| <html> |
| <body> |
| <pre id='console'></pre> |
| <script type="text/javascript"> |
| function log(message) |
| { |
| document.getElementById('console').appendChild(document.createTextNode(message + "\n")); |
| } |
| |
| if (window.testRunner) |
| testRunner.dumpAsText(); |
| |
| (function() { |
| var xhr = new XMLHttpRequest; |
| |
| try { |
| xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi", false); |
| } catch(e) { |
| log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "]."); |
| return; |
| } |
| |
| // Non-allowlisted method |
| xhr.setRequestHeader("x-webkit", "foobar"); |
| |
| // This is going to fail because the cgi script is not prepared for an OPTIONS request. |
| try { |
| xhr.send(); |
| } catch(e) { |
| log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "]."); |
| return; |
| } |
| |
| log(xhr.responseText); |
| })(); |
| </script> |
| </body> |
| </html> |