reporting-api-report-only-sends-reports-on-violation.https.sub.html (952B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Test that report-only policies still work with report-to</title> 5 <script src='/resources/testharness.js'></script> 6 <script src='/resources/testharnessreport.js'></script> 7 </head> 8 <body> 9 <script> 10 var t1 = async_test("Test that image does load"); 11 async_test(function(t2) { 12 window.addEventListener("securitypolicyviolation", t2.step_func(function(e) { 13 assert_equals(e.blockedURI, "{{location[scheme]}}://{{location[host]}}/content-security-policy/support/pass.png"); 14 assert_equals(e.violatedDirective, "img-src"); 15 t2.done(); 16 })); 17 }, "Event is fired"); 18 </script> 19 <img src='/content-security-policy/support/pass.png' 20 onload='t1.done();' 21 onerror='t1.unreached_func("The image should have loaded");'> 22 23 <script async defer src='../support/checkReport.sub.js?reportField=effectiveDirective&reportValue=img-src%20%27none%27'></script> 24 </body> 25 </html>