<!DOCTYPE html>
<html>
<body>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
if (window.testRunner)
testRunner.overridePreference("WebKitAllowRunningInsecureContent", false);
async_test(t => {
var xhr = new XMLHttpRequest();
xhr.onload = t.unreached_func("XHR should be blocked.");
xhr.onerror = t.step_func_done(e => assert_equals(e.total, 0));
xhr.open("GET", "http://example.test:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*");
xhr.send(null);
}, "XHR to http://example.test:8000/ should be blocked.");
</script>
</body>
</html>
Codebase Browser
chromium