access-control-origin-header-in-isolated-world.html

<!DOCTYPE html>
<script src="/js-test-resources/testharness.js"></script>
<script src="/js-test-resources/testharnessreport.js"></script>
<script>
if (window.testRunner) {
  // Testing with "http" scheme than "chrome-extension://" since content_shell
  // doesn't register the extension scheme as a web safe isolated scheme.
  testRunner.setIsolatedWorldInfo(1, 'http://example.com', null);
}

function runTest() {
  const xhr = new XMLHttpRequest();
  xhr.open('GET', 'http://localhost:8000/xmlhttprequest/chromium/resources/access-control-origin-header-in-isolated-world.php');
  xhr.setRequestHeader('X-Custom-Header', 'PASS');
  xhr.onerror = () => {
    postMessage('FAIL: XHR errored', '*');
  };
  xhr.onload = () => {
    postMessage(xhr.responseText, '*');
  };
  xhr.send();
}

async_test(t => {
  addEventListener('message', t.step_func(event => {
    assert_equals(event.data, 'PASS');
    t.done();
  }));
  testRunner.evaluateScriptInIsolatedWorld(1, String(eval('runTest')) + '\nrunTest();');
}, 'The Origin header contains the origin of the isolated world where the script is running');

done();
</script>

chromium/third_party/blink/web_tests/http/tests/xmlhttprequest/chromium/access-control-origin-header-in-isolated-world.html