OLD | NEW |
(Empty) | |
| 1 <html> |
| 2 <body> |
| 3 <p>Test that setRequestHeader cannot be used to alter security-sensitive headers |
| 4 for file:// urls.</p> |
| 5 <pre id=result>FAIL: script didn't run or raised an unexpected exception.</pre> |
| 6 |
| 7 <script> |
| 8 |
| 9 if (window.testRunner) |
| 10 testRunner.dumpAsText(); |
| 11 |
| 12 if (window.location.href.indexOf("file://") != 0) { |
| 13 document.getElementById("result").textContent = |
| 14 "ERROR: Not running from file:// origin."; |
| 15 } else { |
| 16 req = new XMLHttpRequest; |
| 17 req.open("GET", "resources/print-headers.cgi", false); |
| 18 |
| 19 req.setRequestHeader("REFERER", "foobar"); |
| 20 |
| 21 try { |
| 22 req.send(""); |
| 23 if (req.responseText.match("100-continue|foobar|123456")) |
| 24 document.getElementById("result").textContent = |
| 25 req.responseText; |
| 26 else |
| 27 document.getElementById("result").textContent = "SUCCESS"; |
| 28 } catch (ex) { |
| 29 document.getElementById("result").textContent = ex; |
| 30 } |
| 31 } |
| 32 </script> |
| 33 </body> |
| 34 </html> |
OLD | NEW |