third_party/web_platform_tests/XMLHttpRequest/cobalt_trunk_send-authentication-basic-cors-not-enabled.htm - cobalt - Git at Google

 <!doctype html>
 <html>
   <head>
     <title>XMLHttpRequest: send() - "Basic" authenticated CORS requests with user name and password passed to open() (asserts failure)</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/common/utils.js"></script>
     <link rel="help" href="https://xhr.spec.whatwg.org/#the-open()-method" data-tested-assertations="following::ol[1]/li[9]/ol[1]/li[1] following::ol[1]/li[9]/ol[1]/li[2]" />
     <link rel="help" href="https://xhr.spec.whatwg.org/#the-send()-method" data-tested-assertations="following::code[contains(@title,'http-authorization')]/.." />
   </head>
   <body>
     <div id="log"></div>
     <script>
       async_test(function() {
         var client = new XMLHttpRequest(),
           urlstart = 'www1.'+location.host + location.pathname.replace(/\/[^\/]*$/, '/')
         client.withCredentials = true
         user = token()
         client.open("GET", location.protocol+'//'+urlstart + "resources/auth1/auth.py", true, user, 'pass')
         client.setRequestHeader("x-user", user)
         client.onerror = this.step_func(function(e){
           assert_equals(client.responseText, '')
           assert_equals(client.status, 0)
           assert_equals(client.getResponseHeader('x-challenge'), null)
           this.done()
         })
         client.onload = this.step_func(function(e){
           assert_unreached("should not succeed")
         })
         client.send(null)
       }, document.title)
     </script>
   </body>
 </html>
	<!doctype html>
	<html>
	<head>
	<title>XMLHttpRequest: send() - "Basic" authenticated CORS requests with user name and password passed to open() (asserts failure)</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/common/utils.js"></script>
	<link rel="help" href="https://xhr.spec.whatwg.org/#the-open()-method" data-tested-assertations="following::ol[1]/li[9]/ol[1]/li[1] following::ol[1]/li[9]/ol[1]/li[2]" />
	<link rel="help" href="https://xhr.spec.whatwg.org/#the-send()-method" data-tested-assertations="following::code[contains(@title,'http-authorization')]/.." />
	</head>
	<body>
	<div id="log"></div>
	<script>
	async_test(function() {
	var client = new XMLHttpRequest(),
	urlstart = 'www1.'+location.host + location.pathname.replace(/\/[^\/]*$/, '/')
	client.withCredentials = true
	user = token()
	client.open("GET", location.protocol+'//'+urlstart + "resources/auth1/auth.py", true, user, 'pass')
	client.setRequestHeader("x-user", user)
	client.onerror = this.step_func(function(e){
	assert_equals(client.responseText, '')
	assert_equals(client.status, 0)
	assert_equals(client.getResponseHeader('x-challenge'), null)
	this.done()
	})
	client.onload = this.step_func(function(e){
	assert_unreached("should not succeed")
	})
	client.send(null)
	}, document.title)
	</script>
	</body>
	</html>