search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / WebKit / LayoutTests / http / tests / xmlhttprequest / access-control-preflight-sync-header-denied.html
blobf143da794e2038af8f2f94fa30052db081fb1d96
1 <html>
2 <body>
3 <pre id='console'></pre>
4 <script type="text/javascript">
5 function log(message)
6 {
7 document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
8 }
9
10 if (window.testRunner)
11 testRunner.dumpAsText();
12
13 (function() {
14 var xhr = new XMLHttpRequest();
15
16 try {
17 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
18 xhr.send(null);
19 } catch(e) {
20 log("FAIL: Unable to reset server state: [" + e.message + "].");
21 return;
22 }
23
24 xhr = new XMLHttpRequest();
25
26 try {
27 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", false);
28 xhr.setRequestHeader("X-NON-STANDARD", "filler");
29 } catch(e) {
30 log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
31 return;
32 }
33
34 try {
35 xhr.send(null);
36 log("FAIL: Cross-domain access allowed in first send without throwing an exception");
37 return;
38 } catch(e) {
39 // Eat the exception.
40 }
41
42 xhr = new XMLHttpRequest();
43
44 try {
45 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
46 } catch(e) {
47 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
48 return;
49 }
50
51 try {
52 xhr.send(null);
53 } catch(e) {
54 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
55 return;
56 }
57
58 log(xhr.responseText);
59 })();
60 </script>
61 </body>
62 </html>