securitypolicyviolation-block-cross-origin-image.sub.html (1409B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <script src="/content-security-policy/support/testharness-helper.js"></script> 5 <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> 6 <body> 7 <script> 8 async_test(t => { 9 waitUntilEvent(window, "securitypolicyviolation") 10 .then(t.step_func_done(e => { 11 assert_equals(e.documentURI, document.location.toString()); 12 assert_equals(e.referrer, document.referrer); 13 assert_equals(e.blockedURI, "{{location[scheme]}}://{{domains[www]}}:{{location[port]}}/content-security-policy/support/fail.png"); 14 assert_equals(e.violatedDirective, "img-src"); 15 assert_equals(e.effectiveDirective, "img-src"); 16 assert_equals(e.originalPolicy, "img-src \'none\'"); 17 assert_equals(e.disposition, "enforce"); 18 assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html"); 19 assert_equals(e.lineNumber, 25); 20 assert_equals(e.columnNumber, 5); 21 assert_equals(e.statusCode, 200); 22 })); 23 24 var i = document.createElement("img"); 25 i.src = "{{location[scheme]}}://{{domains[www]}}:{{location[port]}}/content-security-policy/support/fail.png"; 26 }, "Non-redirected cross-origin URLs are not stripped."); 27 </script>