access-control-preflight-request-must-not-contain-cookie.htm (2039B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Preflight request must not contain any cookie header</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 </head> 9 <body> 10 <script type="text/javascript"> 11 async_test((test) => { 12 function setupCookie() { 13 const xhr = new XMLHttpRequest; 14 // Delete all preexisting cookies and set a cookie named "foo" 15 xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + 16 "/xhr/resources/access-control-cookie.py?cookie_name=foo"); 17 xhr.withCredentials = true; 18 xhr.send(); 19 xhr.onerror = test.unreached_func("Unexpected error."); 20 xhr.onload = test.step_func(() => { 21 assert_equals(xhr.status, 200); 22 sendPreflightedRequest(); 23 }); 24 } 25 26 function sendPreflightedRequest() { 27 const xhr = new XMLHttpRequest; 28 // Request to server-side file fails if cookie is included in preflight 29 xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + 30 "/xhr/resources/access-control-preflight-request-must-not-contain-cookie.py"); 31 xhr.withCredentials = true; 32 xhr.setRequestHeader("X-Proprietary-Header", "foo"); 33 xhr.onerror = test.unreached_func("Unexpected error."); 34 xhr.onload = test.step_func(() => { 35 assert_equals(xhr.status, 200); 36 assert_equals(xhr.responseText, "COOKIE"); 37 cleanupCookies(); 38 }); 39 xhr.send(); 40 } 41 42 function cleanupCookies() { 43 const xhr = new XMLHttpRequest; 44 // Delete all cookies 45 xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + 46 "/xhr/resources/access-control-cookie.py"); 47 xhr.withCredentials = true; 48 xhr.send(); 49 xhr.onerror = test.unreached_func("Unexpected error."); 50 xhr.onload = test.step_func_done(() => {}); 51 } 52 53 setupCookie(); 54 }); 55 </script> 56 </body> 57 </html>