chromium/third_party/blink/web_tests/external/wpt/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html

<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/content-security-policy/support/testharness-helper.js"></script>
<script src="/content-security-policy/support/prefetch-helper.js"></script>
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'unsafe-inline'; img-src http://{{domains[www2]}}:{{ports[http][0]}}"/>

<script>
  const { OTHER_ORIGIN, REMOTE_ORIGIN } = get_host_info();

  promise_test(async (t) => {
    const url = new URL("/common/dummy.xml", location.href);
    assert_true(await try_to_prefetch(url, t));
  }, "Prefetch should succeed when restricted by default-src but allowed by " +
     "other directive");

  promise_test(async (t) => {
    const url = new URL("/common/dummy.xml", REMOTE_ORIGIN);
    assert_false(await try_to_prefetch(url, t));
  }, "Prefetch should fail when restricted by default-src and different " +
     "origin allowed by other directive");

  promise_test(async (t) => {
    const url = new URL("/common/dummy.xml", OTHER_ORIGIN);
    assert_true(await try_to_prefetch(url, t));
  }, "Prefetch should succeed when restricted by default-src but origin " +
     "allowed by other directive");
</script>
</head>
<body></body>
</html>