third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/get-dangerous-headers.html

   1 <html>
   2 <body>
   3 <p>Test that getResponseHeader and getAllResponseHeaders cannot be used to get the cookie header fields.</p>
   4 <pre id="result">FAIL: Script didn't run or raised an unexpected exception.</pre>
   5 <script>
   6     if (window.testRunner)
   7         testRunner.dumpAsText();
   8
   9     req = new XMLHttpRequest;
  10     req.open("POST", "resources/get-set-cookie.cgi", false);
  11     req.send("");
  12
  13     var result = "PASS";
  14
  15     if (req.getResponseHeader("Set-Cookie") != null && result == "PASS")
  16         result = "FAIL: Saw a Set-Cookie header with getResponseHeader.";
  17     if (req.getResponseHeader("set-cookie") != null && result == "PASS")
  18         result = "FAIL: Saw a set-cookie header with getResponseHeader.";
  19     if (req.getResponseHeader("Set-Cookie2") != null && result == "PASS")
  20         result = "FAIL: Saw a Set-Cookie2 header with getResponseHeader.";
  21     if (req.getResponseHeader("set-cookie2") != null && result == "PASS")
  22         result = "FAIL: Saw a set-cookie2 header with getResponseHeader.";
  23
  24     if (req.getAllResponseHeaders().match(/Set-Cookie/) && result == "PASS")
  25         result = "FAIL: Saw Set-Cookie with getAllResponseHeaders.";
  26     if (req.getAllResponseHeaders().match(/set-cookie/) && result == "PASS")
  27         result = "FAIL: Saw set-cookie with getAllResponseHeaders.";
  28     if (req.getAllResponseHeaders().match(/Set-Cookie2/) && result == "PASS")
  29         result = "FAIL: Saw Set-Cookie2 with getAllResponseHeaders.";
  30     if (req.getAllResponseHeaders().match(/set-cookie2/) && result == "PASS")
  31         result = "FAIL: Saw set-cookie2 with getAllResponseHeaders.";
  32
  33     document.getElementById("result").textContent = result;
  34 </script>
  35 </body>
  36 </html>