Align CORS wildcard handling with Fetch changes

See whatwg/fetch#548 and whatwg/fetch#592.
web-platform-tests · Sep 7, 2017 · f7ce1ec · f7ce1ec
1 parent 8d2bbee
commit f7ce1ec
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/fetch/api/cors/cors-expose-star.js b/fetch/api/cors/cors-expose-star.js
@@ -4,7 +4,7 @@ if (this.document === undefined) {
 }
 
 const url = "http://{{host}}:{{ports[http][1]}}" + dirname(location.pathname) + RESOURCES_DIR + "top.txt",
-      sharedHeaders = "?pipe=header(Access-Control-Expose-Headers,*)|header(Test,X)|header(Set-Cookie,X)|"
+      sharedHeaders = "?pipe=header(Access-Control-Expose-Headers,*)|header(Test,X)|header(Set-Cookie,X)|header(*,whoa)|"
 
 promise_test(() => {
   const headers = "header(Access-Control-Allow-Origin,*)"
@@ -13,6 +13,7 @@ promise_test(() => {
     assert_equals(resp.type , "cors")
     assert_equals(resp.headers.get("test"), "X")
     assert_equals(resp.headers.get("set-cookie"), null)
+    assert_equals(resp.headers.get("*"), "whoa")
   })
 }, "Basic Access-Control-Expose-Headers: * support")
 
@@ -25,7 +26,19 @@ promise_test(() => {
     assert_equals(resp.headers.get("content-type"), "text/plain") // safelisted
     assert_equals(resp.headers.get("test"), null)
     assert_equals(resp.headers.get("set-cookie"), null)
+    assert_equals(resp.headers.get("*"), "whoa")
   })
-}, "Cannot use * for credentialed fetches")
+}, "* for credentialed fetches only matches literally")
+
+promise_test(() => {
+  const headers =  "header(Access-Control-Allow-Origin,*)|header(Access-Control-Expose-Headers,set-cookie)"
+  return fetch(url + sharedHeaders + headers).then(resp => {
+    assert_equals(resp.status, 200)
+    assert_equals(resp.type , "cors")
+    assert_equals(resp.headers.get("test"), "X")
+    assert_equals(resp.headers.get("set-cookie"), null)
+    assert_equals(resp.headers.get("*"), "whoa")
+  })
+}, "* can be one of several values")
 
 done();
diff --git a/fetch/api/cors/cors-preflight-star.any.js b/fetch/api/cors/cors-preflight-star.any.js
@@ -16,7 +16,7 @@ function preflightTest(succeeds, withCredentials, allowMethod, allowHeader, useM
     if (useMethod) {
       requestInit.method = useMethod
     }
-    if (useHeader) {
+    if (useHeader.length > 0) {
       requestInit.headers = [useHeader]
     }
     testURL += "allow_methods=" + allowMethod + "&"
@@ -36,7 +36,9 @@ preflightTest(true, false, "get", "x-test", "GET", ["X-Test", "1"])
 preflightTest(true, false, "*", "x-test", "SUPER", ["X-Test", "1"])
 preflightTest(true, false, "*", "*", "OK", ["X-Test", "1"])
 preflightTest(false, true, "*", "*", "OK", ["X-Test", "1"])
-preflightTest(false, true, "*", "", "PUT", undefined)
-preflightTest(false, true, "put", "*", "PUT", undefined)
+preflightTest(false, true, "*", "", "PUT", [])
+preflightTest(true, true, "PUT", "*", "PUT", [])
+preflightTest(false, true, "put", "*", "PUT", [])
 preflightTest(false, true, "get", "*", "GET", ["X-Test", "1"])
 preflightTest(false, true, "*", "*", "GET", ["X-Test", "1"])
+preflightTest(true, true, "*", "*", "*", ["*", "1"])