[HtmlUnit] SVN: [9123] trunk/htmlunit/src

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 9123
          http://sourceforge.net/p/htmlunit/code/9123
Author:   rbri
Date:     2014-02-11 21:42:54 +0000 (Tue, 11 Feb 2014)
Log Message:
-----------
Use the correct url for checking if the origin header has to be added to a XMLHttpRequest.

Modified Paths:
--------------
    trunk/htmlunit/src/changes/changes.xml
    trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequest.java
    trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequestCORSTest.java

Modified: trunk/htmlunit/src/changes/changes.xml
===================================================================

--- trunk/htmlunit/src/changes/changes.xml	2014-02-11 05:55:55 UTC (rev 9122)
+++ trunk/htmlunit/src/changes/changes.xml	2014-02-11 21:42:54 UTC (rev 9123)
@@ -8,6 +8,10 @@
 
     <body>
         <release version="2.14" date="???" description="FF24, Bugfixes, initial work on IE11">
+            <action type="fix" dev="rbri" issue="1575">
+                JavaScript: Use the correct url for checking if the origin header has to be added
+                to a XMLHttpRequest.
+            </action>
             <action type="fix" dev="rbri">
                 JavaScript: Property contentDocument (Frame/iFrame) is available in IE8 also.
             </action>

Modified: trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequest.java
===================================================================
--- trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequest.java	2014-02-11 05:55:55 UTC (rev 9122)
+++ trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequest.java	2014-02-11 21:42:54 UTC (rev 9123)
@@ -496,7 +496,7 @@
 
         try {
             final URL fullUrl = containingPage_.getFullyQualifiedUrl(url);
-            final URL originUrl = containingPage_.getUrl();
+            final URL originUrl = containingPage_.getFullyQualifiedUrl("");
             if (!isAllowCrossDomainsFor(originUrl, fullUrl)) {
                 throw Context.reportRuntimeError("Access to restricted URI denied");
             }

Modified: trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequestCORSTest.java
===================================================================
--- trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequestCORSTest.java	2014-02-11 05:55:55 UTC (rev 9122)
+++ trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/xml/XMLHttpRequestCORSTest.java	2014-02-11 21:42:54 UTC (rev 9123)
@@ -662,7 +662,8 @@
                 + "}\n"
                 + "</script>\n"
                 + "</head>\n"
-                + "<body onload='test()'></body></html>";
+                + "<body onload='test()'>\n"
+                + "</body></html>";
 
         WithCredentialsServerServlet.ACCESS_CONTROL_ALLOW_ORIGIN_ = accessControlAllowOrigin;
         WithCredentialsServerServlet.ACCESS_CONTROL_ALLOW_CREDENTIALS_ = accessControlAllowCredentials;
@@ -674,6 +675,58 @@
     }
 
     /**
+     * @throws Exception if the test fails.
+     */
+    @Test
+    @Alerts("done 200")
+    public void testWithCredentialsIFrame() throws Exception {
+        final String html = "<html><head>\n"
+                + "<script>\n"
+
+                + "function load() {\n"
+                + "  try {\n"
+                + "    var myContent = '<!DOCTYPE html><html><head></head><body>"
+                            + "<script src=\"get.js\"><\\/script><p>tttttt</p></body></html>';\n"
+                + "    window.asyncLoadIFrame = document.createElement('iframe');\n"
+                + "    asyncLoadIFrame.id = 'asyncLoadIFrame';\n"
+                + "    asyncLoadIFrame.src = 'about:blank';\n"
+                + "    document.body.appendChild(asyncLoadIFrame);\n"
+
+                + "    asyncLoadIFrame.contentWindow.document.open('text/html', 'replace');\n"
+                + "    asyncLoadIFrame.contentWindow.document.write(myContent);\n"
+                + "    asyncLoadIFrame.contentWindow.document.close();\n"
+                + "  } catch(e) { alert(e) }\n"
+                + "}\n"
+                + "</script>\n"
+                + "</head>\n"
+                + "<body onload='load()'>\n"
+                + "</body></html>";
+
+        final String js = ""
+                + "var xhr = " + XHRInstantiation_ + ";\n"
+                + "  try {\n"
+                + "    var url = '/data';\n"
+                + "    xhr.open('GET',  url, true);\n"
+                + "    xhr.withCredentials = true;\n"
+                + "    xhr.onreadystatechange = onReadyStateChange;\n"
+                + "    xhr.send();\n"
+                + "  } catch(e) { alert(e) }\n"
+
+                + "  function onReadyStateChange() {\n"
+                + "    if (xhr.readyState == 4) {\n"
+                + "      alert('done ' + xhr.status);\n"
+                + "    }\n"
+                + "  }\n";
+
+        getMockWebConnection().setDefaultResponse(js, JAVASCRIPT_MIME_TYPE);
+        final String xml = "<xml><content>blah</content></xml>";
+
+        getMockWebConnection().setResponse(new URL(URL_FIRST, "/data"), xml, "text/xml");
+
+        loadPageWithAlerts2(html);
+    }
+
+    /**
      * CORS "With Credentials" scenario Servlet.
      */
     public static class WithCredentialsServerServlet extends HttpServlet {





[HtmlUnit] SVN: [9123] trunk/htmlunit/src

Java GUI-Less browser, supporting JavaScript, to run against web pages

[HtmlUnit] SVN: [9123] trunk/htmlunit/src