Move XMLHttpRequest/ to xhr/

Like #8895 for quirks,
this adapts to whatwg/xhr#184, after which the
wpt links are generated and match the shortname.
https://xhr.spec.whatwg.org/ currently has a 404 link to
https://github.com/w3c/web-platform-tests/tree/master/xhr.

Steps taken:
 * rename the directory
 * sed 's#/XMLHttpRequest#/xhr#g' everywhere
 * manually handle a few remaining cases of "XMLHttpRequest/"
 * look at ouput of grep -E '\SXMLHttpRequest' and 'XMLHttpRequest[^(;]'

cors/README.md

@@ -5,4 +5,4 @@ These tests are located here as originally the CORS protocol was defined on its
 More CORS tests can be found in
 
 * /fetch
-* /XMLHttpRequest
+* /xhr

fetch/README.md

@@ -3,4 +3,4 @@ Tests for the [Fetch Standard](https://fetch.spec.whatwg.org/).
 More Fetch tests can be found in
 
 * /cors
-* /XMLHttpRequest
+* /xhr

fetch/api/basic/request-headers-case.any.js

@@ -1,11 +1,11 @@
 promise_test(() => {
-  return fetch("/XMLHttpRequest/resources/echo-headers.py", {headers: [["THIS-is-A-test", 1], ["THIS-IS-A-TEST", 2]] }).then(res => res.text()).then(body => {
+  return fetch("/xhr/resources/echo-headers.py", {headers: [["THIS-is-A-test", 1], ["THIS-IS-A-TEST", 2]] }).then(res => res.text()).then(body => {
     assert_regexp_match(body, /THIS-is-A-test: 1, 2/)
   })
 }, "Multiple headers with the same name, different case (THIS-is-A-test first)")
 
 promise_test(() => {
-  return fetch("/XMLHttpRequest/resources/echo-headers.py", {headers: [["THIS-IS-A-TEST", 1], ["THIS-is-A-test", 2]] }).then(res => res.text()).then(body => {
+  return fetch("/xhr/resources/echo-headers.py", {headers: [["THIS-IS-A-TEST", 1], ["THIS-is-A-test", 2]] }).then(res => res.text()).then(body => {
     assert_regexp_match(body, /THIS-IS-A-TEST: 1, 2/)
   })
 }, "Multiple headers with the same name, different case (THIS-IS-A-TEST first)")

fetch/api/response/response-trailer.html

@@ -3,10 +3,10 @@
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <div id=log></div>
-<!-- based on /XMLHttpRequest/getresponseheader-chunked-trailer.htm -->
+<!-- based on /xhr/getresponseheader-chunked-trailer.htm -->
 <script>
 promise_test(() => {
-  return fetch("/XMLHttpRequest/resources/chunked.py").then(res => {
+  return fetch("/xhr/resources/chunked.py").then(res => {
     assert_equals(res.headers.get("Trailer"), "X-Test-Me")
     assert_equals(res.headers.get("X-Test-Me"), null)
     assert_equals(res.headers.get("Content-Type"), "text/plain")

html/webappapis/system-state-and-capabilities/the-navigator-object/navigator.any.js

@@ -54,7 +54,7 @@
                     "userAgent should return the value sent in the " +
                     "User-Agent header");
     });
-    request.open("GET", "/XMLHttpRequest/resources/inspect-headers.py?" +
+    request.open("GET", "/xhr/resources/inspect-headers.py?" +
                         "filter_name=User-Agent");
     request.send();
   }, "userAgent value");

lint.whitelist

@@ -230,8 +230,8 @@ SET TIMEOUT: websockets/*
 SET TIMEOUT: webstorage/eventTestHarness.js
 SET TIMEOUT: webvtt/*
 SET TIMEOUT: workers/*
-SET TIMEOUT: XMLHttpRequest/resources/init.htm
-SET TIMEOUT: XMLHttpRequest/resources/xmlhttprequest-timeout.js
+SET TIMEOUT: xhr/resources/init.htm
+SET TIMEOUT: xhr/resources/xmlhttprequest-timeout.js
 
 # generate_tests implementation and sample usage
 GENERATE_TESTS: resources/test/tests/generate-callback.html

resource-timing/resources/fake_responses.py

@@ -1,4 +1,4 @@
-# XMLHttpRequest/resources/conditional.py -- to fake a 304 response
+# /xhr/resources/conditional.py -- to fake a 304 response
 
 def main(request, response):
     tag = request.GET.first("tag", None)

XMLHttpRequest/access-control-and-redirects-async-same-origin.htm → xhr/access-control-and-redirects-async-same-origin.htm

@@ -33,37 +33,37 @@
 
     // The redirect response passes the access check.
     async_test(t => {
-      runTest(t, "/XMLHttpRequest/resources/access-control-basic-allow-star.py",
+      runTest(t, "/xhr/resources/access-control-basic-allow-star.py",
           withoutCredentials, succeeds)
     }, "Request without credentials is redirected to a cross-origin response with Access-Control-Allow-Origin=* (with star)");
 
     // The redirect response fails the access check because credentials were sent.
     async_test(t => {
-      runTest(t, "/XMLHttpRequest/resources/access-control-basic-allow-star.py",
+      runTest(t, "/xhr/resources/access-control-basic-allow-star.py",
           withCredentials, fails)
     }, "Request with credentials is redirected to a cross-origin response with Access-Control-Allow-Origin=* (with star)");
 
     // The redirect response passes the access check.
     async_test(t => {
-      runTest(t, "/XMLHttpRequest/resources/access-control-basic-allow.py",
+      runTest(t, "/xhr/resources/access-control-basic-allow.py",
           withoutCredentials, succeeds)
     }, "Request without credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin");
 
     // The redirect response passes the access check.
     async_test(t => {
-      runTest(t, "/XMLHttpRequest/resources/access-control-basic-allow.py",
+      runTest(t, "/xhr/resources/access-control-basic-allow.py",
           withCredentials, succeeds)
     }, "Request with credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin");
 
     // forbidding credentials. The redirect response passes the access check.
     async_test(t => {
-      runTest(t, "/XMLHttpRequest/resources/access-control-basic-allow-no-credentials.py",
+      runTest(t, "/xhr/resources/access-control-basic-allow-no-credentials.py",
           withoutCredentials, succeeds)
     }, "Request without credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin (no credentials)");
 
     // forbidding credentials. The redirect response fails the access check.
     async_test(t => {
-      runTest(t, "/XMLHttpRequest/resources/access-control-basic-allow-no-credentials.py",
+      runTest(t, "/xhr/resources/access-control-basic-allow-no-credentials.py",
           withCredentials, fails)
     }, "Request with credentials is redirected to a cross-origin response with a specific Access-Control-Allow-Origin (no credentials)");
     </script>

XMLHttpRequest/access-control-and-redirects-async.htm → xhr/access-control-and-redirects-async.htm

@@ -11,7 +11,7 @@
     function runTest(test, destination, parameters, customHeader, local, expectSuccess) {
       const xhr = new XMLHttpRequest();
       const url = (local ? get_host_info().HTTP_ORIGIN : get_host_info().HTTP_REMOTE_ORIGIN) +
-        "/XMLHttpRequest/resources/redirect-cors.py?location=" + destination + "&" +  parameters;
+        "/xhr/resources/redirect-cors.py?location=" + destination + "&" +  parameters;
 
       xhr.open("GET", url, true);
 
@@ -41,21 +41,21 @@
     // The redirect response fails the access check because the redirect lacks a CORS header.
     async_test(t => {
       runTest(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow-star.py", "",
+          "/xhr/resources/access-control-basic-allow-star.py", "",
           withoutCustomHeader, remote, fails)
     }, "Request is redirected without CORS headers to a response with Access-Control-Allow-Origin=*");
 
     // The redirect response passes the access check.
     async_test(t => {
       runTest(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow-star.py", "allow_origin=true",
+          "/xhr/resources/access-control-basic-allow-star.py", "allow_origin=true",
           withoutCustomHeader, remote, succeeds)
     }, "Request is redirected to a response with Access-Control-Allow-Origin=*");
 
     // The redirect response fails the access check because user info was sent.
     async_test(t => {
       runTest(t, get_host_info().HTTP_REMOTE_ORIGIN.replace("http://", "http://username:password@") +
-          "/XMLHttpRequest/resources/access-control-basic-allow-star.py", "allow_origin=true",
+          "/xhr/resources/access-control-basic-allow-star.py", "allow_origin=true",
           withoutCustomHeader, remote, fails)
     }, "Request with user info is redirected to a response with Access-Control-Allow-Origin=*");
 
@@ -67,21 +67,21 @@
     // The preflighted redirect response fails the access check because of preflighting.
     async_test(t => {
       runTest(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow-star.py",
+          "/xhr/resources/access-control-basic-allow-star.py",
           "allow_origin=true&redirect_preflight=true", withCustomHeader, remote, fails)
     }, "Preflighted request is redirected to a response with Access-Control-Allow-Origin=*");
 
     // The preflighted redirect response fails the access check after successful preflighting.
     async_test(t => {
       runTest(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow-star.py",
+          "/xhr/resources/access-control-basic-allow-star.py",
           "allow_origin=true&allow_header=x-test&redirect_preflight=true",
           withCustomHeader, remote, fails)
     }, "Preflighted request is redirected to a response with Access-Control-Allow-Origin=* and header allowed");
 
     // The same-origin redirect response passes the access check.
     async_test(t => {
-      runTest(t, get_host_info().HTTP_ORIGIN + "/XMLHttpRequest/resources/pass.txt",
+      runTest(t, get_host_info().HTTP_ORIGIN + "/xhr/resources/pass.txt",
           "", withCustomHeader, local, succeeds)
     }, "Request is redirected to a same-origin resource file");
     </script>

XMLHttpRequest/access-control-and-redirects.htm → xhr/access-control-and-redirects.htm

@@ -29,31 +29,31 @@
     }
     test(t => {
       runSync(t, "resources/redirect-cors.py?location=" + get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow.py")
+          "/xhr/resources/access-control-basic-allow.py")
     }, "Local sync redirect to remote origin");
     async_test(t => {
       runAsync(t, "resources/redirect-cors.py?location=" + get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow.py")
+          "/xhr/resources/access-control-basic-allow.py")
     }, "Local async redirect to remote origin");
     test(t => {
       runSync(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/redirect-cors.py?location=" + get_host_info().HTTP_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow.py&allow_origin=true")
+          "/xhr/resources/redirect-cors.py?location=" + get_host_info().HTTP_ORIGIN +
+          "/xhr/resources/access-control-basic-allow.py&allow_origin=true")
     }, "Remote sync redirect to local origin");
     async_test(t => {
       runAsync(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/redirect-cors.py?location=" + get_host_info().HTTP_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow.py&allow_origin=true")
+          "/xhr/resources/redirect-cors.py?location=" + get_host_info().HTTP_ORIGIN +
+          "/xhr/resources/access-control-basic-allow.py&allow_origin=true")
     }, "Remote async redirect to local origin");
     test(t => {
       runSync(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/redirect-cors.py?location=" + get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow.py&allow_origin=true")
+          "/xhr/resources/redirect-cors.py?location=" + get_host_info().HTTP_REMOTE_ORIGIN +
+          "/xhr/resources/access-control-basic-allow.py&allow_origin=true")
     }, "Remote sync redirect to same remote origin");
     async_test(t => {
       runAsync(t, get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/redirect-cors.py?location=" + get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow.py&allow_origin=true")
+          "/xhr/resources/redirect-cors.py?location=" + get_host_info().HTTP_REMOTE_ORIGIN +
+          "/xhr/resources/access-control-basic-allow.py&allow_origin=true")
     }, "Remote async redirect to same remote origin");
     </script>
   </body>

XMLHttpRequest/access-control-basic-allow-access-control-origin-header-data-url.htm → xhr/access-control-basic-allow-access-control-origin-header-data-url.htm

@@ -8,7 +8,7 @@
   </head>
   <body>
     <script type="text/javascript">
-const url = get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-origin-header.py";
+const url = get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-origin-header.py";
 async_test(function(test) {
   window.addEventListener("message", test.step_func(function(evt) {
     if (evt.data == "ready") {

XMLHttpRequest/access-control-basic-allow-access-control-origin-header.htm → xhr/access-control-basic-allow-access-control-origin-header.htm

@@ -10,7 +10,7 @@
     async_test(function(test) {
       const xhr = new XMLHttpRequest;
 
-      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-origin-header.py", false);
+      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-origin-header.py", false);
       xhr.send();
 
       assert_equals(xhr.responseText, "PASS: Cross-domain access allowed.\n" +

XMLHttpRequest/access-control-basic-allow-async.htm → xhr/access-control-basic-allow-async.htm

@@ -21,7 +21,7 @@
       xhr.onerror = test.unreached_func("FAIL: Network error.");
 
       xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-allow.py", true);
+          "/xhr/resources/access-control-basic-allow.py", true);
       xhr.send();
     }, "Basic async cross-origin XHR request");
     </script>

XMLHttpRequest/access-control-basic-allow-non-cors-safelisted-method-async.htm → xhr/access-control-basic-allow-non-cors-safelisted-method-async.htm

@@ -18,7 +18,7 @@
       xhr.onerror = test.unreached_func("Unexpected error.");
 
       xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN +
-          "/XMLHttpRequest/resources/access-control-basic-put-allow.py");
+          "/xhr/resources/access-control-basic-put-allow.py");
       xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
       xhr.send("PASS: PUT data received");
     }, "Allow async PUT request");

XMLHttpRequest/access-control-basic-allow-non-cors-safelisted-method.htm → xhr/access-control-basic-allow-non-cors-safelisted-method.htm

@@ -11,7 +11,7 @@
     test(function() {
       const xhr = new XMLHttpRequest;
 
-      xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-put-allow.py", false);
+      xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-put-allow.py", false);
 
       xhr.setRequestHeader("Content-Type", "text/plain; charset=UTF-8");
 

XMLHttpRequest/access-control-basic-allow-preflight-cache-invalidation-by-header.htm → xhr/access-control-basic-allow-preflight-cache-invalidation-by-header.htm

@@ -20,15 +20,15 @@
         firstRequest();
       });
 
-      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/reset-token.py?token=" + uuid, true);
+      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/reset-token.py?token=" + uuid, true);
       xhr.send();
 
       function firstRequest() {
         xhr.onload = test.step_func(function() {
           assert_equals(xhr.responseText, "PASS: First PUT request.");
           secondRequest();
         });
-        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
+        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
         xhr.send();
       }
 
@@ -38,7 +38,7 @@
           test.done();
         });
         // Send a header not included in the inital cache.
-        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
+        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
         xhr.setRequestHeader("x-test", "headerValue");
         xhr.send();
       }

XMLHttpRequest/access-control-basic-allow-preflight-cache-invalidation-by-method.htm → xhr/access-control-basic-allow-preflight-cache-invalidation-by-method.htm

@@ -20,15 +20,15 @@
         firstRequest();
       });
 
-      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/reset-token.py?token=" + uuid, true);
+      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/reset-token.py?token=" + uuid, true);
       xhr.send();
 
       function firstRequest() {
         xhr.onload = test.step_func(function() {
           assert_equals(xhr.responseText, "PASS: First PUT request.");
           secondRequest();
         });
-        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
+        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
         xhr.send();
       }
 
@@ -38,7 +38,7 @@
           test.done();
         });
         // Send a header not included in the inital cache.
-        xhr.open("XMETHOD", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
+        xhr.open("XMETHOD", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache-invalidation.py?token=" + uuid, true);
         xhr.send();
       }
     }, "Preflight cache should be invalidated by changed method");

XMLHttpRequest/access-control-basic-allow-preflight-cache-timeout.htm → xhr/access-control-basic-allow-preflight-cache-timeout.htm

@@ -20,15 +20,15 @@
         firstRequest();
       });
 
-      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/reset-token.py?token=" + uuid, true);
+      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/reset-token.py?token=" + uuid, true);
       xhr.send();
 
       function firstRequest() {
         xhr.onload = test.step_func(function() {
           assert_equals(xhr.responseText, "PASS: First PUT request.");
           step_timeout(secondRequest, 3000); // 3 seconds
         });
-        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache-timeout.py?token=" + uuid, true);
+        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache-timeout.py?token=" + uuid, true);
         xhr.send();
       }
 
@@ -37,7 +37,7 @@
           assert_equals(xhr.responseText, "PASS: Second OPTIONS request was sent.");
           test.done();
         });
-        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache-timeout.py?token=" + uuid, true);
+        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache-timeout.py?token=" + uuid, true);
         xhr.send();
       }
     }, "Preflight cache should be invalidated on timeout");

XMLHttpRequest/access-control-basic-allow-preflight-cache.htm → xhr/access-control-basic-allow-preflight-cache.htm

@@ -20,23 +20,23 @@
         firstRequest();
       });
 
-      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/reset-token.py?token=" + uuid, true);
+      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/reset-token.py?token=" + uuid, true);
       xhr.send();
 
       function firstRequest() {
         xhr.onload = test.step_func(function() {
           assert_equals(xhr.responseText, "PASS: First PUT request.");
           secondRequest();
         });
-        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache.py?token=" + uuid, true);
+        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache.py?token=" + uuid, true);
         xhr.send();
       }
 
       function secondRequest() {
         xhr.onload = test.step_func_done(function() {
           assert_equals(xhr.responseText, "PASS: Second PUT request. Preflight worked.");
         });
-        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-preflight-cache.py?token=" + uuid, true);
+        xhr.open("PUT", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-preflight-cache.py?token=" + uuid, true);
         xhr.send();
       }
     }, "Preflight cache should allow second request");

XMLHttpRequest/access-control-basic-allow-star.htm → xhr/access-control-basic-allow-star.htm

@@ -11,7 +11,7 @@
     const xhr = new XMLHttpRequest;
 
     test(function(test) {
-      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-allow-star.py", false);
+      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-allow-star.py", false);
 
       xhr.send();
 

XMLHttpRequest/access-control-basic-allow.htm → xhr/access-control-basic-allow.htm

@@ -11,7 +11,7 @@
     test(function() {
       const xhr = new XMLHttpRequest;
 
-      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-allow.py", false);
+      xhr.open("GET", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-allow.py", false);
 
       xhr.send();
 

XMLHttpRequest/access-control-basic-cors-safelisted-request-headers.htm → xhr/access-control-basic-cors-safelisted-request-headers.htm

@@ -11,7 +11,7 @@
     test(function() {
       const xhr = new XMLHttpRequest;
 
-      xhr.open("POST", get_host_info().HTTP_REMOTE_ORIGIN + "/XMLHttpRequest/resources/access-control-basic-cors-safelisted-request-headers.py", false);
+      xhr.open("POST", get_host_info().HTTP_REMOTE_ORIGIN + "/xhr/resources/access-control-basic-cors-safelisted-request-headers.py", false);
 
       xhr.setRequestHeader("Accept", "*");
       xhr.setRequestHeader("Accept-Language", "ru");