diff options
Diffstat (limited to 'testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http')
54 files changed, 1107 insertions, 0 deletions
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..c03b96f01 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..a7ce2a530 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..1eec54d3b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..6d67e4d0e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..0d8b5ebdb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..326ca747c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..35e3102a5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..eaa1cc5d7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..ff99ecf9b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b93d17784 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b23f9f0eb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..122ee404d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..4c43f3aea --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..27da8b421 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..01df78229 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..27e971ac4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..0fe505a4b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..d066d7f4a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..011e515da --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..5c8d860a6 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..123e53d20 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..735c267a8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..d70b85768 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..bf77ac6d7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..f85094162 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..0dd9e88e8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..eb7f7ea2c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content |