Fix CORS POST JSON XHRs with Authorization

Closes #1662.
jsdom · Dec 18, 2016 · bb12085 · bb12085
1 parent 8bb591d
commit bb12085
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 2 deletions.
diff --git a/lib/jsdom/living/xmlhttprequest.js b/lib/jsdom/living/xmlhttprequest.js
@@ -905,7 +905,7 @@ module.exports = function createXMLHttpRequest(window) {
 
     let total = 0;
     let lengthComputable = false;
-    const length = parseInt(xhrUtils.getRequestHeader(client.headers, "content-length"));
+    const length = client.headers && parseInt(xhrUtils.getRequestHeader(client.headers, "content-length"));
     if (length) {
       total = length;
       lengthComputable = true;

diff --git a/test/web-platform-tests/to-upstream.js b/test/web-platform-tests/to-upstream.js
@@ -80,7 +80,8 @@ describe("Local tests in Web Platform Test format (to-upstream)", () => {
     "html/webappapis/timers/errors.html",
     "html/webappapis/timers/settimeout-setinterval-handles.html",
     "XMLHttpRequest/formdata-constructor.html",
-    "XMLHttpRequest/thrown-error-in-events.html"
+    "XMLHttpRequest/thrown-error-in-events.html",
+    "XMLHttpRequest/send-authentication-cors-post.htm"
   ]
   .forEach(runWebPlatformTest);
 });
diff --git a/test/web-platform-tests/to-upstream/XMLHttpRequest/send-authentication-cors-post.htm b/test/web-platform-tests/to-upstream/XMLHttpRequest/send-authentication-cors-post.htm
@@ -0,0 +1,35 @@
+<!doctype html>
+<title>XMLHttpRequest: send() - CORS POST basic authenticated request</title>
+<link rel="author" title="Maxim Vorobjov" href="mailto:[email protected]">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<link rel="help" href="https://xhr.spec.whatwg.org/#the-setrequestheader()-method" data-tested-assertations="following::ol[1]/li[6]">
+<link rel="help" href="https://xhr.spec.whatwg.org/#the-send()-method" data-tested-assertations="following::code[contains(@title,'http-authorization')]/..">
+
+<div id="log"></div>
+
+<script>
+"use strict";
+
+async_test(t => {
+  var client = new XMLHttpRequest()
+
+  client.open("POST", "http://www1.w3c-test.org/XMLHttpRequest/resources/auth7/corsenabled.py", true)
+
+  client.setRequestHeader("Authorization", "Basic MTMwZGY5NzEtMDE1NS00NTE4LWFjMjctOTU0ZmFhMzUwNWEzOnBhc3M=")
+  client.setRequestHeader("x-user", "130df971-0155-4518-ac27-954faa3505a3")
+  client.setRequestHeader("x-pass", "pass")
+  client.setRequestHeader("Accept", "text/plain");
+  client.setRequestHeader("Content-type", "application/json; charset=utf-8");
+
+  client.onreadystatechange = t.step_func(() => {
+    if (client.readyState < 4) {
+      return;
+    }
+    assert_equals(client.status, 200);
+    t.done();
+  });
+
+  client.send("{'data':'test'}");
+});
+</script>