From 68fa8f52b4b8d57544c6f6a356582030190e749b Mon Sep 17 00:00:00 2001
From: Kenneth Myhra <kennethmyhra@gmail.com>
Date: Sat, 25 Nov 2023 19:39:11 +0100
Subject: [PATCH] Tests/LibWeb: Verify XHR.open() throws on forbidden method

This verifies that XHR.open() throws a Security Error when 'CONNECT',
'TRACE', or 'TRACK' is passed as the method argument.
---
 .../XHR/XMLHttpRequest-forbidden-method.txt   |  1 +
 .../XHR/XMLHttpRequest-forbidden-method.html  | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 Tests/LibWeb/Text/expected/XHR/XMLHttpRequest-forbidden-method.txt
 create mode 100644 Tests/LibWeb/Text/input/XHR/XMLHttpRequest-forbidden-method.html

diff --git a/Tests/LibWeb/Text/expected/XHR/XMLHttpRequest-forbidden-method.txt b/Tests/LibWeb/Text/expected/XHR/XMLHttpRequest-forbidden-method.txt
new file mode 100644
index 0000000000..7ef22e9a43
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/XHR/XMLHttpRequest-forbidden-method.txt
@@ -0,0 +1 @@
+PASS
diff --git a/Tests/LibWeb/Text/input/XHR/XMLHttpRequest-forbidden-method.html b/Tests/LibWeb/Text/input/XHR/XMLHttpRequest-forbidden-method.html
new file mode 100644
index 0000000000..3c2c0e9347
--- /dev/null
+++ b/Tests/LibWeb/Text/input/XHR/XMLHttpRequest-forbidden-method.html
@@ -0,0 +1,20 @@
+<script src="../include.js"></script>
+<script>
+    test(() => {
+        const forbiddenMethods = ["CONNECT", "TRACE", "TRACK"];
+        const SECURITY_ERR = 18;
+        let i = 0;
+        for (const method of forbiddenMethods) {
+            const xhr = new XMLHttpRequest();
+            try {
+                xhr.open(method, "data:text/plain,", true);
+            }
+            catch (e) {
+                if (e.code === SECURITY_ERR)
+                    i += 1;
+            }
+        }
+        if (i === forbiddenMethods.length)
+            println("PASS");
+    });
+</script>