<!doctype html>
<html>
  <head>
    <title>XMLHttpRequest: anonymous mode unsupported</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
  </head>
  <body>
    <div id="log"></div>
    <script>
    /*
      Older versions of the XMLHttpRequest spec had an 'anonymous' mode
      The point of this mode was to handle same-origin requests like other-origin requests,
      i.e. require preflight, drop authentication data (cookies and HTTP auth)
      Also the Origin: and Referer: headers would not be sent

      This mode was dropped due to lack of implementations and interest,
      and this test is here just to assert failure if any implementation
      supports this based on an older spec version.
    */
      document.cookie = 'test=anonymous-mode-unsupported'
      test = async_test();
      test.add_cleanup(function(){
        // make sure we clean up the cookie again to avoid confusing other tests..
        document.cookie = 'test=;expires=Fri, 28 Feb 2014 07:25:59 GMT';
      })
      test.step(function() {
        var client = new XMLHttpRequest({anonymous:true})
        client.open("GET", "resources/inspect-headers.py?filter_name=cookie")
        client.onreadystatechange = test.step_func(function(){
          if(client.readyState === 4){
            assert_equals(client.responseText, 'cookie: test=anonymous-mode-unsupported\n', 'The deprecated anonymous:true should be ignored, cookie sent anyway')
            test.done();
          }
        });
        client.send(null)
      })
    </script>
  </body>
</html>