<!DOCTYPE html>
<html>
<head>
-<script src="../../js-test-resources/js-test.js"></script>
+ <script src="/js-test-resources/js-test.js"></script>
+ <script src="/xmlhttprequest/resources/origin-exact-matching-test.js"></script>
</head>
<body>
<script type="text/javascript">
-description("Check that exact matching is used when comparing a request's originating url and the value provided by Access-Control-Allow-Origin.");
-
-var baseUrl = "http://127.0.0.1:8000/xmlhttprequest/resources/access-control-allow-lists.php";
-
-function generateURL(origin)
-{
- if (Array.isArray(origin))
- return baseUrl + "?origins=" + origin.map(encodeURIComponent).join(",");
- else
- return baseUrl + "?origin=" + encodeURIComponent(origin);
-}
-
-function shouldPass(origin) {
- debug("Should allow origin: '" + origin + "'");
- xhr = new XMLHttpRequest();
- xhr.open('GET', generateURL(origin), false);
- shouldBeUndefined("xhr.send(null)");
-}
-
-function shouldFail(origin) {
- debug("Should disallow origin: '" + origin + "'");
- xhr = new XMLHttpRequest();
- xhr.open('GET', generateURL(origin), false);
- shouldThrow("xhr.send(null)");
-}
-
-var thisOrigin = location.protocol + "//" + location.host;
-
-shouldPass("*");
-shouldPass(" * ");
-shouldPass(" *");
-shouldPass(thisOrigin);
-shouldPass(" " + thisOrigin);
-shouldPass(" " + thisOrigin + " ");
-shouldPass(" " + thisOrigin);
-shouldFail(location.protocol + "//www2." + location.host);
-shouldFail("//" + location.host);
-shouldFail("://" + location.host);
-shouldFail("ftp://" + location.host);
-shouldFail("http:://" + location.host);
-shouldFail("http:/" + location.host);
-shouldFail("http:" + location.host);
-shouldFail(location.host);
-shouldFail(thisOrigin + "?");
-shouldFail(thisOrigin + "/");
-shouldFail(thisOrigin + " /");
-shouldFail(thisOrigin + "#");
-shouldFail(thisOrigin + "%23");
-shouldFail(thisOrigin + ":80");
-shouldFail(thisOrigin + ", *");
-//shouldFail(thisOrigin + "\0"); // Doesn't fail on Linux. See http://wkbug.com/88688 and http://wkbug.com/88139
-shouldFail(thisOrigin.toUpperCase());
-shouldFail(location.protocol.toUpperCase() + "//" + location.host);
-shouldFail("-");
-shouldFail("**");
-shouldFail("\0*");
-//shouldFail("*\0"); // Doesn't fail on Linux. http://wkbug.com/88688 and http://wkbug.com/88139
-shouldFail("'*'");
-shouldFail('"*"');
-shouldFail("* *");
-shouldFail("*" + location.protocol + "//" + "*");
-shouldFail("*" + thisOrigin);
-shouldFail("* " + thisOrigin);
-shouldFail("*, " + thisOrigin);
-shouldFail("\0" + thisOrigin);
-shouldFail("null " + thisOrigin);
-shouldFail("http://example.net");
-shouldFail("http://example.net " + thisOrigin);
-shouldFail("http://example.net, " + thisOrigin);
-shouldFail(["http://example.net", thisOrigin]);
-shouldFail([thisOrigin, thisOrigin]);
-shouldFail("null");
-shouldFail("");
-shouldFail(location.href);
-shouldFail(location.href.replace(/\/[^\/]*$/, "/"));
-shouldFail(location.href.replace(location.hostname, "localhost"));
-
+ switch (parseInt(window.location.search.match(/(\d\d)/)[1], 10)) {
+ case 0:
+ shouldPass("*");
+ break;
+ case 1:
+ shouldPass(" * ");
+ break;
+ case 2:
+ shouldPass(" *");
+ break;
+ case 3:
+ shouldPass(thisOrigin);
+ break;
+ case 4:
+ shouldPass(" " + thisOrigin);
+ break;
+ case 5:
+ shouldPass(" " + thisOrigin + " ");
+ break;
+ case 6:
+ shouldPass(" " + thisOrigin);
+ break;
+ case 7:
+ shouldFail(location.protocol + "//www2." + location.host);
+ break;
+ case 8:
+ shouldFail("//" + location.host);
+ break;
+ case 9:
+ shouldFail("://" + location.host);
+ break;
+ case 10:
+ shouldFail("ftp://" + location.host);
+ break;
+ case 11:
+ shouldFail("http:://" + location.host);
+ break;
+ case 12:
+ shouldFail("http:/" + location.host);
+ break;
+ case 13:
+ shouldFail("http:" + location.host);
+ break;
+ case 14:
+ shouldFail(location.host);
+ break;
+ case 15:
+ shouldFail(thisOrigin + "?");
+ break;
+ case 16:
+ shouldFail(thisOrigin + "/");
+ break;
+ case 17:
+ shouldFail(thisOrigin + " /");
+ break;
+ case 18:
+ shouldFail(thisOrigin + "#");
+ break;
+ case 19:
+ shouldFail(thisOrigin + "%23");
+ break;
+ case 20:
+ shouldFail(thisOrigin + ":80");
+ break;
+ case 21:
+ shouldFail(thisOrigin + ", *");
+ break;
+ case 22:
+ shouldFail(thisOrigin + "\0");
+ break;
+ case 23:
+ shouldFail(thisOrigin.toUpperCase());
+ break;
+ case 24:
+ shouldFail(location.protocol.toUpperCase() + "//" + location.host);
+ break;
+ case 25:
+ shouldFail("-");
+ break;
+ case 26:
+ shouldFail("**");
+ break;
+ case 27:
+ shouldFail("\0*");
+ break;
+ case 28:
+ shouldFail("*\0");
+ break;
+ case 29:
+ shouldFail("'*'");
+ break;
+ case 30:
+ shouldFail('"*"');
+ break;
+ case 31:
+ shouldFail("* *");
+ break;
+ case 32:
+ shouldFail("*" + location.protocol + "//" + "*");
+ break;
+ case 33:
+ shouldFail("*" + thisOrigin);
+ break;
+ case 34:
+ shouldFail("* " + thisOrigin);
+ break;
+ case 35:
+ shouldFail("*, " + thisOrigin);
+ break;
+ case 36:
+ shouldFail("\0" + thisOrigin);
+ break;
+ case 37:
+ shouldFail("null " + thisOrigin);
+ break;
+ case 38:
+ shouldFail("http://example.net");
+ break;
+ case 39:
+ shouldFail("http://example.net " + thisOrigin);
+ break;
+ case 40:
+ shouldFail("http://example.net, " + thisOrigin);
+ break;
+ case 41:
+ shouldFail(["http://example.net", thisOrigin]);
+ break;
+ case 42:
+ shouldFail([thisOrigin, thisOrigin]);
+ break;
+ case 43:
+ shouldFail("null");
+ break;
+ case 44:
+ shouldFail("");
+ break;
+ case 45:
+ shouldFail(location.href);
+ break;
+ case 46:
+ shouldFail(location.href.replace(/\/[^\/]*$/, "/"));
+ break;
+ case 47:
+ shouldFail(location.href.replace(location.hostname, "localhost"));
+ break;
+ }
</script>
</body>
</html>