<html>
<!--
Copyright 2013 The Chromium Authors
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
-->
<head>
<title>NaCl Cross-origin Test</title>
</head>
<body>
<h2>NaCl Cross-origin Test</h2>
</body>
<script type="text/javascript" src="../load_util.js"></script>
<script>
function run() {
document.cookie = "foo";
var embed = load_util.crossOriginEmbed(
"cors.nmf?expected_headers=Cookie:foo"
);
// This cross-origin manifest request will succeed only if the server detects
// that a cookie is sent. If there is no cookie, the request will 404 which
// is, in fact, what we want (sending cookies could be bad). However - if
// the server 404s it will not send the CORS headers, which in turn will look
// like a cross-origin failure. Since another test verifies that cors.nmf can
// be loaded cross origin, a cross-origin failure implies a 404.
load_util.expectLoadFailure(embed, "access to manifest url was denied.");
document.body.appendChild(embed);
}
run();
</script>
</html>
Codebase Browser
chromium