testing/web-platform/tests/xhr/access-control-preflight-request-header-returns-origin.any.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

// META: title=Access-Control-Request-Origin accept different origin between preflight and actual request
// META: script=/common/get-host-info.sub.js
"use strict";

async_test(t => {
  const xhr = new XMLHttpRequest();

  xhr.open("GET", corsURL("resources/access-control-preflight-request-header-returns-origin.py"));

  xhr.setRequestHeader("X-Test", "foobar");

  xhr.onerror = t.unreached_func("Error occurred.");

  xhr.onload = t.step_func_done(() => {
    assert_equals(xhr.status, 200);
    assert_equals(xhr.responseText, "PASS");
  });

  xhr.send();
});

function corsURL(path) {
  const url = new URL(path, location.href);
  url.hostname = get_host_info().REMOTE_HOST;
  return url.href;
}