forked from bit4woo/code2sec.com
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cors.html
90 lines (77 loc) · 2.7 KB
/
cors.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<html>
<head>
<META charset="utf-8">
<script type="text/javascript">
function corspost() {
var requesturl=document.getElementById('url').value;
var requestparams=document.getElementById('params').value;
var requestContenttype=document.getElementById('Contenttype').value;
var httprequest;
if (window.XMLHttpRequest)
{ // code for IE7+, Firefox, Chrome, Opera, Safari
httprequest = new XMLHttpRequest();
} else
{ // code for IE6, IE5
httprequest = new ActiveXObject("Microsoft.XMLHTTP");
}
httprequest.onreadystatechange = function()
{
if (httprequest.readyState == 4 && httprequest.status == 200)
{
alert(httprequest.responseText);
//document.getElementById("demo").innerHTML = alert(this.responseText);
}
}
httprequest.open("POST", requesturl, true);//socket connection
httprequest.withCredentials = true;//request with cookie
httprequest.setRequestHeader("Content-type", requestContenttype);
httprequest.send(requestparams);
}
function corsget()
{
var xhttp = new XMLHttpRequest();
var requesturl=document.getElementById('geturl').value;
xhttp.onreadystatechange = function()
{
if (this.readyState == 4 && this.status == 200)
{
alert(this.responseText);
//document.getElementById("demo").innerHTML = alert(this.responseText);
}
};
xhttp.open("GET", requesturl, true);
xhttp.withCredentials = true;
xhttp.send();
console.log(this.responseText)
}
</script>
</head>
<body>
<div id="demo">
<h2>CORS GET Request:</h2>
request url :</br>
<input id="geturl" type="text" name="requesturl" placeholder="url" size="100"></input></br></br>
<button type="button" onclick="corsget()">CORS GET</button>
</br>
</br>
<h2>CORS POST Request:</h2>
request url :</br>
<input id="url" type="text" name="requesturl" placeholder="url" size="100" ></input></br></br>
request parameters:</br>
<input id="params" type="text" name="requestparams" placeholder="params" size="100"></input></br></br>
Content type:</br>
<input id="Contenttype" type="text" name="requestContenttype" placeholder="Content-type"></input></br></br>
<button type="button" onclick="corspost()">CORS POST</button></br></br>
</br>
</br>
<b>caustion:
if run this file in local(file://xxx/xx/cors.html),the Origin header will be null(Origin: null).
because Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.
</br>
</br>
so it's better to run this page in your website. you will see header like this:</br></br>
Referer: http://burp/</br>
Origin: http://burp</br>
</b>
</body>
</html>