<!doctype html>
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
function waitForEvent(t, el, name) {
return new EventWatcher(t, el, [name]).wait_for(name);
}
async_test(t => {
var i = document.createElement('img');
i.onload = t.unreached_func();
Promise.all([
waitForEvent(t, i, 'error').then(_ => {
assert_equals(0, i.naturalWidth);
assert_equals(0, i.naturalHeight);
}),
waitForEvent(t, document, 'securitypolicyviolation').then(e => {
var expectations = {
'documentURI': document.location.toString(),
'referrer': document.referrer,
'blockedURI': 'http://example.test:8080/security/resources/compass.jpg?t=1',
'violatedDirective': 'block-all-mixed-content',
'effectiveDirective': 'block-all-mixed-content',
'originalPolicy': 'block-all-mixed-content',
'disposition': 'enforce',
'sourceFile': '',
'lineNumber': 0,
'columnNumber': 0,
'statusCode': 0
};
for (key in expectations)
assert_equals(expectations[key], e[key], key);
})
]).then(t.step_func_done());
i.src = "http://example.test:8080/security/resources/compass.jpg?t=1";
}, "Mixed images are blocked and generate CSP violation reports in the presence of 'block-all-mixed-content'.");
</script>
Codebase Browser
chromium