1 files changed, 30 insertions, 0 deletions

diff --git a/testing/web-platform/tests/xhr/send-authentication-cors-basic-setrequestheader.htm b/testing/web-platform/tests/xhr/send-authentication-cors-basic-setrequestheader.htm
new file mode 100644
index 0000000000..de9c5e5430
--- /dev/null
+++ b/testing/web-platform/tests/xhr/send-authentication-cors-basic-setrequestheader.htm
@@ -0,0 +1,30 @@
+<!doctype html>
+<html>
+  <head>
+    <title>XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed)</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/utils.js"></script>
+  </head>
+  <body>
+    <div id="log"></div>
+    <script>
+      async_test(test => {
+        var client = new XMLHttpRequest(),
+            urlstart = location.host + location.pathname.replace(/\/[^\/]*$/, '/'),
+            user = token()
+        client.open("GET", location.protocol+'//www1.'+urlstart + "resources/auth2/corsenabled.py", false)
+        client.withCredentials = true
+        client.setRequestHeader("x-user", user)
+        client.setRequestHeader("x-pass", 'pass')
+        client.setRequestHeader('Authorization', 'Basic ' + btoa(user + ":pass"))
+        client.onload = test.step_func_done(() => {
+            assert_equals(client.responseText, user + '\npass', 'responseText should contain the right user and password')
+            assert_equals(client.status, 200)
+            assert_equals(client.getResponseHeader('x-challenge'), 'DID-NOT')
+        })
+        client.send(null)
+      })
+    </script>
+  </body>
+</html>