Confirmed users
3,816
edits
QA/Firefox3.5/XHR TestPlan: Difference between revisions
Jump to navigation
Jump to search
→Test Cases
| Line 42: | Line 42: | ||
* {{done|test correct request with an origin from evil.com and see if the specification blocks the request (isn't that part of the server code and outside our control?)}} | * {{done|test correct request with an origin from evil.com and see if the specification blocks the request (isn't that part of the server code and outside our control?)}} | ||
*{{done|test access-control-request-method/-header to ensure that non-allowed method/headers are blocked from the actual request as part of the pre-flight}} | *{{done|test access-control-request-method/-header to ensure that non-allowed method/headers are blocked from the actual request as part of the pre-flight}} | ||
* XMLHttpRequest::getResponseHeader() does not have access to the Cookie2 header and other headers not on Response Header whitelist | * {{todo|XMLHttpRequest::getResponseHeader() does not have access to the Cookie2 header and other headers not on Response Header whitelist}} | ||
* Attempt to set a cookie on the REQ | * {{done|Attempt to set a cookie on the REQ}} | ||
* {{done|Ensure we have a test for a proper access-control-allow-origin header}} | * {{done|Ensure we have a test for a proper access-control-allow-origin header}} | ||
* Can we simply create a testcase where we attempt a REQ without an origin? | * {{done|Can we simply create a testcase where we attempt a REQ without an origin?}} | ||
=== Simple XSS XHR === | === Simple XSS XHR === | ||