| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php"> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| </script> |
| </head> |
| <body> |
| <p>This tests that in an isolated world an XHR request is allowed to load even if it redirects to a cross-origin resource that is not listed as a connect-src.</p> |
| <pre id="result"></pre> |
| <script> |
| window.onmessage = function (event) |
| { |
| document.getElementById("result").textContent = event.data; |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| |
| function testLoadXHRThatRedirects() |
| { |
| var xhr = new XMLHttpRequest; |
| xhr.onload = function () { window.postMessage("PASS did receive XHR response.", "*"); }; |
| xhr.onerror = function () { window.postMessage("FAIL did not receive XHR response.", "*"); }; |
| xhr.open("GET", "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi"); |
| xhr.send(); |
| } |
| |
| if (window.testRunner) |
| testRunner.evaluateScriptInIsolatedWorld(0, testLoadXHRThatRedirects.toString() + ";testLoadXHRThatRedirects();"); |
| </script> |
| </body> |
| </html> |
