marcelaraujo/test.html

## test.html
<!DOCTYPE html>
<html>
<head lang="en">
	<meta charset="UTF-8">
	<title></title>
</head>
<body>
	<script type="text/javascript">
		var httpRequest;
		if (window.XMLHttpRequest) { // Mozilla, Safari, ...
			httpRequest = new XMLHttpRequest();
		} else if (window.ActiveXObject) { // IE 8 and older
			httpRequest = new ActiveXObject("Microsoft.XMLHTTP");
		}

		httpRequest.onload = function() {
			console.log( "onload", arguments );
		};

		httpRequest.onabort = function() {
			console.log( "onabort", arguments );
		};

		httpRequest.onerror = function(error) {
			console.log( "onerror", error );
		};

		httpRequest.onreadystatechange = function() {
			console.log( "onreadystatechange", httpRequest );
		};

		/**
		 * Internet Explorer throws error at "open" method
		 */
		try {
			httpRequest.open('GET', 'file://a.txt', true);

			/**
			 * This custom header throws error "Refused to set unsafe header"
			 */
			httpRequest.setRequestHeader("Referer", "http://www.google.com");

			/**
			 * These headers works as expected
			 */
			httpRequest.setRequestHeader("Accept","text/plain");
			httpRequest.setRequestHeader("Content-Type","text/plain");

			/**
			 * This custom header makes everything go to the hell
			 */
			httpRequest.setRequestHeader ("X-Custom-Header", "bug-bug-bug-bug-bug-");
			httpRequest.setRequestHeader ("X-Requested-With", "XMLHttpRequest");

			/**
			 * Expect error "XMLHttpRequest cannot load file://a.txt"
			 *
			 * This should throw errors at "onerror" listener and should be caught by "try-catch"
			 */
			try {
				httpRequest.send(null);
			} catch( e ) {
				console.log( "caught2", e );
			}

		} catch( e ) {
			console.log( "caught 1", e );
		}


	</script>
</body>
</html>
	<!DOCTYPE html>
	<html>
	<head lang="en">
	<meta charset="UTF-8">
	<title></title>
	</head>
	<body>
	<script type="text/javascript">
	var httpRequest;
	if (window.XMLHttpRequest) { // Mozilla, Safari, ...
	httpRequest = new XMLHttpRequest();
	} else if (window.ActiveXObject) { // IE 8 and older
	httpRequest = new ActiveXObject("Microsoft.XMLHTTP");
	}

	httpRequest.onload = function() {
	console.log( "onload", arguments );
	};

	httpRequest.onabort = function() {
	console.log( "onabort", arguments );
	};

	httpRequest.onerror = function(error) {
	console.log( "onerror", error );
	};

	httpRequest.onreadystatechange = function() {
	console.log( "onreadystatechange", httpRequest );
	};

	/**
	* Internet Explorer throws error at "open" method
	*/
	try {
	httpRequest.open('GET', 'file://a.txt', true);

	/**
	* This custom header throws error "Refused to set unsafe header"
	*/
	httpRequest.setRequestHeader("Referer", "http://www.google.com");

	/**
	* These headers works as expected
	*/
	httpRequest.setRequestHeader("Accept","text/plain");
	httpRequest.setRequestHeader("Content-Type","text/plain");

	/**
	* This custom header makes everything go to the hell
	*/
	httpRequest.setRequestHeader ("X-Custom-Header", "bug-bug-bug-bug-bug-");
	httpRequest.setRequestHeader ("X-Requested-With", "XMLHttpRequest");

	/**
	* Expect error "XMLHttpRequest cannot load file://a.txt"
	*
	* This should throw errors at "onerror" listener and should be caught by "try-catch"
	*/
	try {
	httpRequest.send(null);
	} catch( e ) {
	console.log( "caught2", e );
	}

	} catch( e ) {
	console.log( "caught 1", e );
	}


	</script>
	</body>
	</html>