2 <script src="/js-test-resources/js-test.js"></script>
4 description("Testing the handling of CORS-enabled fetch in the presence of 'anonymous' redirects.");
6 // Explain the short form descriptions ('=>' representing the redirect.)
7 debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
10 var redirect_cors = "anonymous";
12 window.jsTestIsAsync = true;
13 if (window.testRunner)
14 testRunner.dumpAsText();
17 if (window.testRunner)
22 debug("FAIL: " + this.description);
27 debug("PASS: " + this.description);
31 { description: "Anonymous request: anonymous => no-CORS image resource.",
32 url: "http://localhost:8000/security/resources/abe.png",
33 // Redirect is allowed, but fails access check on the non-CORS resource.
36 { description: "Anonymous request: anonymous => anonymous-CORS image resource.",
37 url: "http://localhost:8000/security/resources/abe-allow-star.php",
38 // Redirect is allowed, and passes access check on the CORS resource.
41 { description: "Credentialled request: anonymous => credentialled image resource (same origin.)",
42 url: "http://localhost:8000/security/resources/abe-allow-credentials.php",
43 // Redirect is not allowed ('*' on the CORS redirect response), no access.
45 access: "use-credentials"},
46 { description: "Credentialled request: anonymous => credentialled image resource (cross origin.)",
47 url: "http://127.0.0.1:8000/security/resources/abe-allow-credentials.php",
48 // Redirect is not allowed ('*' on the CORS redirect response), no access.
50 access: "use-credentials"},
53 function runNextTest() {
58 var test = tests.shift();
59 var img = new Image();
60 img.onload = test.success ? pass : fail;
61 img.onerror = test.success ? fail : pass;
62 img.crossOrigin = test.access;
63 img.description = test.description;
64 var args = [ "mode=" + redirect_cors,
66 img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
67 document.body.appendChild(img);
69 window.onload = runNextTest;