<body>
<p>This test passes if the inserted script fails to load due to CORS.</p>
<pre></pre>
<script>
var result = 'PASS';
</script>
<!-- Non-CORS enabled script load, supplying credentials.
Will execute as per-normal. -->
<script src="http://localhost:8000/security/resources/cors-script.php?cors=false&credentials=true&value=FAIL"></script>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
// Reset the 'result' set by above external script.
result = 'PASS';
function finish() {
document.querySelector("pre").innerHTML = result;
if (window.testRunner)
testRunner.notifyDone();
}
// Create new script of same cross-origin script as above,
// but this time loaded following CORS.
//
// The response is missing a Access-Control-Access-Origin: header,
// hence the CORS check must fail & error reported.
var script = document.createElement("script");
script.crossOrigin = "use-credentials";
script.src = "http://localhost:8000/security/resources/cors-script.php?cors=false&credentials=true&value=FAIL";
script.onload = function() {
result += " (loaded)";
finish();
}
script.onerror = function() {
result = "PASS (expected error reported)";
finish();
}
document.body.appendChild(script);
</script>
Codebase Browser
chromium