tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

send-authentication-cors-basic-setrequestheader.htm (1301B)

      1 <!doctype html>
      2 <html>
      3  <head>
      4    <title>XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed)</title>
      5    <script src="/resources/testharness.js"></script>
      6    <script src="/resources/testharnessreport.js"></script>
      7    <script src="/common/utils.js"></script>
      8    <script src="/common/get-host-info.sub.js"></script>
      9  </head>
     10  <body>
     11    <div id="log"></div>
     12    <script>
     13      async_test(test => {
     14        var client = new XMLHttpRequest(),
     15            urlstart = get_host_info().REMOTE_ORIGIN + location.pathname.replace(/\/[^\/]*$/, '/'),
     16            user = token()
     17        client.open("GET", urlstart + "resources/auth2/corsenabled.py", false)
     18        client.withCredentials = true
     19        client.setRequestHeader("x-user", user)
     20        client.setRequestHeader("x-pass", 'pass')
     21        client.setRequestHeader('Authorization', 'Basic ' + btoa(user + ":pass"))
     22        client.onload = test.step_func_done(() => {
     23            assert_equals(client.responseText, user + '\npass', 'responseText should contain the right user and password')
     24            assert_equals(client.status, 200)
     25            assert_equals(client.getResponseHeader('x-challenge'), 'DID-NOT')
     26        })
     27        client.send(null)
     28      })
     29    </script>
     30  </body>
     31 </html>