Block execution of failed 'crossorigin' <script>s.

LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2.html

Index: LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2.html
diff --git a/LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2.html b/LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2.html
new file mode 100644
index 0000000000000000000000000000000000000000..f2b1b74e669efcafd7d93d24b305f9cef24e972c
--- /dev/null
+++ b/LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2.html
@@ -0,0 +1,44 @@
+<body>
+<p>This test passes if the inserted script fails to load due to CORS.</p>
+<pre></pre>
+<script>
+var result = 'PASS';
+</script>
+<!-- Non-CORS enabled script load, supplying credentials.
+     Will execute as per-normal. -->
+<script src="http://localhost:8000/security/resources/cors-script.php?cors=false&credentials=true&value=FAIL"></script>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+// Reset the 'result' set by above external script.
+result = 'PASS';
+
+function finish() {
+    document.querySelector("pre").innerHTML = result;
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+// Create new script of same cross-origin script as above,
+// but this time loaded following CORS.
+//
+// The response is missing a Access-Control-Access-Origin: header,
+// hence the CORS check must fail & error reported.
+var script = document.createElement("script");
+script.crossOrigin = "use-credentials";
+script.src = "http://localhost:8000/security/resources/cors-script.php?cors=false&credentials=true&value=FAIL";
+
+script.onload = function() {
+    result += " (loaded)";
+    finish();
+}
+
+script.onerror = function() {
+    result = "PASS (expected error reported)";
+    finish();
+}
+document.body.appendChild(script);
+</script>