summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/mixed-content/blockable
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/mixed-content/blockable')
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
200 files changed, 5680 insertions, 0 deletions
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..012bd3540
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..54fbe3a84
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..f95554558
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..277d47891
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..582ed6012
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..37d4db54b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b4957a41e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..e910a0ab7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1f8763010
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..7376626e2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..fc123d963
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..f7fd32cbf
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..8ebd99b01
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b7743daa6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..3fe162a2f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..6f71158c2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..48012dfe5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b76c48a65
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..61f10dfbf
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..69210c606
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..a2201a213
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..8fc3283a0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..21f63bd73
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d4c437147
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..314f09789
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d44e65bcd
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..973db8006
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..5f4facece
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..0d700202f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..22e930e20
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..c03b96f01
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..a7ce2a530
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1eec54d3b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..6d67e4d0e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0d8b5ebdb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..326ca747c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..35e3102a5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..eaa1cc5d7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..ff99ecf9b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b93d17784
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b23f9f0eb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..122ee404d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..4c43f3aea
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..27da8b421
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..01df78229
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..27e971ac4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0fe505a4b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d066d7f4a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..011e515da
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..5c8d860a6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..123e53d20
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..735c267a8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d70b85768
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..bf77ac6d7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..f85094162
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0dd9e88e8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..eb7f7ea2c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..972d7f3d3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..66b20800f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..664acc6fa
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..a1b37ef1e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..2ea8aadca
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..2aa9e013b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..191b4a9ea
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..ee5cfea71
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..abe50087f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..7e9a2395a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..63ba90454
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..cf95677c7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..1bc4b11d9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0fb506de1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b5dcde734
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1fb7a9385
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..5e71b99d4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..28fdc6f08
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..9c484e398
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..44b4795c9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..22e7c6eac
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..80a633ab2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..a3cb304e0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f35fd03da
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..3b2d158d6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..24a1e8671
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..aaeaf7673
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..a649f4de4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..fa1d0fe90
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..0dad760aa
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ed11ad73e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..de84e1278
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..13c536f3e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..e94103004
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..c9efe54e4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..23e6badf7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..482024535
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f91df5037
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..09fadc8d3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..635050128
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..c3bedd387
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..4c375acd1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..21d152557
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..cd56451c5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..4feea4b7d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..2d4f15b13
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..a6782c7e5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..b2ee591a7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..e49db79f3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ffd8aeb9c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..ef959099b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..9a344137b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..fad857a6e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..d7aa3899b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..55c768525
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..13de80df7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..45a2764ad
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..09e948a84
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f72d269d1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..a69f2bb41
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f98fe6c4c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..b891c73e8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..11d8f4877
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ce383d9aa
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..67b58e009
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..190b66b0d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..c03d5036a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..d9a166609
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..0b2a8c8ff
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..532c97bf0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..662fc9048
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..cc1c051a3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..23efca0a5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..69e151519
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..065ff5ba5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..3cd8a6748
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..3b3e17c27
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..897354a79
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ee787d05a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..9a9085b86
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..cc6369045
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..4b7ae62fd
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..278819b93
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>