Index: third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.https.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.https.html b/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.https.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..407cd61cbe240abe3e7db295e3835e821a26fe3f |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.https.html |
@@ -0,0 +1,20 @@ |
+<!DOCTYPE html> |
+<html> |
+<body> |
+ <script src="/resources/testharness.js"></script> |
+ <script src="/resources/testharnessreport.js"></script> |
+ <script> |
+ if (window.testRunner) |
+ testRunner.overridePreference("WebKitAllowRunningInsecureContent", false); |
+ |
+ async_test(t => { |
+ var xhr = new XMLHttpRequest(); |
+ xhr.onload = t.unreached_func("XHR should be blocked."); |
+ xhr.onerror = t.step_func_done(e => assert_equals(e.total, 0)); |
+ |
+ xhr.open("GET", "http://example.test:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*"); |
+ xhr.send(null); |
+ }, "XHR to http://example.test:8000/ should be blocked."); |
+ </script> |
+</body> |
+</html> |