insecure-localhost-allowed.https.html

<!DOCTYPE html>
<html>
<body>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script>
    if (window.testRunner)
        testRunner.overridePreference("WebKitAllowRunningInsecureContent", false);

    async_test(t => {
        fetch("http://127.0.0.1:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*", {method: "POST"})
            .then(t.step_func(r => r.json()))
            .then(t.step_func_done(j => assert_equals("127.0.0.1:8000", j.host)))
            .catch(t.unreached_func("Fetch should not be blocked."));
    }, "Fetching 'http://127.0.0.1/' should not be blocked.");

    async_test(t => {
        fetch("http://localhost:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*", {method: "POST"})
            .then(t.step_func(r => r.json()))
            .then(t.step_func_done(j => assert_equals("localhost:8000", j.host)))
            .catch(t.unreached_func("Fetch should not be blocked."));
    }, "Fetching 'http://localhost/' should not be blocked.");

    async_test(t => {
        fetch("http://example.test:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*", {method: "POST"})
            .then(t.unreached_func("Fetch should be blocked."))
            .catch(t.step_func_done(e => assert_equals(e.message, "Failed to fetch")));
    }, "Fetching 'http://example.test/' should be blocked.");
    </script>
</body>
</html>
chromium/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-localhost-allowed.https.html
