1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
content / test / data / cross-origin-redirect-blocked.html [blame]
<html>
<head>
<title></title>
</head>
<body>
<script>
function NewXHR(url) {
var r = new XMLHttpRequest
r.open("GET", url);
return r;
}
function SignalSuccess() {
document.location = "title3.html";
}
function SignalFailure() {
document.location = "title1.html";
}
function CreateDummyRequest() {
dummy_request = NewXHR("/title2.html");
dummy_request.onload = SignalSuccess;
dummy_request.send(null);
}
function RedirectFailed() {
// Good, the redirect was blocked by WebKit.
//
// We also care that the underlying network stack does not send the redirect.
// We cannot detect that from JS, but our test harness is designed to detect
// that (see ResourceDispatcherTest::CrossOriginRedirectBlocked). Before
// calling SignalSuccess, we want to allow the browser time to notice a request
// to follow the redirect if one should exist. To do that, we just need to
// make another network request.
//
// The setTimeout call is intended to delay CreateDummyRequest so that any
// processing associated with the current "error" handler completes.
setTimeout(CreateDummyRequest, 0);
}
function RedirectSucceeded() {
// Oops, the redirect should have been denied!
SignalFailure();
}
// Kick off a request that will attempt a cross-origin redirect.
var redirect_url = "/server-redirect-302?http://a.com:" + location.port + "/title2.html";
request = NewXHR(redirect_url);
request.onerror = RedirectFailed;
request.onload = RedirectSucceeded;
request.send(null);
</script>
</body>
</html>