<a ping="..."> should be covered by connect-src CSP directive.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-anchor-ping.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-anchor-ping.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-anchor-ping.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-anchor-ping.html
new file mode 100644
index 0000000000000000000000000000000000000000..99cca51f521fb0116f6aeafb8eef49621682b275
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-anchor-ping.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000">
+<script>
+if (window.testRunner) {
+  testRunner.overridePreference("WebKitHyperlinkAuditingEnabled", 1);
+  testRunner.dumpAsText();
+  testRunner.waitUntilDone();
+}
+function onload() {
+  if (window.testRunner) {
+    anchor = document.getElementById('anchor');
+    anchor.click();
+  }
+}
+</script>
+</head>
+<body onload="onload();">
+  <p>
+    Tests whether "ping" attribute of an &lt;at&gt; / "anchor" tag is subject
+    to CSP enforcement (via 'connect-src').
+  </p>
+  <p>
+    <!-- Note that ping's URL has different origin from what was specified
+         in the content-src content security policy in the header above. -->
+    <a href="/resources/notify-done.html"
+       ping="https://localhost:8443/resources/dummy.txt"
+       id="anchor"
+       >Link</a>
+  </p>
+</body>
+</html>