LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html - WebKit - Git at Google

 <html>
 <body>
 <pre id='console'></pre>
 <script type="text/javascript">
 function log(message)
 {
     document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
 }

 if (window.testRunner) {
     testRunner.dumpAsText();
     testRunner.waitUntilDone();
 }

 (function() {
     var xhr = new XMLHttpRequest();

     try {
         xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
         xhr.send(null);
     } catch(e) {
         log("FAIL: Unable to reset server state: [" + e.message + "].");
         return;
     }

     xhr = new XMLHttpRequest();

     try {
         xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", true);
         xhr.setRequestHeader("X-NON-STANDARD", "filler");
     } catch(e) {
         log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
         return;
     }

     xhr.onerror = function() {
         xhr = new XMLHttpRequest();

         try {
             xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
             try {
                 xhr.send(null);
             } catch(e) {
                 log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
             }
         } catch(e) {
             log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
         }

         log(xhr.responseText);
         if (window.testRunner)
             testRunner.notifyDone();
     }

     xhr.onreadystatechange = function() {
         if (xhr.readyState == 4 && xhr.status == 200)
             log("FAIL: Cross-domain access allowed in first send without throwing an exception");
     }

     xhr.send(null);
 })();
 </script>
 </body>
 </html>
	<html>
	<body>
	<pre id='console'></pre>
	<script type="text/javascript">
	function log(message)
	{
	document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
	}

	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.waitUntilDone();
	}

	(function() {
	var xhr = new XMLHttpRequest();

	try {
	xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=reset", false);
	xhr.send(null);
	} catch(e) {
	log("FAIL: Unable to reset server state: [" + e.message + "].");
	return;
	}

	xhr = new XMLHttpRequest();

	try {
	xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=header", true);
	xhr.setRequestHeader("X-NON-STANDARD", "filler");
	} catch(e) {
	log("FAIL: Exception thrown. Cross-domain access is not allowed in first 'open'. [" + e.message + "].");
	return;
	}

	xhr.onerror = function() {
	xhr = new XMLHttpRequest();

	try {
	xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php?state=complete", false);
	try {
	xhr.send(null);
	} catch(e) {
	log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'send'. [" + e.message + "].");
	}
	} catch(e) {
	log("FAIL: Exception thrown. Cross-domain access is not allowed in second 'open'. [" + e.message + "].");
	}

	log(xhr.responseText);
	if (window.testRunner)
	testRunner.notifyDone();
	}

	xhr.onreadystatechange = function() {
	if (xhr.readyState == 4 && xhr.status == 200)
	log("FAIL: Cross-domain access allowed in first send without throwing an exception");
	}

	xhr.send(null);
	})();
	</script>
	</body>
	</html>