| Andrew Top | 61a8495 | 2019-04-30 15:07:33 -0700 | [diff] [blame] | 1 | <!doctype html> |
| 2 | <html> |
| 3 | <head> |
| 4 | <title>XMLHttpRequest: anonymous mode unsupported</title> |
| 5 | <script src="/resources/testharness.js"></script> |
| 6 | <script src="/resources/testharnessreport.js"></script> |
| 7 | </head> |
| 8 | <body> |
| 9 | <div id="log"></div> |
| 10 | <script> |
| 11 | /* |
| 12 | Older versions of the XMLHttpRequest spec had an 'anonymous' mode |
| 13 | The point of this mode was to handle same-origin requests like other-origin requests, |
| 14 | i.e. require preflight, drop authentication data (cookies and HTTP auth) |
| 15 | Also the Origin: and Referer: headers would not be sent |
| 16 | |
| 17 | This mode was dropped due to lack of implementations and interest, |
| 18 | and this test is here just to assert failure if any implementation |
| 19 | supports this based on an older spec version. |
| 20 | */ |
| 21 | document.cookie = 'test=anonymous-mode-unsupported' |
| 22 | test = async_test(); |
| 23 | test.add_cleanup(function(){ |
| 24 | // make sure we clean up the cookie again to avoid confusing other tests.. |
| 25 | document.cookie = 'test=;expires=Fri, 28 Feb 2014 07:25:59 GMT'; |
| 26 | }) |
| 27 | test.step(function() { |
| 28 | var client = new XMLHttpRequest({anonymous:true}) |
| 29 | client.open("GET", "resources/inspect-headers.py?filter_name=cookie") |
| 30 | client.onreadystatechange = test.step_func(function(){ |
| 31 | if(client.readyState === 4){ |
| 32 | assert_equals(client.responseText, 'cookie: test=anonymous-mode-unsupported\n', 'The deprecated anonymous:true should be ignored, cookie sent anyway') |
| 33 | test.done(); |
| 34 | } |
| 35 | }); |
| 36 | client.send(null) |
| 37 | }) |
| 38 | </script> |
| 39 | </body> |
| 40 | </html> |
