sandboxed-iframe.html (720B)
1 <!doctype html> 2 <html> 3 <script> 4 async function no_cors_should_be_rejected() { 5 let thrown = false; 6 try { 7 const resp = await fetch('top.txt'); 8 } catch (e) { 9 thrown = true; 10 } 11 if (!thrown) { 12 throw Error('fetching "top.txt" should be rejected.'); 13 } 14 } 15 16 async function null_origin_should_be_accepted() { 17 const url = 'top.txt?pipe=header(access-control-allow-origin,null)|' + 18 'header(cache-control,no-store)'; 19 const resp = await fetch(url); 20 } 21 22 async function test() { 23 try { 24 await no_cors_should_be_rejected(); 25 await null_origin_should_be_accepted(); 26 parent.postMessage('PASS', '*'); 27 } catch (e) { 28 parent.postMessage(e.message, '*'); 29 } 30 } 31 32 test(); 33 </script> 34 </html>