 'remote',  '*'    ], [ 'remote2', 'none' ], 'disallow');

    redir_test([ 'remote',  origin ], [ 'remote2', '*'    ], 'null'    );
    redir_test([ 'remote',  origin ], [ 'remote2', origin ], 'disallow');
    redir_test([ 'remote',  origin ], [ 'remote2', 'null' ], 'null');
    redir_test([ 'remote',  origin ], [ 'remote2', 'none' ], 'disallow');

    redir_test([ 'remote',  'null' ], [ 'remote2', '*'    ], 'disallow');
    redir_test([ 'remote',  'none' ], [ 'remote2', '*'    ], 'disallow');


    // Bonus weird edge checks

    redir_test([ 'remote', '*'           ], [ 'remote',  remote_origin ], 'disallow');
    redir_test([ 'remote', '*'           ], [ 'remote2', remote_origin ], 'disallow');
    redir_test([ 'remote', remote_origin ], [ 'remote',  "*"           ], 'disallow');



    /*
     * The helpers
     */

    function redir_test(first, second, expect_origin) {
        var first_url, second_url,
            urls = { "remote": remote, "local": local, "remote2": remote2 };

        first_url = urls[first[0]] + "?origin=" + first[1];
        second_url = urls[second[0]] + "?origin=" + second[1];

        if (expect_origin=="disallow") {
            shouldFail(first[0]+" ("+first[1]+") to "
                + second[0]+" ("+second[1]+"), expect to fail", [ first_url, second_url ]);
        }
        else {
            shouldPass(first[0]+" ("+first[1]+") to "
                + second[0]+" ("+second[1]+"), expect origin="+expect_origin, expect_origin, [ first_url, second_url ]);
        }

    }

    function shouldPass(desc, expected_origin, urls) {
        var test_id = num_test,
            t = async_test(desc);

        num_test++;

        t.step(function() {
            var final_url,
                client = new XMLHttpRequest();

            client.open('GET', buildURL(urls, test_id));

            client.onreadystatechange = t.step_func(function() {
                if (client.readyState != client.DONE)
                    return;
                assert_true(!!client.response, "Got response");
                r = JSON.parse(client.response)
                assert_equals(r['origin'], expected_origin, 'Origin Header')
                assert_equals(r['get_value'], 'last', 'get_value')
                t.done();
            });
            client.send(null)
        });
    }

    function shouldFail(desc, urls) {
        var test_id = num_test,
            t = async_test(desc);

        num_test++;

        t.step(function() {
            var client = new XMLHttpRequest();

            client.open('GET', buildURL(urls, test_id));

            client.onreadystatechange = t.step_func(function() {
                if (client.readyState != client.DONE)
                    return;
                assert_false(!!client.response, "Got response");
            });
            client.onerror = t.step_func(function(e) {
                t.done();
            });

            client.send(null)
        });
    }


    function buildURL(urls, id) {
        var tmp_url;

        if (typeof(urls) == "string") {
            return urls + "&" + id + "_0";
        }

        for (var i = urls.length; i--; ) {
            if (!tmp_url)
            {
                tmp_url = urls[i] + "&get_value=last&" + id + "_" + i;
                continue;
            }
            tmp_url = urls[i]
                        + "&location="
                        + encodeURIComponent(tmp_url)
                        + "&" + id + "_" + i;
        }

        return tmp_url;
    }

</script>