| Austin James Ahlstrom | 378b161 | 2017-09-12 03:22:12 | [diff] [blame] | 1 | <!DOCTYPE html> |
| 2 | <html> |
| 3 | <head> |
| 4 | <title>Tests that sandboxed iframe has CORS XHR access to a server that accepts all domains</title> |
| 5 | <script src="/resources/testharness.js"></script> |
| 6 | <script src="/resources/testharnessreport.js"></script> |
| 7 | <script src="/common/get-host-info.sub.js"></script> |
| 8 | </head> |
| 9 | <body> |
| 10 | <script type="text/javascript"> |
| 11 | async_test((test) => { |
| 12 | window.addEventListener("message", test.step_func((evt) => { |
| 13 | if (evt.data === "ready") { |
| 14 | document.getElementById("frame").contentWindow.postMessage( |
| 15 | get_host_info().HTTP_ORIGIN + |
| Philip Jägenstedt | 2cb86af | 2018-01-06 16:35:27 | [diff] [blame] | 16 | "/xhr/resources/pass.txt?pipe=" + |
| Austin James Ahlstrom | 378b161 | 2017-09-12 03:22:12 | [diff] [blame] | 17 | "header(Cache-Control,no-store)|" + |
| 18 | "header(Content-Type,text/plain)|" + |
| 19 | "header(Access-Control-Allow-Credentials,true)|" + |
| 20 | "header(Access-Control-Allow-External,true)|" + |
| 21 | "header(Access-Control-Allow-Origin,*)", "*"); |
| 22 | } else { |
| 23 | assert_equals(evt.data.trim(), "PASS"); |
| 24 | test.done(); |
| 25 | } |
| 26 | }), false); |
| 27 | }); |
| 28 | </script> |
| Philip Jägenstedt | 2cb86af | 2018-01-06 16:35:27 | [diff] [blame] | 29 | <iframe id="frame" sandbox="allow-scripts" src="/xhr/resources/access-control-sandboxed-iframe.html"> |
| Austin James Ahlstrom | 378b161 | 2017-09-12 03:22:12 | [diff] [blame] | 30 | </iframe> |
| 31 | </body> |
| 32 | </html> |
