--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/access-control-basic-denied.js Sun Apr 29 12:29:30 2012 -0700
@@ -0,0 +1,24 @@
+var accessControlBasicDenied = function() {
+ var xhr = new XMLHttpRequest;
+ var path = "/webappsec/tests/cors/submitted/webkit";
+
+ try {
+ xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-denied.php", false);
+ } catch(e) {
+ log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+ return;
+ }
+
+ try {
+ xhr.send();
+ assert_true(false);
+ } catch(e) {
+ assert_true(true);
+ //log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+ return;
+ }
+
+ log(xhr.responseText);
+};
+
+test(accessControlBasicDenied, "access-control-basic-denied")
--- a/tests/cors/submitted/webkit/cors-tests.html Sun Apr 29 11:20:58 2012 -0700
+++ b/tests/cors/submitted/webkit/cors-tests.html Sun Apr 29 12:29:30 2012 -0700
@@ -7,9 +7,10 @@
<script src="/webappsec/tests/cors/submitted/webkit/log.js"></script>
<h2>W3C WebAppSec Cross-Origin Resource Sharing</h2>
<a href="http://www.w3.org/TR/cors"> http://www.w3.org/TR/cors/</a>
-<h3>Test suite compliant with working draft 3 April 2012</h3>
+<!-- <h3>Test suite compliant with working draft 3 April 2012</h3> -->
<script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow.js"></script>
<script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-star.js"></script>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-denied.js"></script>
<div id=log></div>
</body>
</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/webkit/resources/access-control-basic-denied.php Sun Apr 29 12:29:30 2012 -0700
@@ -0,0 +1,4 @@
+<?php
+header("Content-Type: text/plain");
+echo "FAIL: Cross-domain access allowed.";
+?>
\ No newline at end of file