access-control-sandboxed-iframe-allow.htm (1153B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Tests that sandboxed iframe has CORS XHR access to a server that accepts all domains</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/common/get-host-info.sub.js"></script> 8 </head> 9 <body> 10 <script type="text/javascript"> 11 async_test((test) => { 12 window.addEventListener("message", test.step_func((evt) => { 13 if (evt.data === "ready") { 14 document.getElementById("frame").contentWindow.postMessage( 15 get_host_info().HTTP_ORIGIN + 16 "/xhr/resources/pass.txt?pipe=" + 17 "header(Cache-Control,no-store)|" + 18 "header(Content-Type,text/plain)|" + 19 "header(Access-Control-Allow-Credentials,true)|" + 20 "header(Access-Control-Allow-External,true)|" + 21 "header(Access-Control-Allow-Origin,*)", "*"); 22 } else { 23 assert_equals(evt.data.trim(), "PASS"); 24 test.done(); 25 } 26 }), false); 27 }); 28 </script> 29 <iframe id="frame" sandbox="allow-scripts" src="/xhr/resources/access-control-sandboxed-iframe.html"> 30 </iframe> 31 </body> 32 </html>