third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/thorough/redirect-password.js - chromium/src - Git at Google

 if (self.importScripts) {
   importScripts('/fetch/resources/fetch-test-helpers.js');
   importScripts('/fetch/resources/thorough-util.js');
 }

 var TEST_TARGETS = [
   // Redirects to URLs with username/password; these requests are blocked.
   //
   // Spec: https://github.com/whatwg/fetch/pull/465
   // Step 5, redirect status, Step 10.1 and 10.2:
   // "If |request|'s mode is "cors", |request|'s origin is not same origin with
   //  |locationURL|'s origin, and |locationURL| includes credentials, return a
   //  network error."
   // "If the CORS flag is set and |locationURL| includes credentials, return
   //  a network error."

   // Origin A -[fetch]-> Origin A -[redirect]-> Origin A
   [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) +
    '&mode=same-origin&method=GET',
    [fetchRejected]],
   [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) +
    '&mode=same-origin&method=GET',
    [fetchRejected]],
   [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) +
    '&mode=cors&method=GET',
    [fetchRejected]],
   [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) +
    '&mode=cors&method=GET',
    [fetchRejected]],
   [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) +
    '&mode=no-cors&method=GET',
    [fetchRejected]],
   [REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) +
    '&mode=no-cors&method=GET',
    [fetchRejected]],

   // Origin A -[fetch]-> Origin A -[redirect]-> Origin B
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') +
    '&mode=cors&method=GET',
    [fetchRejected]],
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') +
    '&mode=cors&method=GET',
    [fetchRejected]],
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') +
    '&mode=no-cors&method=GET',
    [fetchRejected]],
   [REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') +
    '&mode=no-cors&method=GET',
    [fetchRejected]],

   // Origin A -[fetch]-> Origin B -[redirect]-> Origin A
   [OTHER_REDIRECT_URL +
    encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
    '&mode=cors&method=GET&ACAOrigin=*',
    [fetchRejected]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
    '&mode=cors&method=GET&ACAOrigin=*',
    [fetchRejected]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
    '&mode=no-cors&method=GET&ACAOrigin=*',
    [fetchRejected]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
    '&mode=no-cors&method=GET&ACAOrigin=*',
    [fetchRejected]],

   // Origin A -[fetch]-> Origin B -[redirect]-> Origin B
   [OTHER_REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
    '&mode=cors&method=GET&ACAOrigin=*',
    [fetchRejected]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
    '&mode=cors&method=GET&ACAOrigin=*',
    [fetchRejected]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
    '&mode=no-cors&method=GET&ACAOrigin=*',
    [fetchRejected]],
   [OTHER_REDIRECT_URL +
    encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
    '&mode=no-cors&method=GET&ACAOrigin=*',
    [fetchRejected]],
 ];

 if (self.importScripts) {
   executeTests(TEST_TARGETS);
   done();
 }
	if (self.importScripts) {
	importScripts('/fetch/resources/fetch-test-helpers.js');
	importScripts('/fetch/resources/thorough-util.js');
	}

	var TEST_TARGETS = [
	// Redirects to URLs with username/password; these requests are blocked.
	//
	// Spec: https://github.com/whatwg/fetch/pull/465
	// Step 5, redirect status, Step 10.1 and 10.2:
	// "If \|request\|'s mode is "cors", \|request\|'s origin is not same origin with
	// \|locationURL\|'s origin, and \|locationURL\| includes credentials, return a
	// network error."
	// "If the CORS flag is set and \|locationURL\| includes credentials, return
	// a network error."

	// Origin A -[fetch]-> Origin A -[redirect]-> Origin A
	[REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) +
	'&mode=same-origin&method=GET',
	[fetchRejected]],
	[REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) +
	'&mode=same-origin&method=GET',
	[fetchRejected]],
	[REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) +
	'&mode=cors&method=GET',
	[fetchRejected]],
	[REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) +
	'&mode=cors&method=GET',
	[fetchRejected]],
	[REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_USERNAME) +
	'&mode=no-cors&method=GET',
	[fetchRejected]],
	[REDIRECT_URL + encodeURIComponent(BASE_URL_WITH_PASSWORD) +
	'&mode=no-cors&method=GET',
	[fetchRejected]],

	// Origin A -[fetch]-> Origin A -[redirect]-> Origin B
	[REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') +
	'&mode=cors&method=GET',
	[fetchRejected]],
	[REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') +
	'&mode=cors&method=GET',
	[fetchRejected]],
	[REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + '&ACAOrigin=*') +
	'&mode=no-cors&method=GET',
	[fetchRejected]],
	[REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + '&ACAOrigin=*') +
	'&mode=no-cors&method=GET',
	[fetchRejected]],

	// Origin A -[fetch]-> Origin B -[redirect]-> Origin A
	[OTHER_REDIRECT_URL +
	encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
	'&mode=cors&method=GET&ACAOrigin=*',
	[fetchRejected]],
	[OTHER_REDIRECT_URL +
	encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
	'&mode=cors&method=GET&ACAOrigin=*',
	[fetchRejected]],
	[OTHER_REDIRECT_URL +
	encodeURIComponent(BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
	'&mode=no-cors&method=GET&ACAOrigin=*',
	[fetchRejected]],
	[OTHER_REDIRECT_URL +
	encodeURIComponent(BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
	'&mode=no-cors&method=GET&ACAOrigin=*',
	[fetchRejected]],

	// Origin A -[fetch]-> Origin B -[redirect]-> Origin B
	[OTHER_REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
	'&mode=cors&method=GET&ACAOrigin=*',
	[fetchRejected]],
	[OTHER_REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
	'&mode=cors&method=GET&ACAOrigin=*',
	[fetchRejected]],
	[OTHER_REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_USERNAME + 'ACAOrigin=*') +
	'&mode=no-cors&method=GET&ACAOrigin=*',
	[fetchRejected]],
	[OTHER_REDIRECT_URL +
	encodeURIComponent(OTHER_BASE_URL_WITH_PASSWORD + 'ACAOrigin=*') +
	'&mode=no-cors&method=GET&ACAOrigin=*',
	[fetchRejected]],
	];

	if (self.importScripts) {
	executeTests(TEST_TARGETS);
	done();
	}