Skip to content

Commit

Permalink
Fetch: ensure preflight is required for Authorization/Range
Browse files Browse the repository at this point in the history
Plus some minor cleanup.

We will likely have to treat Range as a special case for media elements (see whatwg/fetch#145) so creating this to ensure that only happens when Range is set by the user agent.
  • Loading branch information
annevk committed Jan 19, 2021
1 parent 0f74915 commit 42837d7
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 9 deletions.
2 changes: 2 additions & 0 deletions fetch/api/cors/resources/not-cors-safelisted.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@
["accept", "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"],
["accept-language", "\u0001"],
["accept-language", "@"],
["authorization", "basics"],
["content-language", "\u0001"],
["content-language", "@"],
["content-type", "text/html"],
["content-type", "text/plain; long=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901"],
["range", "bytes 0-"],
["test", "hi"]
]
4 changes: 2 additions & 2 deletions fetch/api/credentials/authentication-basic.any.js
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
// META: global=window,worker
// META: script=../resources/utils.js

function basicAuth(desc, user, pass, mode, status) {
promise_test(function(test) {
var headers = { "Authorization": "Basic " + btoa(user + ":" + pass)};
var requestInit = {"credentials": mode, "headers": headers};
return fetch(RESOURCES_DIR + "authentication.py?realm=test", requestInit).then(function(resp) {
return fetch("../resources/authentication.py?realm=test", requestInit).then(function(resp) {
assert_equals(resp.status, status, "HTTP status is " + status);
assert_equals(resp.type , "basic", "Response's type is basic");
});
Expand All @@ -15,3 +14,4 @@ function basicAuth(desc, user, pass, mode, status) {
basicAuth("User-added Authorization header with include mode", "user", "password", "include", 200);
basicAuth("User-added Authorization header with same-origin mode", "user", "password", "same-origin", 200);
basicAuth("User-added Authorization header with omit mode", "user", "password", "omit", 200);
basicAuth("User-added bogus Authorization header with omit mode", "notuser", "notpassword", "omit", 401);
7 changes: 0 additions & 7 deletions fetch/api/resources/utils.js
Original file line number Diff line number Diff line change
@@ -1,12 +1,5 @@
var inWorker = false;
var RESOURCES_DIR = "../resources/";

try {
inWorker = !(self instanceof Window);
} catch (e) {
inWorker = true;
}

function dirname(path) {
return path.replace(/\/[^\/]*$/, '/')
}
Expand Down

0 comments on commit 42837d7

Please sign in to comment.