| <html> |
| <body> |
| <pre id='console'></pre> |
| <script type="text/javascript"> |
| function log(message) |
| { |
| document.getElementById('console').appendChild(document.createTextNode(message + "\n")); |
| } |
| |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| (function() { |
| var xhr = new XMLHttpRequest(); |
| |
| try { |
| xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.py?test=access-control-preflight-async-method-denied&state=reset", false); |
| xhr.send(null); |
| } catch(e) { |
| log("FAIL: Unable to reset server state: [" + e.message + "]."); |
| return; |
| } |
| |
| xhr = new XMLHttpRequest(); |
| |
| try { |
| xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.py?test=access-control-preflight-async-method-denied&state=method", true); |
| } catch(e) { |
| log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "]."); |
| return; |
| } |
| |
| xhr.onerror = function() { |
| xhr = new XMLHttpRequest(); |
| |
| try { |
| xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.py?test=access-control-preflight-async-method-denied&state=complete", false); |
| try { |
| xhr.send(null); |
| } catch(e) { |
| log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "]."); |
| } |
| } catch(e) { |
| log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "]."); |
| } |
| |
| log(xhr.responseText); |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| |
| xhr.onreadystatechange = function() { |
| if (xhr.readyState == 4 && xhr.status == 200) |
| log("FAIL: Cross-domain access allowed in first send without throwing an exception"); |
| } |
| |
| xhr.send(null); |
| })(); |
| </script> |
| </body> |
| </html> |