| aahlstrom@google.com | b224968 | 2017-08-15 04:20:55 | [diff] [blame] | 1 | <!DOCTYPE html> |
| 2 | <html> |
| 3 | <head> |
| 4 | <title>Tests CORS denying resource without Access-Control-Allow-Origin header</title> |
| 5 | <script src="/resources/testharness.js"></script> |
| 6 | <script src="/resources/testharnessreport.js"></script> |
| 7 | <script src="/common/get-host-info.sub.js"></script> |
| 8 | </head> |
| 9 | <body> |
| 10 | <script type="text/javascript"> |
| Philip Jägenstedt | 2cb86af | 2018-01-06 16:35:27 | [diff] [blame] | 11 | const path = "/xhr/resources/access-control-basic-denied.py"; |
| aahlstrom@google.com | b224968 | 2017-08-15 04:20:55 | [diff] [blame] | 12 | |
| 13 | test(function() { |
| 14 | const xhr = new XMLHttpRequest; |
| 15 | |
| 16 | xhr.open("GET", get_host_info().HTTP_ORIGIN + path, false); |
| 17 | xhr.send(); |
| 18 | assert_equals(xhr.status, 200); |
| 19 | }, "Same-origin request accepted"); |
| 20 | |
| 21 | test(function() { |
| 22 | const xhr = new XMLHttpRequest; |
| 23 | |
| 24 | xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + path, false); |
| Anne van Kesteren | 9b96b14 | 2018-05-08 17:30:48 | [diff] [blame] | 25 | assert_throws("NetworkError", () => xhr.send()); |
| 26 | assert_equals(xhr.status, 0); |
| aahlstrom@google.com | b224968 | 2017-08-15 04:20:55 | [diff] [blame] | 27 | }, "Cross-origin request denied"); |
| 28 | </script> |
| 29 | </body> |
| 30 | </html> |
