[ tor-browser ].git.dasho

access-control-basic-get-fail-non-simple.htm (917B)

      1 <!DOCTYPE html>
      2 <html>
      3  <head>
      4    <title>Tests CORS denying preflighted request to resource without CORS headers for OPTIONS</title>
      5    <script src="/resources/testharness.js"></script>
      6    <script src="/resources/testharnessreport.js"></script>
      7    <script src="/common/get-host-info.sub.js"></script>
      8  </head>
      9  <body>
     10    <script type="text/javascript">
     11    test(function() {
     12      const xhr = new XMLHttpRequest;
     13 
     14      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN +
     15          "/xhr/resources/access-control-basic-options-not-supported.py", false);
     16 
     17      // Non-CORS-safelisted header
     18      xhr.setRequestHeader("x-test", "foobar");
     19 
     20      // This fails because the server-side script is not prepared for an OPTIONS request
     21      assert_throws_dom("NetworkError", () => xhr.send());
     22      assert_equals(xhr.status, 0);
     23    }, "Preflighted cross-origin request denied");
     24    </script>
     25  </body>
     26 </html>

	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE