1 files changed, 59 insertions, 0 deletions

diff --git a/dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs b/dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs
new file mode 100644
index 0000000000..c8e3243101
--- /dev/null
+++ b/dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs
@@ -0,0 +1,59 @@
+function handleRequest(request, response) {
+  var query = {};
+  request.queryString.split("&").forEach(function (val) {
+    var [name, value] = val.split("=");
+    query[name] = unescape(value);
+  });
+
+  if ("setState" in query) {
+    setState(
+      "test/dom/security/test_CrossSiteXHR_cache:secData",
+      query.setState
+    );
+
+    response.setHeader("Cache-Control", "no-cache", false);
+    response.setHeader("Content-Type", "text/plain", false);
+    response.write("hi");
+
+    return;
+  }
+
+  var isPreflight = request.method == "OPTIONS";
+
+  // Send response
+
+  secData = JSON.parse(
+    getState("test/dom/security/test_CrossSiteXHR_cache:secData")
+  );
+
+  if (secData.allowOrigin) {
+    response.setHeader("Access-Control-Allow-Origin", secData.allowOrigin);
+  }
+
+  if (secData.withCred) {
+    response.setHeader("Access-Control-Allow-Credentials", "true");
+  }
+
+  if (isPreflight) {
+    if (secData.allowHeaders) {
+      response.setHeader("Access-Control-Allow-Headers", secData.allowHeaders);
+    }
+
+    if (secData.allowMethods) {
+      response.setHeader("Access-Control-Allow-Methods", secData.allowMethods);
+    }
+
+    if (secData.cacheTime) {
+      response.setHeader(
+        "Access-Control-Max-Age",
+        secData.cacheTime.toString()
+      );
+    }
+
+    return;
+  }
+
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Content-Type", "application/xml", false);
+  response.write("<res>hello pass</res>\n");
+}