mirror of
https://github.com/servo/servo.git
synced 2025-07-19 13:23:46 +01:00
31 lines
1,009 B
HTML
31 lines
1,009 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Tests CORS denying preflighted request to resource without CORS headers for OPTIONS</title>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="/common/get-host-info.sub.js"></script>
|
|
</head>
|
|
<body>
|
|
<script type="text/javascript">
|
|
test(function() {
|
|
const xhr = new XMLHttpRequest;
|
|
|
|
xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN +
|
|
"/XMLHttpRequest/resources/access-control-basic-options-not-supported.py", false);
|
|
|
|
// Non-CORS-safelisted header
|
|
xhr.setRequestHeader("x-test", "foobar");
|
|
|
|
// This fails because the server-side script is not prepared for an OPTIONS request
|
|
try {
|
|
xhr.send();
|
|
} catch(e) {
|
|
assert_equals(xhr.status, 0);
|
|
return;
|
|
}
|
|
assert_unreached("Preflighted request was not denied.");
|
|
}, "Preflighted cross-origin request denied");
|
|
</script>
|
|
</body>
|
|
</html>
|