Increase coverage for img element's crossOrigin attribute's behavior on redirect

third_party/WebKit/LayoutTests/http/tests/security/img-redirect-to-crossorigin-credentials.html

Index: third_party/WebKit/LayoutTests/http/tests/security/img-redirect-to-crossorigin-credentials.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/img-redirect-to-crossorigin-credentials.html b/third_party/WebKit/LayoutTests/http/tests/security/img-redirect-to-crossorigin-credentials.html
new file mode 100644
index 0000000000000000000000000000000000000000..157a3f69aa42ab5fe904f40c47e8c3f4996c6ff5
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/img-redirect-to-crossorigin-credentials.html
@@ -0,0 +1,100 @@
+<!DOCTYPE HTML>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/get-host-info.js?pipe=sub"></script>
+<script>
+if (window.testRunner)
+  testRunner.setBlockThirdPartyCookies(false);
+
+const host_info = get_host_info();
+
+document.cookie = 'TestCookie=same';
+
+const set_cookie_promise = fetch(
+    host_info['HTTP_REMOTE_ORIGIN'] + '/security/resources/set-cookie.php?name=TestCookie&value=cross',
+    {mode: 'no-cors', credentials: 'include'});
+
+let count = 0;
+
+function load_image(url, crossOriginAttribute, expectLoad, expectCookie) {
+  return new Promise((resolve, reject) => {
+    set_cookie_promise.then(() => {
+      const img = new Image();
+
+      img.onload = () => {
+        if (expectLoad) {
+          resolve();
+        } else {
+          reject('Image loaded unexpectedly');
+        }
+      };
+
+      img.onerror = () => {
+        if (expectLoad) {
+          reject('Image not loaded unexpectedly');
+        } else {
+          resolve();
+        }
+      };
+
+      img.crossOrigin = crossOriginAttribute;
+
+      const destination_params = new URLSearchParams();
+      destination_params.append('count', count);
+      ++count;
+      if (expectCookie) {
+        destination_params.append('Cookie', expectCookie);
+      }
+
+      const params = new URLSearchParams();
+      params.append('url', url + '?' + destination_params.toString());
+
+      img.src = '/resources/redirect.php?' + params.toString();
+
+      document.body.appendChild(img);
+    });
+  });
+}
+
+promise_test(() => {
+  return load_image(
+      host_info['HTTP_ORIGIN'] + '/security/resources/abe-cookie-check.php',
+      'anonymous',
+      true,
+      'same');
+}, 'Same origin destination. crossOrigin set to anonymous');
+
+promise_test(() => {
+  return load_image(
+      host_info['HTTP_ORIGIN'] + '/security/resources/abe-cookie-check.php',
+      'use-credentials',
+      true,
+      'same');
+}, 'Same origin destination. crossOrigin set to use-credentials');
+
+// TODO(tyoshino): Blink must not send a cookie for this case. Fix the resource
+// fetcher, and update this to expect Cookie=NotSet.
+promise_test(() => {
+  return load_image(
+      host_info['HTTP_REMOTE_ORIGIN'] + '/security/resources/abe-allow-star.php',
+      'anonymous',
+      true,
+      'cross');
+}, 'Cross origin destination. crossOrigin set to anonymous. Response includes wildcard Access-Control-Allow-Origin.');
+
+promise_test(() => {
+  return load_image(
+      host_info['HTTP_REMOTE_ORIGIN'] + '/security/resources/abe-allow-star.php',
+      'use-credentials',
+      false,
+      undefined);
+}, 'Cross origin destination. crossOrigin set to use-credentials. Response includes wildcard Access-Control-Allow-Origin. Fails due to absence of Access-Control-Allow-Credentials.');
+
+promise_test(() => {
+  return load_image(
+      host_info['HTTP_REMOTE_ORIGIN'] + '/security/resources/abe-allow-credentials.php',
+      'use-credentials',
+      true,
+      'cross');
+}, 'Cross origin destination. crossOrigin set to use-credentials. Response includes Access-Control-Allow-Credentials.');
+</script>