| <!DOCTYPE html> |
| <script src="../../resources/testharness.js"></script> |
| <script src="../../resources/testharnessreport.js"></script> |
| <script> |
| test(() => { |
| const NON_TOKEN_METHODS = [ |
| '', |
| 'test\r\nfoobar', |
| ' ', |
| 'A A', |
| '"', |
| '(', |
| ')', |
| ',', |
| '/', |
| ':', |
| ';', |
| '<', |
| '=', |
| '>', |
| '?', |
| '@', |
| '[', |
| '\\', |
| ']', |
| '{', |
| '}' |
| ]; |
| |
| for (let method of NON_TOKEN_METHODS) { |
| const xhr = new XMLHttpRequest(); |
| assert_throws('SyntaxError', () => { |
| xhr.open(method, '/'); |
| }, 'open() should throw for a SyntaxError for method "' + method + |
| '" which does not conform to the token ABNF'); |
| } |
| }, 'Method strings that are not token'); |
| |
| test(() => { |
| const FORBIDDEN_METHODS = [ |
| 'CONNECT', |
| 'connect', |
| 'Connect', |
| 'TRACE', |
| 'TRACK' |
| ]; |
| |
| for (let method of FORBIDDEN_METHODS) { |
| const xhr = new XMLHttpRequest(); |
| assert_throws('SecurityError', () => { |
| xhr.open(method, '/'); |
| }, 'open() should throw a SecurityError for a forbidden method "' + method + '"'); |
| } |
| }, 'Forbidden methods'); |
| </script> |