content/base/test/test_bug466080.html
author Gregory Szorc <gps@mozilla.com>
Wed, 28 Jan 2015 13:37:00 -0800
branchMOBILE130_2012050817_RELBRANCH
changeset 120184 c9527b7c0b9a28a3f1209c9488fb16965ed051cd
parent 83917 c175352a397b8a537d2c21a325b48b1bca5fc657
child 96940 2ce6373e5e041c20f1433083cbfc0cc34470a4a5
permissions -rw-r--r--
Close old release branch MOBILE130_2012050817_RELBRANCH

<!DOCTYPE HTML>
<html>
<head>
  <title>Test bug 466080</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="onWindowLoad()">
<iframe id="frame1"
        src="https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs"
        onload="document.iframeWasLoaded = true">
 
 This iframe should load the resource via the src-attribute from
 a secure server which requires a client-cert. Doing this is
 supposed to work, but further below in the test we try to load
 the resource from the same url using a XHR, which should not work.
 
 TODO : What if we change 'src' from JS? Would/should it load?

</iframe>

<script class="testbody" type="text/javascript">

document.iframeWasLoaded = false;

var alltests = [

// load resource from a relative url - this should work
  { url:"bug466080.sjs",
    status_check:"==200",
    error:"XHR from relative URL"},

// TODO - load the resource from a relative url via https..?

// load a non-existing resource - should get "404 Not Found"
  { url:"bug466080-does-not.exist",
    status_check:"==404",
    error:"XHR loading non-existing resource"},

// load resource from cross-site non-secure server
  { url:"http://test1.example.com/tests/content/base/test/bug466080.sjs",
    status_check:"==200",
    error:"XHR from cross-site plaintext server"},

// load resource from cross-site secure server - should work since no credentials are needed
  { url:"https://test1.example.com/tests/content/base/test/bug466080.sjs",
    status_check:"==200",
    error:"XHR from cross-site secure server"},

// load resource from cross-site secure server - should work since the server just requests certs
  { url:"https://requestclientcert.example.com/tests/content/base/test/bug466080.sjs",
    status_check:"==200",
    error:"XHR from cross-site secure server requesting certificate"},

// load resource from cross-site secure server - should NOT work since the server requires cert
// note that this is the url which is used in the iframe.src above
  { url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
    status_check:"!=200",
    error:"XHR from cross-site secure server requiring certificate"},

// repeat previous,  - should NOT work
  { url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
    status_check:"==200",
    error:"XHR w/ credentials from cross-site secure server requiring certificate",
    withCredentials:"true"},
    
// repeat previous, but with credentials - should work
  { url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
    status_check:"==200",
    error:"XHR w/ credentials from cross-site secure server requiring certificate",
    withCredentials:"true"},

// repeat previous, withCredentials but using a weird method to force preflight
// should NOT work since our preflight is anonymous and will fail with our simple server
  { url:"https://requireclientcert.example.com/tests/content/base/test/bug466080.sjs",
    status_check:"!=200",
    error:"XHR PREFLIGHT from cross-site secure server requiring certificate",
    withCredentials:"true",
    method:"XMETHOD"},
    
];

function onWindowLoad() {
    // First, check that resource was loaded into the iframe
    // This check in fact depends on bug #444165... :)
    ok(document.iframeWasLoaded, "Loading resource via src-attribute");


    function runTest(test) {

        var xhr =  new XMLHttpRequest();

        var method = "GET";
        if (test.method != null) { method = test.method; }
        xhr.open(method, test.url);

        xhr.withCredentials = test.withCredentials;

        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
        xhr.setRequestHeader("Connection", "Keep-Alive", false);
        netscape.security.PrivilegeManager.disablePrivilege("UniversalXPConnect");

        try {
            xhr.send();
        } catch(e) {
        }

        xhr.onloadend = function() {
            var success = eval(xhr.status + test.status_check);
            ok(success, test.error);

            if (alltests.length == 0) {
                SimpleTest.finish();
            } else {
                runTest(alltests.shift());
            }
        };
    }

    runTest(alltests.shift());
}

SimpleTest.waitForExplicitFinish();

</script>
</body>
</html>