diff -r 000000000000 -r 6474c204b198 content/base/test/file_CrossSiteXHR_cache_server.sjs
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/content/base/test/file_CrossSiteXHR_cache_server.sjs	Wed Dec 31 06:09:35 2014 +0100
@@ -0,0 +1,46 @@
+function handleRequest(request, response)
+{
+  var query = {};
+  request.queryString.split('&').forEach(function (val) {
+    var [name, value] = val.split('=');
+    query[name] = unescape(value);
+  });
+
+  if ("setState" in query) {
+    setState("test/content/base/test_CrossSiteXHR_cache:secData",
+             query.setState);
+
+    response.setHeader("Cache-Control", "no-cache", false);
+    response.setHeader("Content-Type", "text/plain", false);
+    response.write("hi");
+
+    return;
+  }
+
+  var isPreflight = request.method == "OPTIONS";
+
+  // Send response
+
+  secData =
+    eval(getState("test/content/base/test_CrossSiteXHR_cache:secData"));
+
+  if (secData.allowOrigin)
+    response.setHeader("Access-Control-Allow-Origin", secData.allowOrigin);
+
+  if (isPreflight) {
+    if (secData.allowHeaders)
+      response.setHeader("Access-Control-Allow-Headers", secData.allowHeaders);
+
+    if (secData.allowMethods)
+      response.setHeader("Access-Control-Allow-Methods", secData.allowMethods);
+
+    if (secData.cacheTime)
+      response.setHeader("Access-Control-Max-Age", secData.cacheTime.toString());
+
+    return;
+  }
+
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Content-Type", "application/xml", false);
+  response.write("<res>hello pass</res>\n");
+}