From 2093291539b6011fd76733414d145e61c92c0814 Mon Sep 17 00:00:00 2001
From: Keith Yeung <kungfukeith11@gmail.com>
Date: Sat, 31 Jan 2015 20:41:34 +0800
Subject: [PATCH] Added error checking on XMLHttpRequest::setWithCredentials

---
 .../script/dom/webidls/XMLHttpRequest.webidl    |  1 +
 components/script/dom/xmlhttprequest.rs         | 17 +++++++++++++++--
 .../XMLHttpRequest-withCredentials.html.ini     |  8 --------
 .../XMLHttpRequest-withCredentials.worker.ini   |  5 -----
 4 files changed, 16 insertions(+), 15 deletions(-)
 delete mode 100644 tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.html.ini
 delete mode 100644 tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.worker.ini

diff --git a/components/script/dom/webidls/XMLHttpRequest.webidl b/components/script/dom/webidls/XMLHttpRequest.webidl
index ba100ca23ad..6066ba9c17b 100644
--- a/components/script/dom/webidls/XMLHttpRequest.webidl
+++ b/components/script/dom/webidls/XMLHttpRequest.webidl
@@ -50,6 +50,7 @@ interface XMLHttpRequest : XMLHttpRequestEventTarget {
   void setRequestHeader(ByteString name, ByteString value);
   [SetterThrows]
            attribute unsigned long timeout;
+  [SetterThrows]
            attribute boolean withCredentials;
   readonly attribute XMLHttpRequestUpload upload;
   [Throws]
diff --git a/components/script/dom/xmlhttprequest.rs b/components/script/dom/xmlhttprequest.rs
index 0f6e9551272..961125bf25b 100644
--- a/components/script/dom/xmlhttprequest.rs
+++ b/components/script/dom/xmlhttprequest.rs
@@ -489,8 +489,21 @@ impl<'a> XMLHttpRequestMethods for JSRef<'a, XMLHttpRequest> {
     fn WithCredentials(self) -> bool {
         self.with_credentials.get()
     }
-    fn SetWithCredentials(self, with_credentials: bool) {
-        self.with_credentials.set(with_credentials);
+    // Spec for SetWithCredentials: https://xhr.spec.whatwg.org/#dom-xmlhttprequest-withcredentials
+    fn SetWithCredentials(self, with_credentials: bool) -> ErrorResult {
+        match self.ready_state.get() {
+            XMLHttpRequestState::HeadersReceived |
+            XMLHttpRequestState::Loading |
+            XMLHttpRequestState::XHRDone => Err(InvalidState),
+            _ if self.send_flag.get() => Err(InvalidState),
+            _ => match self.global.root() {
+                GlobalRoot::Window(_) if self.sync.get() => Err(InvalidAccess),
+                _ => {
+                    self.with_credentials.set(with_credentials);
+                    Ok(())
+                },
+            },
+        }
     }
     fn Upload(self) -> Temporary<XMLHttpRequestUpload> {
         Temporary::new(self.upload)
diff --git a/tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.html.ini b/tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.html.ini
deleted file mode 100644
index 3c608dca283..00000000000
--- a/tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.html.ini
+++ /dev/null
@@ -1,8 +0,0 @@
-[XMLHttpRequest-withCredentials.html]
-  type: testharness
-  [setting on synchronous XHR]
-    expected: FAIL
-
-  [setting withCredentials when not in UNSENT, OPENED state]
-    expected: FAIL
-
diff --git a/tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.worker.ini b/tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.worker.ini
deleted file mode 100644
index 46e66dde6ba..00000000000
--- a/tests/wpt/metadata/XMLHttpRequest/XMLHttpRequest-withCredentials.worker.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[XMLHttpRequest-withCredentials.worker]
-  type: testharness
-  [setting withCredentials when not in UNSENT, OPENED state]
-    expected: FAIL
-