access-control-basic-denied.htm (939B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Tests CORS denying resource without Access-Control-Allow-Origin header</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 </head> 9 <body> 10 <script type="text/javascript"> 11 const path = "/xhr/resources/access-control-basic-denied.py"; 12 13 test(function() { 14 const xhr = new XMLHttpRequest; 15 16 xhr.open("GET", get_host_info().HTTP_ORIGIN + path, false); 17 xhr.send(); 18 assert_equals(xhr.status, 200); 19 }, "Same-origin request accepted"); 20 21 test(function() { 22 const xhr = new XMLHttpRequest; 23 24 xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + path, false); 25 assert_throws_dom("NetworkError", () => xhr.send()); 26 assert_equals(xhr.status, 0); 27 }, "Cross-origin request denied"); 28 </script> 29 </body> 30 </html>