send-after-setting-document-domain-window-1.htm (1068B)
1 <!doctype html> 2 <html> 3 <head> 4 <title>XMLHttpRequest: send() with document.domain set: loading documents from original origin after setting document.domain</title> 5 <script src="send-after-setting-document-domain-window-helper.js"></script> 6 <link rel="help" href="https://xhr.spec.whatwg.org/#the-open()-method" data-tested-assertations="following::ol[1]/li[2]/ol[1]/li[3]" /> 7 </head> 8 <body> 9 <script> 10 run_test(function() { 11 document.domain = document.domain; // this is not a noop, it does actually change the security context 12 var client = new XMLHttpRequest(); 13 client.open("GET", "status.py?content=hello", false); 14 client.send(null); 15 assert_equals(client.responseText, "hello"); 16 document.domain = document.domain.replace(/^\w+\./, ""); 17 client.open("GET", "status.py?content=hello2", false); 18 client.send(null); 19 assert_equals(client.responseText, "hello2"); 20 }, "loading documents from original origin after setting document.domain"); 21 </script> 22 </body> 23 </html>