script-crossorigin-fails-cross-origin.html

<p>Test that a script element with a crossorigin attribute does not load a cross-origin script when the resource sharing check fails on the response.</p>
<pre></pre>
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}

var result = "PASS";

function must_not_fire() {
    result = "FAIL";
}

function finish() {
    document.querySelector("pre").innerHTML = result;
    if (window.testRunner)
        testRunner.notifyDone();
}
</script>
<!-- This script should _not_ load, nor fire onload. -->
<script crossorigin="anonymous" src="http://localhost:8000/security/resources/cors-script.php?cors=false&value=FAIL" onload="must_not_fire()" onerror="finish();"></script>

chromium/third_party/blink/web_tests/http/tests/security/script-crossorigin-fails-cross-origin.html