From 68d86d0549e2c40ba7cddfcdf7d09fca2d179f44 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Mon, 5 Jan 2015 16:13:44 -0800 Subject: [PATCH 1/3] Test credentials options --- test/server.js | 12 ++++++++++++ test/test.js | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/test/server.js b/test/server.js index 8956153f..a1828187 100755 --- a/test/server.js +++ b/test/server.js @@ -5,6 +5,7 @@ var port = Number(process.argv[2] || 3000) var fs = require('fs') var http = require('http'); var url = require('url'); +var querystring = require('querystring'); var routes = { '/request': function(res, req) { @@ -47,6 +48,17 @@ var routes = { res.writeHead(200, {'Content-Type': 'application/json'}); res.end('not json {'); }, + '/cookie': function(res, req) { + var params = querystring.parse(url.parse(req.url).query); + if (params.value && params.value) { + var setCookie = [params.name, params.value].join('='); + } + if (params.name) { + var cookie = querystring.parse(req.headers['cookie'], '; ')[params.name]; + } + res.writeHead(200, {'Content-Type': 'text/plain', 'Set-Cookie': setCookie}); + res.end(cookie); + }, '/headers': function(res) { res.writeHead(200, { 'Date': 'Mon, 13 Oct 2014 21:02:27 GMT', diff --git a/test/test.js b/test/test.js index f17e6f78..c51b5e67 100644 --- a/test/test.js +++ b/test/test.js @@ -196,3 +196,43 @@ promiseTest('supports HTTP DELETE', 2, function() { equal(request.data, '') }) }) + +promiseTest('doesnt send cookies with implicit omit credentials', 1, function() { + return fetch('/cookie?name=foo&value=bar').then(function(response) { + return fetch('/cookie?name=foo'); + }).then(function(response) { + return response.text() + }).then(function(data) { + equal(data, '') + }) +}) + +promiseTest('doesnt send cookies with omit credentials', 1, function() { + return fetch('/cookie?name=foo&value=bar').then(function(response) { + return fetch('/cookie?name=foo', {credentials: 'omit'}) + }).then(function(response) { + return response.text() + }).then(function(data) { + equal(data, '') + }) +}) + +promiseTest('send cookies with same-origin credentials', 1, function() { + return fetch('/cookie?name=foo&value=bar').then(function(response) { + return fetch('/cookie?name=foo', {credentials: 'same-origin'}) + }).then(function(response) { + return response.text() + }).then(function(data) { + equal(data, 'bar') + }) +}) + +promiseTest('send cookies with include credentials', 1, function() { + return fetch('/cookie?name=foo&value=bar').then(function(response) { + return fetch('/cookie?name=foo', {credentials: 'include'}) + }).then(function(response) { + return response.text() + }).then(function(data) { + equal(data, 'bar') + }) +}) From af17642c41c1c02b75bbaa1424ea20f27a4b0ef9 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Mon, 5 Jan 2015 19:13:28 -0800 Subject: [PATCH 2/3] No contraction --- test/test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/test.js b/test/test.js index c51b5e67..b36669f9 100644 --- a/test/test.js +++ b/test/test.js @@ -197,7 +197,7 @@ promiseTest('supports HTTP DELETE', 2, function() { }) }) -promiseTest('doesnt send cookies with implicit omit credentials', 1, function() { +promiseTest('does not send cookies with implicit omit credentials', 1, function() { return fetch('/cookie?name=foo&value=bar').then(function(response) { return fetch('/cookie?name=foo'); }).then(function(response) { @@ -207,7 +207,7 @@ promiseTest('doesnt send cookies with implicit omit credentials', 1, function() }) }) -promiseTest('doesnt send cookies with omit credentials', 1, function() { +promiseTest('does not send cookies with omit credentials', 1, function() { return fetch('/cookie?name=foo&value=bar').then(function(response) { return fetch('/cookie?name=foo', {credentials: 'omit'}) }).then(function(response) { From 1bbe6f0ef11f88454851e826bd56ee9fb9799f1d Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Mon, 5 Jan 2015 19:26:47 -0800 Subject: [PATCH 3/3] Default credentials to 'omit' --- fetch.js | 2 +- test/test.js | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/fetch.js b/fetch.js index ed70f1c4..b6c9622c 100644 --- a/fetch.js +++ b/fetch.js @@ -133,7 +133,7 @@ options = options || {} this.url = url this._body = options.body - this.credentials = options.credentials || null + this.credentials = options.credentials || 'omit' this.headers = new Headers(options.headers) this.method = normalizeMethod(options.method || 'GET') this.mode = options.mode || null diff --git a/test/test.js b/test/test.js index b36669f9..e4d30536 100644 --- a/test/test.js +++ b/test/test.js @@ -197,6 +197,16 @@ promiseTest('supports HTTP DELETE', 2, function() { }) }) +test('request credentials defaults to omit', function() { + var request = new Request('') + equal(request.credentials, 'omit') +}) + +test('request credentials uses inits member', function() { + var request = new Request('', {credentials: 'same-origin'}) + equal(request.credentials, 'same-origin') +}) + promiseTest('does not send cookies with implicit omit credentials', 1, function() { return fetch('/cookie?name=foo&value=bar').then(function(response) { return fetch('/cookie?name=foo');