access-control-preflight-headers-sync.htm (1011B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Test that sync CORS requests with custom headers are not sent with OPTIONS preflight</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 <script src="/common/utils.js"></script> 9 </head> 10 <body> 11 <script type="text/javascript"> 12 test(function() { 13 let xhr = new XMLHttpRequest; 14 const uuid = token(); 15 16 xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + 17 "/xhr/resources/reset-token.py?token=" + uuid, false); 18 xhr.send(); 19 20 xhr = new XMLHttpRequest; 21 xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + 22 "/xhr/resources/no-custom-header-on-preflight.py?token=" + uuid, false); 23 xhr.setRequestHeader("x-test", "foobar"); 24 xhr.send(); 25 assert_equals(xhr.responseText, "PASS"); 26 }, "Preflighted sync request with custom header"); 27 </script> 28 </body> 29 </html>