<!doctype html>
<html>
<head>
<title>XMLHttpRequest: send() - "Basic" authenticated requests with competing user name/password options</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
</head>
<body>
<div id="log"></div>
<script>
function request(user1, pass1, user2, pass2, name) {
test(function() {
const client = new XMLHttpRequest(),
userwin = user2 || user1,
passwin = pass2 || pass1;
let urlstart = "";
if (user1 || pass1) {
urlstart = "http://";
if (user1) {
urlstart += user1;
}
if (pass1) {
urlstart += ":" + pass1;
}
urlstart += "@" + location.host + location.pathname.replace(/\/[^\/]*$/, '/');
}
client.open("GET", urlstart + "resources/authentication.py", false, user2, pass2);
client.setRequestHeader("x-user", userwin);
client.send(null);
assert_equals(client.responseText, ((userwin||'') + "\n" + (passwin||'')), 'responseText should contain the right user and password');
}, "XMLHttpRequest user/pass options: " + name);
}
// Cannot have just a password
request(null, null, token(), null, "user in open()");
request(null, null, token(), token(), "user/pass in open()");
request(null, null, token(), token(), "another user/pass in open(); must override cached credentials from previous test");
request(null, token(), token(), null, "pass in URL, user in open()");
request(null, token(), token(), token(), "pass in URL, user/pass in open()");
request(token(), null, null, null, "user in URL");
request(token(), null, null, token(), "user in URL, pass in open()");
request(token(), token(), null, null, "user/pass in URL");
request(token(), null, token(), null, "user in URL and open()");
request(token(), null, token(), token(), "user in URL; user/pass in open()");
request(token(), token(), token(), null, "user/pass in URL; user in open()");
request(token(), token(), null, token(), "user/pass in URL; pass in open()");
request(token(), token(), token(), token(), "user/pass in URL and open()");
</script>
</body>
</html>