| Austin James Ahlstrom | 361f3cd | 2017-09-06 08:33:56 | [diff] [blame] | 1 | <!DOCTYPE html> |
| 2 | <html> |
| 3 | <head> |
| 4 | <title>Sync request denied at preflight because of non-CORS-safelisted header</title> |
| 5 | <script src="/resources/testharness.js"></script> |
| 6 | <script src="/resources/testharnessreport.js"></script> |
| 7 | <script src="/common/get-host-info.sub.js"></script> |
| 8 | <script src="/common/utils.js"></script> |
| 9 | </head> |
| 10 | <body> |
| 11 | <script type="text/javascript"> |
| 12 | const uuid = token(); |
| 13 | const url = get_host_info().HTTP_REMOTE_ORIGIN + |
| Philip Jägenstedt | 2cb86af | 2018-01-06 16:35:27 | [diff] [blame] | 14 | "/xhr/resources/access-control-preflight-denied.py?token=" + uuid; |
| Austin James Ahlstrom | 361f3cd | 2017-09-06 08:33:56 | [diff] [blame] | 15 | |
| 16 | test(() => { |
| 17 | let xhr = new XMLHttpRequest; |
| 18 | xhr.open("GET", url + "&command=reset", false); |
| 19 | xhr.send(); |
| 20 | |
| 21 | xhr = new XMLHttpRequest; |
| 22 | xhr.open("GET", url + "&command=header", false); |
| 23 | xhr.setRequestHeader("x-test", "foo"); |
| 24 | |
| Stephen McGruer | 3696f22 | 2020-01-23 19:11:58 | [diff] [blame^] | 25 | assert_throws_dom("NetworkError", () => xhr.send()); |
| Austin James Ahlstrom | 361f3cd | 2017-09-06 08:33:56 | [diff] [blame] | 26 | |
| Anne van Kesteren | 9b96b14 | 2018-05-08 17:30:48 | [diff] [blame] | 27 | xhr = new XMLHttpRequest; |
| 28 | xhr.open("GET", url + "&command=complete", false); |
| 29 | xhr.send(); |
| 30 | assert_equals(xhr.responseText, "Request successfully blocked."); |
| Austin James Ahlstrom | 361f3cd | 2017-09-06 08:33:56 | [diff] [blame] | 31 | }, "Sync request denied at preflight"); |
| 32 | </script> |
| 33 | </body> |
| 34 | </html> |
