--- a/content/base/test/file_CrossSiteXHR_inner.html
+++ b/content/base/test/file_CrossSiteXHR_inner.html
@@ -11,17 +11,22 @@
window.addEventListener("message", function(e) {
sendData = null;
req = eval(e.data);
var res = {
didFail: false,
events: [],
- progressEvents: 0
+ progressEvents: 0,
+ status: 0,
+ responseText: "",
+ statusText: "",
+ responseXML: null,
+ sendThrew: false
};
var xhr = new XMLHttpRequest();
for each(type in ["load", "abort", "error", "loadstart"]) {
xhr.addEventListener(type, function(e) {
res.events.push(e.type);
}, false);
}
@@ -46,16 +51,17 @@ window.addEventListener("message", funct
xhr.onload = xhr.onerror = function (event) {
if (event.type == "error") {
res.didFail = true;
}
res.status = xhr.status;
try {
res.statusText = xhr.statusText;
} catch (e) {
+ delete(res.statusText);
}
res.responseXML = xhr.responseXML ?
(new XMLSerializer()).serializeToString(xhr.responseXML) :
null;
res.responseText = xhr.responseText;
res.responseHeaders = {};
for (responseHeader in req.responseHeaders) {
@@ -67,24 +73,38 @@ window.addEventListener("message", funct
}
if (req.withCred)
xhr.withCredentials = true;
if (req.body)
sendData = req.body;
res.events.push("opening");
- xhr.open(req.method, req.url, true);
+ // Allow passign in falsy usernames/passwords so we can test them
+ try {
+ xhr.open(req.method, req.url, true,
+ ("username" in req) ? req.username : "",
+ ("password" in req) ? req.password : "aa");
+ } catch (ex) {
+ res.didFail = true;
+ post(e, res);
+ }
for (header in req.headers) {
xhr.setRequestHeader(header, req.headers[header]);
}
res.events.push("sending");
- xhr.send(sendData);
+ try {
+ xhr.send(sendData);
+ } catch (ex) {
+ res.didFail = true;
+ res.sendThrew = true;
+ post(e, res);
+ }
}, false);
function post(e, res) {
e.source.postMessage(res.toSource(), "http://mochi.test:8888");
}
</script>
--- a/content/base/test/test_CrossSiteXHR.html
+++ b/content/base/test/test_CrossSiteXHR.html
@@ -44,16 +44,47 @@ function runTest() {
yield;
tests = [// Plain request
{ pass: 1,
method: "GET",
noAllowPreflight: 1,
},
+ // undefined username
+ { pass: 1,
+ method: "GET",
+ noAllowPreflight: 1,
+ username: undefined
+ },
+
+ // undefined username and password
+ { pass: 1,
+ method: "GET",
+ noAllowPreflight: 1,
+ username: undefined,
+ password: undefined
+ },
+
+ // nonempty username
+ { pass: 0,
+ method: "GET",
+ noAllowPreflight: 1,
+ username: "user",
+ },
+
+ // nonempty password
+ // XXXbz this passes for now, because we ignore passwords
+ // without usernames in most cases.
+ { pass: 1,
+ method: "GET",
+ noAllowPreflight: 1,
+ password: "password",
+ },
+
// Default allowed headers
{ pass: 1,
method: "GET",
headers: { "Content-Type": "text/plain",
"Accept": "foo/bar",
"Accept-Language": "sv-SE" },
noAllowPreflight: 1,
},
@@ -552,16 +583,24 @@ function runTest() {
responseHeaders: test.responseHeaders,
};
if (test.pass) {
req.url += "&origin=" + escape(origin) +
"&requestMethod=" + test.method;
}
+ if ("username" in test) {
+ req.username = test.username;
+ }
+
+ if ("password" in test) {
+ req.password = test.password;
+ }
+
if (test.noAllowPreflight)
req.url += "&noAllowPreflight";
if (test.pass && "headers" in test) {
function isUnsafeHeader(name) {
lName = name.toLowerCase();
return lName != "accept" &&
lName != "accept-language" &&
@@ -643,24 +682,26 @@ function runTest() {
}
}
}
}
else {
is(res.didFail, true,
"should have failed in test for " + test.toSource());
is(res.status, 0, "wrong status in test for " + test.toSource());
- is(res.statusText, "", "wrong status in test for " + test.toSource());
+ is(res.statusText, "", "wrong status text for " + test.toSource());
is(res.responseXML, null,
"wrong responseXML in test for " + test.toSource());
is(res.responseText, "",
"wrong responseText in test for " + test.toSource());
- is(res.events.join(","),
- "opening,rs1,sending,rs1,loadstart,rs2,rs4,error",
- "wrong events in test for " + test.toSource());
+ if (!res.sendThrew) {
+ is(res.events.join(","),
+ "opening,rs1,sending,rs1,loadstart,rs2,rs4,error",
+ "wrong events in test for " + test.toSource());
+ }
is(res.progressEvents, 0,
"wrong events in test for " + test.toSource());
if (test.responseHeaders) {
for (header in test.responseHeaders) {
is(res.responseHeaders[header], null,
"wrong response header (" + header + ") in test for " +
test.toSource());
}
@@ -783,17 +824,17 @@ function runTest() {
is(res.events.join(","),
"opening,rs1,sending,rs1,loadstart,rs2,rs3,rs4,load",
"wrong responseText in test for " + test.toSource());
}
else {
is(res.didFail, true,
"should have failed in test for " + test.toSource());
is(res.status, 0, "wrong status in test for " + test.toSource());
- is(res.statusText, "", "wrong status in test for " + test.toSource());
+ is(res.statusText, "", "wrong status text for " + test.toSource());
is(res.responseXML, null,
"wrong responseXML in test for " + test.toSource());
is(res.responseText, "",
"wrong responseText in test for " + test.toSource());
is(res.events.join(","),
"opening,rs1,sending,rs1,loadstart,rs2,rs4,error",
"wrong events in test for " + test.toSource());
is(res.progressEvents, 0,
@@ -1052,17 +1093,17 @@ function runTest() {
is(res.events.join(","),
"opening,rs1,sending,rs1,loadstart,rs2,rs3,rs4,load",
"wrong responseText in test for " + test.toSource());
}
else {
is(res.didFail, true,
"should have failed in test for " + test.toSource());
is(res.status, 0, "wrong status in test for " + test.toSource());
- is(res.statusText, "", "wrong status in test for " + test.toSource());
+ is(res.statusText, "", "wrong status text for " + test.toSource());
is(res.responseXML, null,
"wrong responseXML in test for " + test.toSource());
is(res.responseText, "",
"wrong responseText in test for " + test.toSource());
is(res.events.join(","),
"opening,rs1,sending,rs1,loadstart,rs2,rs4,error",
"wrong events in test for " + test.toSource());
is(res.progressEvents, 0,