| <!DOCTYPE html> |
| <html> |
| <body> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script> |
| if (window.testRunner) |
| testRunner.overridePreference("WebKitAllowRunningInsecureContent", false); |
| |
| async_test(t => { |
| var xhr = new XMLHttpRequest(); |
| xhr.onload = t.unreached_func("XHR should be blocked."); |
| xhr.onerror = t.step_func_done(e => assert_equals(e.total, 0)); |
| |
| xhr.open("GET", "http://example.test:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*"); |
| xhr.send(null); |
| }, "XHR to http://example.test:8000/ should be blocked."); |
| </script> |
| </body> |
| </html> |