Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Do not merge XHR preflight and response headers
Fixes #2592.
- Loading branch information
1 parent
9f6b190
commit 7cd5329
Showing
4 changed files
with
53 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
...latform-tests/to-upstream/xhr/access-control-preflight-request-header-returns-origin.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"> | ||
<title>Access-Control-Request-Origin accept different origin between preflight and actual request</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/get-host-info.sub.js"></script> | ||
<script> | ||
"use strict"; | ||
|
||
async_test(t => { | ||
const xhr = new XMLHttpRequest(); | ||
|
||
xhr.open("GET", corsURL("resources/access-control-preflight-request-header-returns-origin.py")); | ||
|
||
xhr.setRequestHeader("X-Test", "foobar"); | ||
|
||
xhr.onerror = t.unreached_func("Error occurred."); | ||
|
||
xhr.onload = t.step_func_done(() => { | ||
assert_equals(xhr.status, 200); | ||
assert_equals(xhr.responseText, "PASS"); | ||
}); | ||
|
||
xhr.send(); | ||
}); | ||
|
||
function corsURL(path) { | ||
const url = new URL(path, location.href); | ||
url.hostname = "www1." + url.hostname; | ||
return url.href; | ||
} | ||
</script> |
12 changes: 12 additions & 0 deletions
12
...tests/to-upstream/xhr/resources/access-control-preflight-request-header-returns-origin.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
def main(request, response): | ||
if request.method == "OPTIONS": | ||
response.headers.set("Access-Control-Allow-Origin", request.headers.get('origin')) | ||
response.headers.set("Access-Control-Allow-Headers", "X-Test") | ||
response.status = 200 | ||
elif request.method == "GET": | ||
response.headers.set("Access-Control-Allow-Origin", "*") | ||
if request.headers.get("X-Test"): | ||
response.headers.set("Content-Type", "text/plain") | ||
response.content = "PASS" | ||
else: | ||
response.status = 400 |