Allow setting withCredentials in synchronous XMLHttpRequest

closes #10839
2025-07-23 07:13:52 +01:00 · 2016-04-26 13:41:36 +05:30 · 2016-04-26 13:41:36 +05:30 · f56bd3a6f3
commit f56bd3a6f3
parent 09b2efc706
4 changed files with 3 additions and 24 deletions
--- a/components/script/dom/xmlhttprequest.rs
+++ b/components/script/dom/xmlhttprequest.rs
@ -369,8 +369,7 @@ impl XMLHttpRequestMethods for XMLHttpRequest {
                // Step 10
                if !async {
                    // FIXME: This should only happen if the global environment is a document environment
-                    if self.timeout.get() != 0 || self.with_credentials.get() ||
-                       self.response_type.get() != XMLHttpRequestResponseType::_empty {
+                    if self.timeout.get() != 0 || self.response_type.get() != XMLHttpRequestResponseType::_empty {
                        return Err(Error::InvalidAccess)
                    }
                }
@ -507,8 +506,6 @@ impl XMLHttpRequestMethods for XMLHttpRequest {
            // Step 2
            _ if self.send_flag.get() => Err(Error::InvalidState),
            // Step 3
-            _ if self.sync_in_window() => Err(Error::InvalidAccess),
-            // Step 4
            _ => {
                self.with_credentials.set(with_credentials);
                Ok(())
--- a/tests/wpt/metadata/XMLHttpRequest/send-authentication-basic-cors-not-enabled.htm.ini
+++ b/tests/wpt/metadata/XMLHttpRequest/send-authentication-basic-cors-not-enabled.htm.ini
@ -1,5 +0,0 @@
-[send-authentication-basic-cors-not-enabled.htm]
-  type: testharness
-  [XMLHttpRequest: send() - "Basic" authenticated CORS requests with user name and password passed to open() (asserts failure)]
-    expected: FAIL
-
--- a/tests/wpt/web-platform-tests/XMLHttpRequest/XMLHttpRequest-withCredentials.js
+++ b/tests/wpt/web-platform-tests/XMLHttpRequest/XMLHttpRequest-withCredentials.js
@ -16,15 +16,8 @@ function test_withCredentials(worker) {
  test(function() {
    var client = new XMLHttpRequest()
    client.open("GET", "resources/delay.py?ms=1000", false)
-    if (worker) {
-      client.withCredentials = true
-      assert_true(client.withCredentials, "set in OPEN state")
-    } else {
-      assert_throws("InvalidAccessError", function() {
-        client.withCredentials = true
-      })
-      assert_false(client.withCredentials, "set in OPEN state")
-    }
+    client.withCredentials = true
+    assert_true(client.withCredentials, "set in OPEN state")
  }, "setting on synchronous XHR")

  async_test(function() {
--- a/tests/wpt/web-platform-tests/cors/credentials-flag.htm
+++ b/tests/wpt/web-platform-tests/cors/credentials-flag.htm
@ -17,12 +17,6 @@ var url = CROSSDOMAIN + 'resources/cors-cookie.py?ident='
 * widthCredentials
 */
 // XXX Do some https tests here as well
-test(function () {
-    var client = new XMLHttpRequest()
-    client.open('GET', CROSSDOMAIN, false)
-    assert_throws(null, function() { client.withCredentials = true; }, 'setting withCredentials')
-}, 'Setting withCredentials on a sync XHR object should throw')
-
 async_test(function () {
    var id = new Date().getTime() + '_1',
        client = new XMLHttpRequest()