xhr-authorization-redirect.any.js

mozilla-central/testing/web-platform/tests/xhr/xhr-authorization-redirect.any.js (file symbol)

Enable keyboard shortcuts

Source code

File a bug in Core :: DOM: Networking

Revision control

Copy as Markdown

Other Tools

Test Info:

This WPT test may be referenced by the following Test IDs:
- /xhr/xhr-authorization-redirect.any.html - WPT Dashboard Interop Dashboard
- /xhr/xhr-authorization-redirect.any.sharedworker.html - WPT Dashboard Interop Dashboard
- /xhr/xhr-authorization-redirect.any.worker.html - WPT Dashboard Interop Dashboard

// META: global=window,sharedworker,dedicatedworker

// META: script=/common/get-host-info.sub.js

const authorizationValue = "Basic " + btoa("user:pass");

function getAuthorizationHeaderValue(url)

  var client = new XMLHttpRequest();

  client.open("GET", url, false);

  client.setRequestHeader("Authorization", authorizationValue);

  const promise = new Promise(resolve => client.onloadend = () => resolve(client.responseText));

  client.send();

  return promise;

promise_test(async test => {

  const result = await getAuthorizationHeaderValue("/fetch/api/resources/dump-authorization-header.py");

  assert_equals(result, authorizationValue);

}, "getAuthorizationHeaderValue - no redirection");

promise_test(async test => {

  const result = await getAuthorizationHeaderValue("/fetch/api/resources/redirect.py?location=" + encodeURIComponent("/fetch/api/resources/dump-authorization-header.py"));

  assert_equals(result, authorizationValue);

}, "getAuthorizationHeaderValue - same origin redirection");

promise_test(async (test) => {

  const result = await getAuthorizationHeaderValue(get_host_info().HTTP_REMOTE_ORIGIN + "/fetch/api/resources/redirect.py?allow_headers=Authorization&location=" + encodeURIComponent(get_host_info().HTTP_ORIGIN + "/fetch/api/resources/dump-authorization-header.py"));

  assert_equals(result, "none");

}, "getAuthorizationHeaderValue - cross origin redirection");