// OPTIONS: ,-other-https,-base-https-other-https
if (self.importScripts) {
importScripts('../resources/fetch-test-helpers.js');
}
// Spec: https://fetch.spec.whatwg.org/#concept-filtered-response
var {OTHER_ORIGIN} = get_fetch_test_options();
var base_url = '../resources/filtered-response.php';
var other_url = OTHER_ORIGIN + '/fetch/resources/filtered-response.php';
function check_headers(headers,
headers_must_exist,
headers_must_not_exist,
allow_other_headers) {
headers_must_exist.forEach(function(header) {
assert_equals(headers.get(header[0]), header[1],
header[0] + ' header must exist and match');
});
headers_must_not_exist.forEach(function(header) {
assert_equals(headers.get(header), null,
header + ' header must not exist');
});
if (!allow_other_headers) {
assert_equals(size(headers), headers_must_exist.length,
'Number of headers should be ' +
headers_must_exist.length);
}
}
// Headers not filtered in basic/CORS filtered response
var headers_common = [
['cAche-cOntrol', 'private, no-store, no-cache, must-revalidate'],
['cOntent-lAnguage', 'test-content-language'],
['cOntent-lEngth', '8'], // size of response body "Success."
['cOntent-tYpe', 'test-content-type'],
['eXpires', 'test-expires'],
['lAst-mOdified', 'test-last-modified'],
['pRagma', 'test-pragma']
];
var headers_basic = headers_common.concat([
['x-tEst', 'test-x-test'],
['x-tEst2', 'test-x-test2'],
['Access-Control-Allow-Origin', '*']
]);
// Headers to be filtered out in basic filtered response
var headers_cookies = ['sEt-cOokie', 'sEt-cOokie2'];
// basic filtered response
['same-origin', 'cors'].forEach(function(mode) {
promise_test(function(t) {
return fetch(base_url, {mode: mode})
.then(function(response) {
assert_equals(response.type, 'basic');
check_headers(response.headers, headers_basic, headers_cookies,
true);
});
}, 'Basic filtered response with mode=' + mode);
});
// CORS filtered response
promise_test(function() {
return fetch(other_url, {mode: 'cors'})
.then(function(response) {
check_headers(response.headers, headers_common, [], false);
});
}, 'CORS filtered response');
promise_test(function() {
// Access-Control-Expose-Headers with a single header name
return fetch(other_url + '?ACEHeaders=x-teSt', {mode: 'cors'})
.then(function(response) {
assert_equals(response.type, 'cors');
check_headers(response.headers,
headers_common.concat([['x-tEst', 'test-x-test']]),
[],
false);
// Access-Control-Expose-Headers with multiple header names
return fetch(other_url + '?ACEHeaders=x-teSt,x-teSt2',
{mode: 'cors'});
})
.then(function(response) {
assert_equals(response.type, 'cors');
check_headers(response.headers,
headers_common.concat([['x-tEst', 'test-x-test'],
['x-tEst2', 'test-x-test2']]),
[],
false);
// Access-Control-Expose-Headers with an invalid header name
return fetch(other_url + '?ACEHeaders=x-teSt x-teSt2',
{mode: 'cors'});
})
.then(function(response) {
assert_equals(response.type, 'cors');
check_headers(response.headers, headers_common, [], false);
// Access-Control-Expose-Headers=Set-Cookie
return fetch(other_url + '?ACEHeaders=sEt-cOokie', {mode: 'cors'});
})
.then(function(response) {
// Set-Cookie header is omitted because Headers guard is response
assert_equals(response.type, 'cors');
check_headers(response.headers, headers_common, [], false);
// Access-Control-Expose-Headers=Access-Control-Expose-Headers
return fetch(other_url + '?ACEHeaders=acCess-coNtrol-exPose-heAders',
{mode: 'cors'});
})
.then(function(response) {
assert_equals(response.type, 'cors');
check_headers(response.headers,
headers_common.concat(
[['aCcess-cOntrol-eXpose-hEaders',
'acCess-coNtrol-exPose-heAders']]),
[],
false);
});
}, 'CORS filtered response with Access-Control-Expose-Headers');
// Opaque filtered response is tested in thorough tests.
done();
Codebase Browser
chromium