2 <script src="/js-test-resources/js-test.js"></script>
4 description("Testing the handling of CORS-enabled fetch in the presence of 'credentialled' redirects.");
6 // Explain the short form descriptions ('=>' representing the redirect.)
7 debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
10 var redirect_cors = "use-credentials";
12 window.jsTestIsAsync = true;
13 if (window.testRunner)
14 testRunner.dumpAsText();
17 if (window.testRunner)
22 debug("FAIL: " + this.description);
27 debug("PASS: " + this.description);
32 { description: "Anonymous request: credentialled => no-CORS image resource.",
33 url: "http://localhost:8000/security/resources/abe.png",
34 // Redirect is allowed, but fails access check on the non-CORS resource.
37 { description: "Anonymous request: credentialled => anonymous CORS image resource (same origin.)",
38 url: "http://localhost:8000/security/resources/abe-allow-star.php",
39 // Redirect is allowed, as is access to the anonymous CORS resource.
42 { description: "Anonymous request: credentialled => anonymous CORS image resource (cross origin.)",
43 url: "http://localhost:8080/security/resources/abe-allow-star.php",
44 // Redirect is allowed, as is access (with origin 'null') to the CORS resource.
47 { description: "Credentialled request: credentialled => credentialled-CORS image resource (same origin.)",
48 url: "http://localhost:8000/security/resources/abe-allow-credentials.php",
49 // Redirect is allowed, as is access (with original origin) to the CORS resource.
51 access: "use-credentials"},
52 { description: "Credentialled request: credentialled => credentialled-CORS image resource (cross origin.)",
53 url: "http://127.0.0.1:8080/security/resources/abe-allow-credentials.php",
54 // Redirect is allowed, source origin mutates to 'null', so credentialled resource not accessible.
56 access: "use-credentials"},
57 { description: "Credentialled request: credentialled => anonymous-CORS image resource (same origin.)",
58 url: "http://localhost:8000/security/resources/abe-allow-star.php",
59 // Redirect is allowed, but anonymous resource with * as allowed origins is not accessible.
61 access: "use-credentials"},
62 { description: "Credentialled request: credentialled => anonymous-CORS image resource (cross origin.)",
63 url: "http://127.0.0.1:8000/security/resources/abe-allow-star.php",
64 // Redirect is allowed, source origin mutates to 'null', so anonymous resource with * as allowed origins is not accessible.
66 access: "use-credentials"},
69 function runNextTest() {
74 var test = tests.shift();
75 var img = new Image();
76 img.onload = test.success ? pass : fail;
77 img.onerror = test.success ? fail : pass;
78 img.crossOrigin = test.access;
79 img.description = test.description;
80 var args = [ "mode=" + redirect_cors,
82 img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
83 document.body.appendChild(img);
85 window.onload = runNextTest;