1 files changed, 59 insertions, 0 deletions

diff --git a/testing/web-platform/tests/xhr/cors-upload.any.js b/testing/web-platform/tests/xhr/cors-upload.any.js
new file mode 100644
index 0000000000..3beb0637cc
--- /dev/null
+++ b/testing/web-platform/tests/xhr/cors-upload.any.js
@@ -0,0 +1,59 @@
+// META: title=Cross-Origin POST with preflight and FormData body should send body
+// META: script=/common/get-host-info.sub.js
+"use strict";
+
+function testCorsFormDataUpload(description, path, method, form, headers, withCredentials) {
+  const test = async_test(description);
+  const client = new XMLHttpRequest();
+  const url = corsURL(path);
+
+  client.open(method, url, true);
+  client.withCredentials = withCredentials;
+  for (const key of Object.keys(headers)) {
+    client.setRequestHeader(key, headers[key]);
+  }
+
+  client.send(form);
+
+  client.onload = () => {
+    test.step(() => {
+      assert_equals(client.status, 200);
+      assert_regexp_match(client.responseText, /Content-Disposition: form-data/);
+
+      for (const key of form.keys()) {
+        assert_regexp_match(client.responseText, new RegExp(key));
+        assert_regexp_match(client.responseText, new RegExp(form.get(key)));
+      }
+    });
+    test.done();
+  };
+}
+
+function corsURL(path) {
+  const url = new URL(path, location.href);
+  url.hostname = get_host_info().REMOTE_HOST;
+  return url.href;
+}
+
+const form = new FormData();
+form.append("key", "value");
+
+testCorsFormDataUpload(
+  "Cross-Origin POST FormData body but no preflight",
+  "resources/echo-content-cors.py",
+  "POST",
+  form,
+  {},
+  false
+);
+
+testCorsFormDataUpload(
+  "Cross-Origin POST with preflight and FormData body",
+  "resources/echo-content-cors.py",
+  "POST",
+  form,
+  {
+    Authorization: "Bearer access-token"
+  },
+  true
+);