1 if (window.description)
2 description("Check that exact matching is used when comparing a request's originating url and the value provided by Access-Control-Allow-Origin.");
4 var baseUrl = "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-allow-lists.php";
6 function generateURL(origin)
8 if (Array.isArray(origin))
9 return baseUrl + "?origins=" + origin.map(encodeURIComponent).join(",");
11 return baseUrl + "?origin=" + encodeURIComponent(origin);
14 function shouldPass(origin) {
15 debug("Should allow origin: '" + origin + "'");
16 xhr = new XMLHttpRequest();
17 xhr.open('GET', generateURL(origin), false);
18 shouldBeUndefined("xhr.send(null)");
21 function shouldFail(origin) {
22 debug("Should disallow origin: '" + origin + "'");
23 xhr = new XMLHttpRequest();
24 xhr.open('GET', generateURL(origin), false);
25 shouldThrow("xhr.send(null)");
28 var thisOrigin = location.protocol + "//" + location.host;
30 function injectIframeTest() {
31 if (window.testRunner)
32 testRunner.dumpChildFramesAsText();
33 var which = window.location.href.match(/(\d\d).html/)[1];
34 var frame = document.createElement('iframe');
35 frame.src = "http://localhost:8000/xmlhttprequest/resources/origin-exact-matching-iframe.html?" + which;
36 document.body.appendChild(frame);