blob: 1f8cc8cab46e0a6c0c331a95f9f8c5999725560a [file] [log] [blame]
<html>
<body>
<pre id='console'></pre>
<script type="text/javascript">
function log(message)
{
document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
}
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
(function() {
var xhr = new XMLHttpRequest();
try {
xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.py?test=access-control-preflight-async-method-denied&state=reset", false);
xhr.send(null);
} catch(e) {
log("FAIL: Unable to reset server state: [" + e.message + "].");
return;
}
xhr = new XMLHttpRequest();
try {
xhr.open("DELETE", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.py?test=access-control-preflight-async-method-denied&state=method", true);
} catch(e) {
log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
return;
}
xhr.onerror = function() {
xhr = new XMLHttpRequest();
try {
xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.py?test=access-control-preflight-async-method-denied&state=complete", false);
try {
xhr.send(null);
} catch(e) {
log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
}
} catch(e) {
log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
}
log(xhr.responseText);
if (window.testRunner)
testRunner.notifyDone();
}
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200)
log("FAIL: Cross-domain access allowed in first send without throwing an exception");
}
xhr.send(null);
})();
</script>
</body>
</html>