| <html> |
| <body> |
| <pre id='console'></pre> |
| <script type="text/javascript"> |
| function log(message) |
| { |
| document.getElementById('console').appendChild(document.createTextNode(message + "\n")); |
| } |
| |
| if (window.testRunner) |
| testRunner.dumpAsText(); |
| |
| var xhr = new XMLHttpRequest; |
| |
| (function() { |
| try { |
| xhr.open("POST", "http://localhost:8000/xmlhttprequest/resources/access-control-basic-options-not-supported.cgi", false); |
| } catch(e) { |
| log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "]."); |
| return; |
| } |
| |
| // Content-Type is a simple header, but only if the type is one that could be sent via form submission already. |
| xhr.setRequestHeader("Content-Type", "application/xml"); |
| |
| // This is going to fail because the cgi script is not prepared to serve an OPTIONS request. |
| try { |
| xhr.send(null); |
| log("FAIL: Cross-domain access was not denied in 'send'."); |
| } catch(e) { |
| log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "]."); |
| return; |
| } |
| })(); |
| </script> |
| </body> |
| </html> |
