chromium/third_party/blink/web_tests/fast/xmlhttprequest/invalid-method.html

<!DOCTYPE html>
<script src="../../resources/testharness.js"></script>
<script src="../../resources/testharnessreport.js"></script>
<script>
test(() => {
  const NON_TOKEN_METHODS = [
    '',
    'test\r\nfoobar',
    ' ',
    'A A',
    '"',
    '(',
    ')',
    ',',
    '/',
    ':',
    ';',
    '<',
    '=',
    '>',
    '?',
    '@',
    '[',
    '\\',
    ']',
    '{',
    '}'
  ];

  for (let method of NON_TOKEN_METHODS) {
    const xhr = new XMLHttpRequest();
    assert_throws_dom('SyntaxError', () => {
      xhr.open(method, '/');
    }, 'open() should throw for a SyntaxError for method "' + method +
        '" which does not conform to the token ABNF');
  }
}, 'Method strings that are not token');

test(() => {
  const FORBIDDEN_METHODS = [
    'CONNECT',
    'connect',
    'Connect',
    'TRACE',
    'TRACK'
  ];

  for (let method of FORBIDDEN_METHODS) {
    const xhr = new XMLHttpRequest();
    assert_throws_dom('SecurityError', () => {
      xhr.open(method, '/');
    }, 'open() should throw a SecurityError for a forbidden method "' + method + '"');
  }
}, 'Forbidden methods');
</script>