From 50871a5a85cc802421b40cc67e2830601968affe Mon Sep 17 00:00:00 2001
From: Sean Robinson <sean.robinson@scottsdalecc.edu>
Date: Fri, 26 Apr 2019 07:25:08 -0700
Subject: Ajax: Do not execute scripts for unsuccessful HTTP responses

The script transport used to evaluate fetched script sources which is
undesirable for unsuccessful HTTP responses. This is different to other data
types where such a convention was fine (e.g. in case of JSON).

Fixes gh-4250
Closes gh-4379
---
 test/data/mock.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'test/data/mock.php')

diff --git a/test/data/mock.php b/test/data/mock.php
index ba1930415..5b56d02c7 100644
--- a/test/data/mock.php
+++ b/test/data/mock.php
@@ -216,6 +216,19 @@ QUnit.assert.ok( true, "mock executed");';
 		unlink( $this->cspFile );
 	}
 
+	protected function errorWithScript( $req ) {
+		header( 'HTTP/1.0 404 Not Found' );
+		if ( isset( $req->query['withScriptContentType'] ) ) {
+			header( 'Content-Type: application/javascript' );
+		}
+		if ( isset( $req->query['callback'] ) ) {
+			$callback = $req->query['callback'];
+			echo $callback . '( {"status": 404, "msg": "Not Found"} )';
+		} else {
+			echo 'QUnit.assert.ok( false, "Mock return erroneously executed" );';
+		}
+	}
+
 	public function __construct() {
 		$this->cspFile = __DIR__ . '/support/csp.log';
 	}
-- 
cgit v1.2.3