OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0
.0.1:8000/security/contentSecurityPolicy/resources/redir.php"> | |
5 <script src="/js-test-resources/js-test.js"></script> | |
6 </head> | |
7 <body> | |
8 <script> | |
9 window.jsTestIsAsync = true; | |
10 function log(msg) { | |
11 document.getElementById("console").appendChild(document.createTextNo
de(msg + "\n")); | |
12 } | |
13 | |
14 var xhr = new XMLHttpRequest; | |
15 try { | |
16 // Redirect to a different host, because as of CSP2 paths | |
17 // are ignored when matching after a redirect. | |
18 xhr.open("GET", "resources/redir.php?url=http://localhost:8000/secur
ity/contentSecurityPolicy/resources/xhr-redirect-not-allowed.pl", true); | |
19 } catch(e) { | |
20 testFailed("XMLHttpRequest.open() should not throw an exception."); | |
21 } | |
22 | |
23 xhr.onload = function () { | |
24 testFailed("XMLHttpRequest.send() should fail to follow the disallow
ed redirect."); | |
25 finishJSTest(); | |
26 }; | |
27 | |
28 xhr.onerror = function () { | |
29 testPassed("XMLHttpRequest.send() did not follow the disallowed redi
rect."); | |
30 finishJSTest(); | |
31 }; | |
32 | |
33 xhr.send(); | |
34 </script> | |
35 </script> | |
36 </body> | |
37 </html> | |
OLD | NEW |