diff options
Diffstat (limited to 'dom/base/test/test_bug466080.html')
-rw-r--r-- | dom/base/test/test_bug466080.html | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/dom/base/test/test_bug466080.html b/dom/base/test/test_bug466080.html new file mode 100644 index 0000000000..b889e899ff --- /dev/null +++ b/dom/base/test/test_bug466080.html @@ -0,0 +1,125 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Test bug 466080</title> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body onload="onWindowLoad()"> +<iframe id="frame1" + src="https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs" + onload="document.iframeWasLoaded = true"> + + This iframe should load the resource via the src-attribute from + a secure server which requires a client-cert. Doing this is + supposed to work, but further below in the test we try to load + the resource from the same url using a XHR, which should not work. + + TODO : What if we change 'src' from JS? Would/should it load? + +</iframe> + +<script class="testbody" type="text/javascript"> + +document.iframeWasLoaded = false; + +var alltests = [ + +// load resource from a relative url - this should work + { url:"bug466080.sjs", + status_check:"==200", + error:"XHR from relative URL"}, + +// TODO - load the resource from a relative url via https..? + +// load a non-existing resource - should get "404 Not Found" + { url:"bug466080-does-not.exist", + status_check:"==404", + error:"XHR loading non-existing resource"}, + +// load resource from cross-site non-secure server + { url:"http://test1.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR from cross-site plaintext server"}, + +// load resource from cross-site secure server - should work since no credentials are needed + { url:"https://test1.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR from cross-site secure server"}, + +// load resource from cross-site secure server - should work since the server just requests certs + { url:"https://requestclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR from cross-site secure server requesting certificate"}, + +// load resource from cross-site secure server - should NOT work since the server requires cert +// note that this is the url which is used in the iframe.src above + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"!=200", + error:"XHR from cross-site secure server requiring certificate"}, + +// repeat previous, - should NOT work + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR w/ credentials from cross-site secure server requiring certificate", + withCredentials:"true"}, + +// repeat previous, but with credentials - should work + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"==200", + error:"XHR w/ credentials from cross-site secure server requiring certificate", + withCredentials:"true"}, + +// repeat previous, withCredentials but using a weird method to force preflight +// should NOT work since our preflight is anonymous and will fail with our simple server + { url:"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs", + status_check:"!=200", + error:"XHR PREFLIGHT from cross-site secure server requiring certificate", + withCredentials:"true", + method:"XMETHOD"}, + +]; + +function onWindowLoad() { + // First, check that resource was loaded into the iframe + // This check in fact depends on bug #444165... :) + ok(document.iframeWasLoaded, "Loading resource via src-attribute"); + + + function runTest(test) { + + var xhr = new XMLHttpRequest(); + + var method = "GET"; + if (test.method != null) { method = test.method; } + xhr.open(method, test.url); + + xhr.withCredentials = test.withCredentials; + + SpecialPowers.wrap(xhr).setRequestHeader("Connection", "Keep-Alive", false); + + try { + xhr.send(); + } catch(e) { + } + + xhr.onloadend = function() { + var success = eval(xhr.status + test.status_check); + ok(success, test.error); + + if (alltests.length == 0) { + SimpleTest.finish(); + } else { + runTest(alltests.shift()); + } + }; + } + + runTest(alltests.shift()); +} + +SimpleTest.waitForExplicitFinish(); + +</script> +</body> +</html> |