diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/mixed-content | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/mixed-content')
398 files changed, 12256 insertions, 0 deletions
diff --git a/testing/web-platform/tests/mixed-content/OWNERS b/testing/web-platform/tests/mixed-content/OWNERS new file mode 100644 index 000000000..db2d613c2 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/OWNERS @@ -0,0 +1 @@ +@kristijanburnik diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..5e6b8cbe1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..0adc65f82 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..260fb14b0 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..9b18ebb78 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..742363922 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..3f781b820 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..f584e0be9 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..eb24a71a7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..77adba644 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..b08d413e8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..606887e3d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..2f4f750de --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..a047941dc --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..bd24109af --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..d1be723f1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..3f8ec136a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..3ae09e2e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..883c0bbdf --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..cb3528e03 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..7bffa299c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..ce7266440 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..b9ddc78ff --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..1a9053e4c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..0488b1337 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..23f0a1fc8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..7baa3e54a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html new file mode 100644 index 000000000..ff33c35d1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-wss + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: websocket-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-wss", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "websocket-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html new file mode 100644 index 000000000..dabaab28c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-wss + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-wss", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..a29157047 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..825fb2441 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..845298825 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..148a6ec88 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..e4ac20f4f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..869c05abe --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..71ef6d359 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..662ac192a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..0d846777f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..0d0eec01c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..cf8439631 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..e5bf5ce95 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..ebbc9ec0c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html new file mode 100644 index 000000000..f1cfed198 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-wss + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: allowed"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-wss", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..b30f28b2a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..c13fd88e4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..9045019de --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..d4b8292af --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..a640ddee7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..48f005a38 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..f44a0b54d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..9cd4f1ba4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..54bb60acc --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..26d7d2390 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..7d620f8da --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..f6d23405d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..c3ea33fdb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..4c5911153 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..ebfb5195e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..f5ffcf3a8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..57efd6f5e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..e3113a84c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..9dc0bb122 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..bad7e7f21 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..f044783e6 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..fd0a1f923 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..d720fc4fa --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..bd69a14a9 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 000000000..9da0d9f98 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 000000000..b0fff36eb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html new file mode 100644 index 000000000..52684b1a5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-wss + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: websocket-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-wss", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "websocket-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html new file mode 100644 index 000000000..a32429b88 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-wss + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-wss", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..012bd3540 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..54fbe3a84 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..f95554558 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..277d47891 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..582ed6012 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..37d4db54b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b4957a41e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..e910a0ab7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..1f8763010 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..7376626e2 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..fc123d963 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..f7fd32cbf --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..8ebd99b01 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b7743daa6 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..3fe162a2f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..6f71158c2 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..48012dfe5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b76c48a65 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..61f10dfbf --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..69210c606 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..a2201a213 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..8fc3283a0 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..21f63bd73 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..d4c437147 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..314f09789 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..d44e65bcd --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..973db8006 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..5f4facece --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-ws + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..0d700202f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-ws + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..22e930e20 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-ws + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..c03b96f01 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..a7ce2a530 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..1eec54d3b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..6d67e4d0e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..0d8b5ebdb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..326ca747c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..35e3102a5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..eaa1cc5d7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..ff99ecf9b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b93d17784 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b23f9f0eb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..122ee404d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..4c43f3aea --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..27da8b421 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..01df78229 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..27e971ac4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..0fe505a4b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..d066d7f4a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..011e515da --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..5c8d860a6 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..123e53d20 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..735c267a8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..d70b85768 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..bf77ac6d7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..f85094162 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..0dd9e88e8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..eb7f7ea2c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..972d7f3d3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-ws + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..66b20800f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-ws + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..664acc6fa --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-ws + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..a1b37ef1e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..2ea8aadca --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..2aa9e013b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..191b4a9ea --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..ee5cfea71 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..abe50087f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..7e9a2395a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..63ba90454 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..cf95677c7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..1bc4b11d9 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-ws + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..0fb506de1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b5dcde734 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..1fb7a9385 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..5e71b99d4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..28fdc6f08 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..9c484e398 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..44b4795c9 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..22e7c6eac --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..80a633ab2 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..a3cb304e0 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-ws + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..f35fd03da --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..3b2d158d6 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..24a1e8671 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..aaeaf7673 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..a649f4de4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..fa1d0fe90 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..0dad760aa --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..ed11ad73e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..de84e1278 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..13c536f3e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..e94103004 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..c9efe54e4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..23e6badf7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..482024535 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..f91df5037 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..09fadc8d3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..635050128 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..c3bedd387 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..4c375acd1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..21d152557 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..cd56451c5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..4feea4b7d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..2d4f15b13 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..a6782c7e5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..b2ee591a7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..e49db79f3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..ffd8aeb9c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..ef959099b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-ws + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..9a344137b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-ws + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..fad857a6e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-ws + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..d7aa3899b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..55c768525 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..13de80df7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..45a2764ad --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..09e948a84 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..f72d269d1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..a69f2bb41 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..f98fe6c4c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..b891c73e8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..11d8f4877 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..ce383d9aa --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..67b58e009 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..190b66b0d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..c03d5036a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..d9a166609 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..0b2a8c8ff --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..532c97bf0 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..662fc9048 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..cc1c051a3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..23efca0a5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..69e151519 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..065ff5ba5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..3cd8a6748 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..3b3e17c27 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..897354a79 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..ee787d05a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 000000000..9a9085b86 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..cc6369045 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-ws + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..4b7ae62fd --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-ws + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html new file mode 100644 index 000000000..278819b93 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-ws + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: websocket-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-ws", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "websocket-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/generic/common.js b/testing/web-platform/tests/mixed-content/generic/common.js new file mode 100644 index 000000000..36427a466 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/common.js @@ -0,0 +1,398 @@ +/** + * @fileoverview Utilities for mixed-content in Web Platform Tests. + * @author burnik@google.com (Kristijan Burnik) + * Disclaimer: Some methods of other authors are annotated in the corresponding + * method's JSDoc. + */ + +/** + * Normalizes the target port for use in a URL. For default ports, this is the + * empty string (omitted port), otherwise it's a colon followed by the port + * number. Ports 80, 443 and an empty string are regarded as default ports. + * @param {number} targetPort The port to use + * @return {string} The port portion for using as part of a URL. + */ +function getNormalizedPort(targetPort) { + return ([80, 443, ""].indexOf(targetPort) >= 0) ? "" : ":" + targetPort; +} + +/** + * Creates a GUID. + * See: https://en.wikipedia.org/wiki/Globally_unique_identifier + * Original author: broofa (http://www.broofa.com/) + * Sourced from: http://stackoverflow.com/a/2117523/4949715 + * @return {string} A pseudo-random GUID. + */ +function guid() { + return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { + var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8); + return v.toString(16); + }); +} + +/** + * Initiates a new XHR via GET. + * @param {string} url The endpoint URL for the XHR. + * @param {string} responseType Optional - how should the response be parsed. + * Default is "json". + * See: https://xhr.spec.whatwg.org/#dom-xmlhttprequest-responsetype + * @return {Promise} A promise wrapping the success and error events. + */ +function xhrRequest(url, responseType) { + return new Promise(function(resolve, reject) { + var xhr = new XMLHttpRequest(); + xhr.open('GET', url, true); + xhr.responseType = responseType || "json"; + + xhr.addEventListener("error", function() { + reject(Error("Network Error")); + }); + + xhr.addEventListener("load", function() { + if (xhr.status != 200) + return reject(Error(xhr.statusText)); + + resolve(xhr.response); + }); + + xhr.send(); + }); +} + +/** + * Sets attributes on a given DOM element. + * @param {DOMElement} element The element on which to set the attributes. + * @param {object} An object with keys (serving as attribute names) and values. + */ +function setAttributes(el, attrs) { + attrs = attrs || {} + for (var attr in attrs) + el.setAttribute(attr, attrs[attr]); +} + + +/** + * Binds to success and error events of an object wrapping them into a promise + * available through {@code element.eventPromise}. The success event + * resolves and error event rejects. + * @param {object} element An object supporting events on which to bind the + * promise. + * @param {string} resolveEventName [="load"] The event name to bind resolve to. + * @param {string} rejectEventName [="error"] The event name to bind reject to. + */ +function bindEvents(element, resolveEventName, rejectEventName) { + element.eventPromise = new Promise(function(resolve, reject) { + element.addEventListener(resolveEventName || "load", resolve); + element.addEventListener(rejectEventName || "error", + function(e) { e.preventDefault(); reject(); } ); + }); +} + +/** + * Creates a new DOM element. + * @param {string} tagName The type of the DOM element. + * @param {object} attrs A JSON with attributes to apply to the element. + * @param {DOMElement} parent Optional - an existing DOM element to append to + * If not provided, the returned element will remain orphaned. + * @param {boolean} doBindEvents Optional - Whether to bind to load and error + * events and provide the promise wrapping the events via the element's + * {@code eventPromise} property. Default value evaluates to false. + * @return {DOMElement} The newly created DOM element. + */ +function createElement(tagName, attrs, parent, doBindEvents) { + var element = document.createElement(tagName); + + if (doBindEvents) + bindEvents(element); + + // We set the attributes after binding to events to catch any + // event-triggering attribute changes. E.g. form submission. + // + // But be careful with images: unlike other elements they will start the load + // as soon as the attr is set, even if not in the document yet, and sometimes + // complete it synchronously, so the append doesn't have the effect we want. + // So for images, we want to set the attrs after appending, whereas for other + // elements we want to do it before appending. + var isImg = (tagName == "img"); + if (!isImg) + setAttributes(element, attrs); + + if (parent) + parent.appendChild(element); + + if (isImg) + setAttributes(element, attrs); + + return element; +} + +function createRequestViaElement(tagName, attrs, parent) { + return createElement(tagName, attrs, parent, true).eventPromise; +} + +/** + * Creates a new empty iframe and appends it to {@code document.body} . + * @param {string} name The name and ID of the new iframe. + * @param {boolean} doBindEvents Whether to bind load and error events. + * @return {DOMElement} The newly created iframe. + */ +function createHelperIframe(name, doBindEvents) { + return createElement("iframe", + {"name": name, "id": name}, + document.body, + doBindEvents); +} + +/** + * Creates a new iframe, binds load and error events, sets the src attribute and + * appends it to {@code document.body} . + * @param {string} url The src for the iframe. + * @return {Promise} The promise for success/error events. + */ +function requestViaIframe(url) { + return createRequestViaElement("iframe", {"src": url}, document.body); +} + +/** + * Creates a new image, binds load and error events, sets the src attribute and + * appends it to {@code document.body} . + * @param {string} url The src for the image. + * @return {Promise} The promise for success/error events. + */ +function requestViaImage(url) { + return createRequestViaElement("img", {"src": url}, document.body); +} + +/** + * Initiates a new XHR GET request to provided URL. + * @param {string} url The endpoint URL for the XHR. + * @return {Promise} The promise for success/error events. + */ +function requestViaXhr(url) { + return xhrRequest(url); +} + +/** + * Initiates a new GET request to provided URL via the Fetch API. + * @param {string} url The endpoint URL for the Fetch. + * @return {Promise} The promise for success/error events. + */ +function requestViaFetch(url) { + return fetch(url); +} + +/** + * Creates a new Worker, binds message and error events wrapping them into. + * {@code worker.eventPromise} and posts an empty string message to start + * the worker. + * @param {string} url The endpoint URL for the worker script. + * @return {Promise} The promise for success/error events. + */ +function requestViaWorker(url) { + var worker = new Worker(url); + bindEvents(worker, "message", "error"); + worker.postMessage(''); + + return worker.eventPromise; +} + +/** + * Sets the href attribute on a navigable DOM element and performs a navigation + * by clicking it. To avoid navigating away from the current execution + * context, a target attribute is set to point to a new helper iframe. + * @param {DOMElement} navigableElement The navigable DOMElement + * @param {string} url The href for the navigable element. + * @return {Promise} The promise for success/error events. + */ +function requestViaNavigable(navigableElement, url) { + var iframe = createHelperIframe(guid(), true); + setAttributes(navigableElement, + {"href": url, + "target": iframe.name}); + navigableElement.click(); + + return iframe.eventPromise; +} + +/** + * Creates a new anchor element, appends it to {@code document.body} and + * performs the navigation. + * @param {string} url The URL to navigate to. + * @return {Promise} The promise for success/error events. + */ +function requestViaAnchor(url) { + var a = createElement("a", {"innerHTML": "Link to resource"}, document.body); + + return requestViaNavigable(a, url); +} + +/** + * Creates a new area element, appends it to {@code document.body} and performs + * the navigation. + * @param {string} url The URL to navigate to. + * @return {Promise} The promise for success/error events. + */ +function requestViaArea(url) { + var area = createElement("area", {}, document.body); + + return requestViaNavigable(area, url); +} + +/** + * Creates a new script element, sets the src to url, and appends it to + * {@code document.body}. + * @param {string} url The src URL. + * @return {Promise} The promise for success/error events. + */ +function requestViaScript(url) { + return createRequestViaElement("script", {"src": url}, document.body); +} + +/** + * Creates a new form element, sets attributes, appends it to + * {@code document.body} and submits the form. + * @param {string} url The URL to submit to. + * @return {Promise} The promise for success/error events. + */ +function requestViaForm(url) { + var iframe = createHelperIframe(guid()); + var form = createElement("form", + {"action": url, + "method": "POST", + "target": iframe.name}, + document.body); + bindEvents(iframe); + form.submit(); + + return iframe.eventPromise; +} + +/** + * Creates a new link element for a stylesheet, binds load and error events, + * sets the href to url and appends it to {@code document.head}. + * @param {string} url The URL for a stylesheet. + * @return {Promise} The promise for success/error events. + */ +function requestViaLinkStylesheet(url) { + return createRequestViaElement("link", + {"rel": "stylesheet", "href": url}, + document.head); +} + +/** + * Creates a new link element for a prefetch, binds load and error events, sets + * the href to url and appends it to {@code document.head}. + * @param {string} url The URL of a resource to prefetch. + * @return {Promise} The promise for success/error events. + */ +function requestViaLinkPrefetch(url) { + // TODO(kristijanburnik): Check if prefetch should support load and error + // events. For now we assume it's not specified. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ + return createRequestViaElement("link", + {"rel": "prefetch", "href": url}, + document.head); +} + +/** + * Creates a new media element with a child source element, binds loadeddata and + * error events, sets attributes and appends to document.body. + * @param {string} type The type of the media element (audio/video/picture). + * @param {object} media_attrs The attributes for the media element. + * @param {object} source_attrs The attributes for the child source element. + * @return {DOMElement} The newly created media element. + */ +function createMediaElement(type, media_attrs, source_attrs) { + var mediaElement = createElement(type, {}); + var sourceElement = createElement("source", {}, mediaElement); + + mediaElement.eventPromise = new Promise(function(resolve, reject) { + mediaElement.addEventListener("loadeddata", resolve); + // Notice that the source element will raise the error. + sourceElement.addEventListener("error", reject); + }); + + setAttributes(mediaElement, media_attrs); + setAttributes(sourceElement, source_attrs); + document.body.appendChild(mediaElement); + + return mediaElement; +} + +/** + * Creates a new video element, binds loadeddata and error events, sets + * attributes and source URL and appends to {@code document.body}. + * @param {string} url The URL of the video. + * @return {Promise} The promise for success/error events. + */ +function requestViaVideo(url) { + return createMediaElement("video", + {}, + {type: "video/mp4", src: url}).eventPromise; +} + +/** + * Creates a new audio element, binds loadeddata and error events, sets + * attributes and source URL and appends to {@code document.body}. + * @param {string} url The URL of the audio. + * @return {Promise} The promise for success/error events. + */ +function requestViaAudio(url) { + return createMediaElement("audio", + {}, + {type: "audio/mpeg", src: url}).eventPromise; +} + +/** + * Creates a new picture element, binds loadeddata and error events, sets + * attributes and source URL and appends to {@code document.body}. Also + * creates new image element appending it to the picture + * @param {string} url The URL of the image for the source and image elements. + * @return {Promise} The promise for success/error events. + */ +function requestViaPicture(url) { + var picture = createMediaElement("picture", {}, {"srcset": url, + "type": "image/png"}); + return createRequestViaElement("img", {"src": url}, picture); +} + +/** + * Creates a new object element, binds load and error events, sets the data to + * url, and appends it to {@code document.body}. + * @param {string} url The data URL. + * @return {Promise} The promise for success/error events. + */ +function requestViaObject(url) { + return createRequestViaElement("object", {"data": url}, document.body); +} + +/** + * Creates a new WebSocket pointing to {@code url} and sends a message string + * "echo". The {@code message} and {@code error} events are triggering the + * returned promise resolve/reject events. + * @param {string} url The URL for WebSocket to connect to. + * @return {Promise} The promise for success/error events. + */ +function requestViaWebSocket(url) { + return new Promise(function(resolve, reject) { + var websocket = new WebSocket(url); + + websocket.addEventListener("message", function(e) { + resolve(JSON.parse(e.data)); + }); + + websocket.addEventListener("open", function(e) { + websocket.send("echo"); + }); + + websocket.addEventListener("error", function(e) { + reject(e) + }); + }); +} + +// SanityChecker does nothing in release mode. See sanity-checker.js for debug +// mode. +function SanityChecker() {} +SanityChecker.prototype.checkScenario = function() {}; +SanityChecker.prototype.setFailTimeout = function(test, timeout) {}; diff --git a/testing/web-platform/tests/mixed-content/generic/expect.py b/testing/web-platform/tests/mixed-content/generic/expect.py new file mode 100644 index 000000000..a3ea61b21 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/expect.py @@ -0,0 +1,102 @@ +import json, os, urllib, urlparse + +def redirect(url, response): + response.add_required_headers = False + response.writer.write_status(301) + response.writer.write_header("access-control-allow-origin", "*") + response.writer.write_header("location", url) + response.writer.end_headers() + response.writer.write("") + +def create_redirect_url(request, swap_scheme = False): + parsed = urlparse.urlsplit(request.url) + destination_netloc = parsed.netloc + scheme = parsed.scheme + + if swap_scheme: + scheme = "http" if parsed.scheme == "https" else "https" + hostname = parsed.netloc.split(':')[0] + port = request.server.config["ports"][scheme][0] + destination_netloc = ":".join([hostname, str(port)]) + + # Remove "redirection" from query to avoid redirect loops. + parsed_query = dict(urlparse.parse_qsl(parsed.query)) + assert "redirection" in parsed_query + del parsed_query["redirection"] + + destination_url = urlparse.urlunsplit(urlparse.SplitResult( + scheme = scheme, + netloc = destination_netloc, + path = parsed.path, + query = urllib.urlencode(parsed_query), + fragment = None)) + + return destination_url + +def main(request, response): + if "redirection" in request.GET: + redirection = request.GET["redirection"] + if redirection == "no-redirect": + pass + elif redirection == "keep-scheme-redirect": + redirect(create_redirect_url(request, swap_scheme=False), response) + return + elif redirection == "swap-scheme-redirect": + redirect(create_redirect_url(request, swap_scheme=True), response) + return + else: + raise ValueError ("Invalid redirect type: %s" % redirection) + + content_type = "text/plain" + response_data = "" + + if "action" in request.GET: + action = request.GET["action"] + + if "content_type" in request.GET: + content_type = request.GET["content_type"] + + key = request.GET["key"] + stash = request.server.stash + path = request.GET.get("path", request.url.split('?'))[0] + + if action == "put": + value = request.GET["value"] + stash.take(key=key, path=path) + stash.put(key=key, value=value, path=path) + response_data = json.dumps({"status": "success", "result": key}) + elif action == "purge": + value = stash.take(key=key, path=path) + if content_type == "image/png": + response_data = open(os.path.join(request.doc_root, + "images", + "smiley.png"), "rb").read() + elif content_type == "audio/mpeg": + response_data = open(os.path.join(request.doc_root, + "media", + "sound_5.oga"), "rb").read() + elif content_type == "video/mp4": + response_data = open(os.path.join(request.doc_root, + "media", + "movie_5.mp4"), "rb").read() + elif content_type == "application/javascript": + response_data = open(os.path.join(request.doc_root, + "mixed-content", + "generic", + "worker.js"), "rb").read() + else: + response_data = "/* purged */" + elif action == "take": + value = stash.take(key=key, path=path) + if value is None: + status = "allowed" + else: + status = "blocked" + response_data = json.dumps({"status": status, "result": value}) + + response.add_required_headers = False + response.writer.write_status(200) + response.writer.write_header("content-type", content_type) + response.writer.write_header("cache-control", "no-cache; must-revalidate") + response.writer.end_headers() + response.writer.write(response_data) diff --git a/testing/web-platform/tests/mixed-content/generic/mixed-content-test-case.js b/testing/web-platform/tests/mixed-content/generic/mixed-content-test-case.js new file mode 100644 index 000000000..7f3a7bfa9 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/mixed-content-test-case.js @@ -0,0 +1,163 @@ +/** + * @fileoverview Test case for mixed-content in Web Platform Tests. + * @author burnik@google.com (Kristijan Burnik) + */ + +/** + * MixedContentTestCase exercises all the tests for checking browser behavior + * when resources regarded as mixed-content are requested. A single run covers + * only a single scenario. + * @param {object} scenario A JSON describing the test arrangement and + * expectation(s). Refer to /mixed-content/spec.src.json for details. + * @param {string} description The test scenario verbose description. + * @param {SanityChecker} sanityChecker Instance of an object used to check the + * running scenario. Useful in debug mode. See ./sanity-checker.js. + * Run {@code ./tools/generate.py -h} for info on test generating modes. + * @return {object} Object wrapping the start method used to run the test. + */ +function MixedContentTestCase(scenario, description, sanityChecker) { + var httpProtocol = "http"; + var httpsProtocol = "https"; + var wsProtocol = "ws"; + var wssProtocol = "wss"; + + var sameOriginHost = location.hostname; + var crossOriginHost = "{{domains[www1]}}"; + + // These values can evaluate to either empty strings or a ":port" string. + var httpPort = getNormalizedPort(parseInt("{{ports[http][0]}}", 10)); + var httpsPort = getNormalizedPort(parseInt("{{ports[https][0]}}", 10)); + var wsPort = getNormalizedPort(parseInt("{{ports[ws][0]}}", 10)); + var wssPort = getNormalizedPort(parseInt("{{ports[wss][0]}}", 10)); + + var resourcePath = "/mixed-content/generic/expect.py"; + var wsResourcePath = "/stash_responder"; + + // Map all endpoints to scenario for use in the test. + var endpoint = { + "same-origin": + location.origin + resourcePath, + "same-host-https": + httpsProtocol + "://" + sameOriginHost + httpsPort + resourcePath, + "same-host-http": + httpProtocol + "://" + sameOriginHost + httpPort + resourcePath, + "cross-origin-https": + httpsProtocol + "://" + crossOriginHost + httpsPort + resourcePath, + "cross-origin-http": + httpProtocol + "://" + crossOriginHost + httpPort + resourcePath, + "same-host-wss": + wssProtocol + "://" + sameOriginHost + wssPort + wsResourcePath, + "same-host-ws": + wsProtocol + "://" + sameOriginHost + wsPort + wsResourcePath, + "cross-origin-wss": + wssProtocol + "://" + crossOriginHost + wssPort + wsResourcePath, + "cross-origin-ws": + wsProtocol + "://" + crossOriginHost + wsPort + wsResourcePath + }; + + // Mapping all the resource requesting methods to the scenario. + var resourceMap = { + "a-tag": requestViaAnchor, + "area-tag": requestViaArea, + "fetch-request": requestViaFetch, + "form-tag": requestViaForm, + "iframe-tag": requestViaIframe, + "img-tag": requestViaImage, + "script-tag": requestViaScript, + "worker-request": requestViaWorker, + "xhr-request": requestViaXhr, + "audio-tag": requestViaAudio, + "video-tag": requestViaVideo, + "picture-tag": requestViaPicture, + "object-tag": requestViaObject, + "link-css-tag": requestViaLinkStylesheet, + "link-prefetch-tag": requestViaLinkPrefetch, + "websocket-request": requestViaWebSocket + }; + + sanityChecker.checkScenario(scenario, resourceMap); + + // Mapping all expected MIME types to the scenario. + var contentType = { + "a-tag": "text/html", + "area-tag": "text/html", + "fetch-request": "application/json", + "form-tag": "text/html", + "iframe-tag": "text/html", + "img-tag": "image/png", + "script-tag": "text/javascript", + "worker-request": "application/javascript", + "xhr-request": "application/json", + "audio-tag": "audio/mpeg", + "video-tag": "video/mp4", + "picture-tag": "image/png", + "object-tag": "text/html", + "link-css-tag": "text/css", + "link-prefetch-tag": "text/html", + "websocket-request": "application/json" + }; + + var mixed_content_test = async_test(description); + + function runTest() { + sanityChecker.setFailTimeout(mixed_content_test); + + var key = guid(); + var value = guid(); + // We use the same path for both HTTP/S and WS/S stash requests. + var stash_path = encodeURIComponent("/mixed-content"); + var announceResourceRequestUrl = endpoint['same-origin'] + + "?action=put&key=" + key + + "&value=" + value + + "&path=" + stash_path; + var assertResourceRequestUrl = endpoint['same-origin'] + + "?action=take&key=" + key + + "&path=" + stash_path; + var resourceRequestUrl = endpoint[scenario.origin] + "?redirection=" + + scenario.redirection + "&action=purge&key=" + key + + "&path=" + stash_path + "&content_type=" + + contentType[scenario.subresource]; + + xhrRequest(announceResourceRequestUrl) + .then(function(response) { + // Send out the real resource request. + // This should tear down the key if it's not blocked. + return resourceMap[scenario.subresource](resourceRequestUrl); + }) + .then(function() { + mixed_content_test.step(function() { + assert_equals("allowed", scenario.expectation, + "The triggered event should match '" + + scenario.expectation + "'."); + }, "Check if success event was triggered."); + + // Send request to check if the key has been torn down. + return xhrRequest(assertResourceRequestUrl); + }, function(error) { + mixed_content_test.step(function() { + assert_equals("blocked", scenario.expectation, + "The triggered event should match '" + + scenario.expectation + "'."); + // TODO(kristijanburnik): param "error" can be an event or error. + // Map assertion by resource. + // e.g.: assert_equals(e.type, "error"); + }, "Check if error event was triggered."); + + // When requestResource fails, we also check the key state. + return xhrRequest(assertResourceRequestUrl); + }) + .then(function(response) { + // Now check if the value has been torn down. If it's still there, + // we have blocked the request to mixed-content. + mixed_content_test.step(function() { + assert_equals(response.status, scenario.expectation, + "The resource request should be '" + scenario.expectation + + "'."); + }, "Check if request was sent."); + mixed_content_test.done(); + }); + + } // runTest + + return {start: runTest}; +} // MixedContentTestCase diff --git a/testing/web-platform/tests/mixed-content/generic/sanity-checker.js b/testing/web-platform/tests/mixed-content/generic/sanity-checker.js new file mode 100644 index 000000000..55a103adf --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/sanity-checker.js @@ -0,0 +1,53 @@ +// The SanityChecker is used in debug mode to identify problems with the +// structure of the testsuite and to force early test failures. +// In release mode it is mocked out to do nothing. +function SanityChecker() {} + +SanityChecker.prototype.checkScenario = function(scenario, resourceInvoker) { + // Check if scenario is valid. + test(function() { + var expectedFields = SPEC_JSON["test_expansion_schema"]; + + for (var field in expectedFields) { + if (field == "expansion") + continue + + assert_own_property(scenario, field, + "The scenario should contain field '" + field + "'.") + + var expectedFieldList = expectedFields[field]; + if (!expectedFieldList.hasOwnProperty('length')) { + var expectedFieldList = []; + for (var key in expectedFields[field]) { + expectedFieldList = expectedFieldList.concat(expectedFields[field][key]) + } + } + assert_in_array(scenario[field], expectedFieldList, + "Scenario's " + field + " is one of: " + + expectedFieldList.join(", ")) + "." + } + + // Check if the protocol is matched. + assert_equals(scenario["source_scheme"] + ":", location.protocol, + "Protocol of the test page should match the scenario.") + + assert_own_property(resourceInvoker, scenario.subresource, + "Subresource should be supported"); + + }, "[MixedContentTestCase] The test scenario should be valid."); +} + +// For easier debugging runs, we can fail a test earlier. +SanityChecker.prototype.setFailTimeout = function(test, timeout) { + // Due to missing implementations, tests time out, so we fail them early. + // TODO(kristijanburnik): Once WPT rolled in: + // https://github.com/w3c/testharness.js/pull/127 + // Refactor to make use of step_timeout. + setTimeout(function() { + test.step(function() { + assert_equals(test.phase, test.phases.COMPLETE, + "Expected test to complete."); + test.done(); + }) + }, timeout || 1000); +} diff --git a/testing/web-platform/tests/mixed-content/generic/template/disclaimer.template b/testing/web-platform/tests/mixed-content/generic/template/disclaimer.template new file mode 100644 index 000000000..66c43ed6f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/template/disclaimer.template @@ -0,0 +1 @@ +<!-- DO NOT EDIT! Generated by %(generating_script_filename)s using %(html_template_filename)s. --> diff --git a/testing/web-platform/tests/mixed-content/generic/template/spec_json.js.template b/testing/web-platform/tests/mixed-content/generic/template/spec_json.js.template new file mode 100644 index 000000000..e4cbd0342 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/template/spec_json.js.template @@ -0,0 +1 @@ +var SPEC_JSON = %(spec_json)s; diff --git a/testing/web-platform/tests/mixed-content/generic/template/test.debug.html.template b/testing/web-platform/tests/mixed-content/generic/template/test.debug.html.template new file mode 100644 index 000000000..013bb6250 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/template/test.debug.html.template @@ -0,0 +1,31 @@ +<!DOCTYPE html> +%(generated_disclaimer)s +<html> + <head> + <title>Mixed-Content: %(spec_title)s</title> + <meta charset='utf-8'> + <meta name="description" content="%(spec_description)s"> + <meta name="assert" content="%(test_description)s">%(meta_opt_in)s + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>%(spec_title)s</h1> + <h2>%(spec_description)s</h2> + <pre>%(test_description)s</pre> + + <p>See <a href="%(spec_specification_url)s" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script>%(test_js)s</script> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/generic/template/test.js.template b/testing/web-platform/tests/mixed-content/generic/template/test.js.template new file mode 100644 index 000000000..b8c0769fc --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/template/test.js.template @@ -0,0 +1,13 @@ +MixedContentTestCase( + { + "opt_in_method": "%(opt_in_method)s", + "origin": "%(origin)s", + "source_scheme": "%(source_scheme)s", + "context_nesting": "%(context_nesting)s", + "redirection": "%(redirection)s", + "subresource": "%(subresource)s", + "expectation": "%(expectation)s" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() +).start(); diff --git a/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template b/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template new file mode 100644 index 000000000..ca77389cc --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template @@ -0,0 +1,20 @@ +<!DOCTYPE html> +%(generated_disclaimer)s +<html> + <head> + <title>Mixed-Content: %(spec_title)s</title> + <meta charset='utf-8'> + <meta name="description" content="%(spec_description)s"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="%(spec_specification_url)s"> + <meta name="assert" content="%(test_description)s">%(meta_opt_in)s + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script>%(test_js)s</script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/generic/template/test_description.template b/testing/web-platform/tests/mixed-content/generic/template/test_description.template new file mode 100644 index 000000000..33dbcaa05 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/template/test_description.template @@ -0,0 +1,7 @@ +opt_in_method: %(opt_in_method)s +origin: %(origin)s +source_scheme: %(source_scheme)s +context_nesting: %(context_nesting)s +redirection: %(redirection)s +subresource: %(subresource)s +expectation: %(expectation)s diff --git a/testing/web-platform/tests/mixed-content/generic/tools/__init__.py b/testing/web-platform/tests/mixed-content/generic/tools/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/tools/__init__.py diff --git a/testing/web-platform/tests/mixed-content/generic/tools/clean.py b/testing/web-platform/tests/mixed-content/generic/tools/clean.py new file mode 100755 index 000000000..9416f0b5b --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/tools/clean.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python + +import os, json +from common_paths import * +import spec_validator + +def rmtree(top): + top = os.path.abspath(top) + assert top != os.path.expanduser("~") + assert len(top) > len(os.path.expanduser("~")) + assert "web-platform-tests" in top + assert "mixed-content" in top + + for root, dirs, files in os.walk(top, topdown=False): + for name in files: + os.remove(os.path.join(root, name)) + for name in dirs: + os.rmdir(os.path.join(root, name)) + + os.rmdir(top) + +def main(): + spec_json = load_spec_json(); + spec_validator.assert_valid_spec_json(spec_json) + + for spec in spec_json['specification']: + generated_dir = os.path.join(spec_directory, spec["name"]) + if (os.path.isdir(generated_dir)): + rmtree(generated_dir) + + if (os.path.isfile(generated_spec_json_filename)): + os.remove(generated_spec_json_filename) + +if __name__ == '__main__': + main() diff --git a/testing/web-platform/tests/mixed-content/generic/tools/common_paths.py b/testing/web-platform/tests/mixed-content/generic/tools/common_paths.py new file mode 100644 index 000000000..5c2807d28 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/tools/common_paths.py @@ -0,0 +1,58 @@ +import os, sys, json, re + +script_directory = os.path.dirname(os.path.abspath(__file__)) +generic_directory = os.path.abspath(os.path.join(script_directory, '..')) + +template_directory = os.path.abspath(os.path.join(script_directory, + '..', + 'template')) +spec_directory = os.path.abspath(os.path.join(script_directory, '..', '..')) +test_root_directory = os.path.abspath(os.path.join(script_directory, + '..', '..', '..')) + +spec_filename = os.path.join(spec_directory, "spec.src.json") +generated_spec_json_filename = os.path.join(spec_directory, "spec_json.js") + +selection_pattern = '%(opt_in_method)s/' + \ + '%(origin)s/' + \ + '%(subresource)s/' + \ + '%(context_nesting)s/' + \ + '%(redirection)s/' + +test_file_path_pattern = '%(spec_name)s/' + selection_pattern + \ + '%(name)s.%(source_scheme)s.html' + + +def get_template(basename): + with open(os.path.join(template_directory, basename), "r") as f: + return f.read() + + +def write_file(filename, contents): + with open(filename, "w") as f: + f.write(contents) + + +def read_nth_line(fp, line_number): + fp.seek(0) + for i, line in enumerate(fp): + if (i + 1) == line_number: + return line + + +def load_spec_json(path_to_spec = None): + if path_to_spec is None: + path_to_spec = spec_filename + + re_error_location = re.compile('line ([0-9]+) column ([0-9]+)') + with open(path_to_spec, "r") as f: + try: + return json.load(f) + except ValueError, ex: + print ex.message + match = re_error_location.search(ex.message) + if match: + line_number, column = int(match.group(1)), int(match.group(2)) + print read_nth_line(f, line_number).rstrip() + print " " * (column - 1) + "^" + sys.exit(1) diff --git a/testing/web-platform/tests/mixed-content/generic/tools/generate.py b/testing/web-platform/tests/mixed-content/generic/tools/generate.py new file mode 100755 index 000000000..6dcaebdc3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/tools/generate.py @@ -0,0 +1,157 @@ +#!/usr/bin/env python + +import os, sys, json +from common_paths import * +import spec_validator +import argparse + + +def expand_pattern(expansion_pattern, test_expansion_schema): + expansion = {} + for artifact_key in expansion_pattern: + artifact_value = expansion_pattern[artifact_key] + if artifact_value == '*': + expansion[artifact_key] = test_expansion_schema[artifact_key] + elif isinstance(artifact_value, list): + expansion[artifact_key] = artifact_value + elif isinstance(artifact_value, dict): + # Flattened expansion. + expansion[artifact_key] = [] + values_dict = expand_pattern(artifact_value, + test_expansion_schema[artifact_key]) + for sub_key in values_dict.keys(): + expansion[artifact_key] += values_dict[sub_key] + else: + expansion[artifact_key] = [artifact_value] + + return expansion + + +def permute_expansion(expansion, artifact_order, selection = {}, artifact_index = 0): + assert isinstance(artifact_order, list), "artifact_order should be a list" + + if artifact_index >= len(artifact_order): + yield selection + return + + artifact_key = artifact_order[artifact_index] + + for artifact_value in expansion[artifact_key]: + selection[artifact_key] = artifact_value + for next_selection in permute_expansion(expansion, + artifact_order, + selection, + artifact_index + 1): + yield next_selection + + +def generate_selection(selection, spec, test_html_template_basename): + selection['spec_name'] = spec['name'] + selection['spec_title'] = spec['title'] + selection['spec_description'] = spec['description'] + selection['spec_specification_url'] = spec['specification_url'] + + test_filename = test_file_path_pattern % selection + test_headers_filename = test_filename + ".headers" + test_directory = os.path.dirname(test_filename) + full_path = os.path.join(spec_directory, test_directory) + + test_html_template = get_template(test_html_template_basename) + test_js_template = get_template("test.js.template") + disclaimer_template = get_template('disclaimer.template') + test_description_template = get_template("test_description.template") + + html_template_filename = os.path.join(template_directory, + test_html_template_basename) + generated_disclaimer = disclaimer_template \ + % {'generating_script_filename': os.path.relpath(__file__, + test_root_directory), + 'html_template_filename': os.path.relpath(html_template_filename, + test_root_directory)} + + selection['generated_disclaimer'] = generated_disclaimer.rstrip() + test_description_template = \ + test_description_template.rstrip().replace("\n", "\n" + " " * 33) + selection['test_description'] = test_description_template % selection + + # Adjust the template for the test invoking JS. Indent it to look nice. + indent = "\n" + " " * 6; + test_js_template = indent + test_js_template.replace("\n", indent); + selection['test_js'] = test_js_template % selection + + # Directory for the test files. + try: + os.makedirs(full_path) + except: + pass + + # TODO(kristijanburnik): Implement the opt-in-method here. + opt_in_method = selection['opt_in_method'] + selection['meta_opt_in'] = '' + if opt_in_method == 'meta-csp': + selection['meta_opt_in'] = '\n <meta http-equiv="Content-Security-Policy" ' + \ + 'content="block-all-mixed-content">' + elif opt_in_method == 'http-csp': + opt_in_headers = "Content-Security-Policy: block-all-mixed-content\n" + write_file(test_headers_filename, opt_in_headers) + elif opt_in_method == 'no-opt-in': + pass + else: + raise ValueError("Invalid opt_in_method %s" % opt_in_method) + + # Write out the generated HTML file. + write_file(test_filename, test_html_template % selection) + +def generate_test_source_files(spec_json, target): + test_expansion_schema = spec_json['test_expansion_schema'] + specification = spec_json['specification'] + + spec_json_js_template = get_template('spec_json.js.template') + write_file(generated_spec_json_filename, + spec_json_js_template % {'spec_json': json.dumps(spec_json)}) + + # Choose a debug/release template depending on the target. + html_template = "test.%s.html.template" % target + + artifact_order = test_expansion_schema.keys() + ['name'] + + # Create list of excluded tests. + exclusion_dict = {} + for excluded_pattern in spec_json['excluded_tests']: + excluded_expansion = \ + expand_pattern(excluded_pattern, + test_expansion_schema) + for excluded_selection in permute_expansion(excluded_expansion, artifact_order): + excluded_selection_path = selection_pattern % excluded_selection + exclusion_dict[excluded_selection_path] = True + + for spec in specification: + for expansion_pattern in spec['test_expansion']: + expansion = expand_pattern(expansion_pattern, + test_expansion_schema) + for selection in permute_expansion(expansion, artifact_order): + selection_path = selection_pattern % selection + if not selection_path in exclusion_dict: + generate_selection(selection, + spec, + html_template) + else: + print 'Excluding selection:', selection_path + + +def main(target, spec_filename): + spec_json = load_spec_json(spec_filename); + spec_validator.assert_valid_spec_json(spec_json) + generate_test_source_files(spec_json, target) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Test suite generator utility') + parser.add_argument('-t', '--target', type = str, + choices = ("release", "debug"), default = "release", + help = 'Sets the appropriate template for generating tests') + parser.add_argument('-s', '--spec', type = str, default = None, + help = 'Specify a file used for describing and generating the tests') + # TODO(kristijanburnik): Add option for the spec_json file. + args = parser.parse_args() + main(args.target, args.spec) diff --git a/testing/web-platform/tests/mixed-content/generic/tools/regenerate b/testing/web-platform/tests/mixed-content/generic/tools/regenerate new file mode 100755 index 000000000..e6bd63519 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/tools/regenerate @@ -0,0 +1,3 @@ +#!/bin/bash +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +python $DIR/clean.py && python $DIR/generate.py diff --git a/testing/web-platform/tests/mixed-content/generic/tools/spec_validator.py b/testing/web-platform/tests/mixed-content/generic/tools/spec_validator.py new file mode 100755 index 000000000..a6acc1040 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/tools/spec_validator.py @@ -0,0 +1,159 @@ +#!/usr/bin/env python + +import json, sys +from common_paths import * + +def assert_non_empty_string(obj, field): + assert field in obj, 'Missing field "%s"' % field + assert isinstance(obj[field], basestring), \ + 'Field "%s" must be a string' % field + assert len(obj[field]) > 0, 'Field "%s" must not be empty' % field + + +def assert_non_empty_list(obj, field): + assert isinstance(obj[field], list), \ + '%s must be a list' % field + assert len(obj[field]) > 0, \ + '%s list must not be empty' % field + + +def assert_non_empty_dict(obj, field): + assert isinstance(obj[field], dict), \ + '%s must be a dict' % field + assert len(obj[field]) > 0, \ + '%s dict must not be empty' % field + + +def assert_contains(obj, field): + assert field in obj, 'Must contain field "%s"' % field + + +def assert_string_from(obj, field, items): + assert obj[field] in items, \ + 'Field "%s" must be from: %s' % (field, str(items)) + + +def assert_string_or_list_items_from(obj, field, items): + if isinstance(obj[field], basestring): + assert_string_from(obj, field, items) + return + + assert isinstance(obj[field], list), "%s must be a list!" % field + for allowed_value in obj[field]: + assert allowed_value != '*', "Wildcard is not supported for lists!" + assert allowed_value in items, \ + 'Field "%s" must be from: %s' % (field, str(items)) + + +def assert_contains_only_fields(obj, expected_fields): + for expected_field in expected_fields: + assert_contains(obj, expected_field) + + for actual_field in obj: + assert actual_field in expected_fields, \ + 'Unexpected field "%s".' % actual_field + + +def assert_value_unique_in(value, used_values): + assert value not in used_values, 'Duplicate value "%s"!' % str(value) + used_values[value] = True + + +def assert_valid_artifact(exp_pattern, artifact_key, schema): + if isinstance(schema, list): + assert_string_or_list_items_from(exp_pattern, artifact_key, + ["*"] + schema) + return + + for sub_artifact_key, sub_schema in schema.iteritems(): + assert_valid_artifact(exp_pattern[artifact_key], sub_artifact_key, + sub_schema) + +def validate(spec_json, details): + """ Validates the json specification for generating tests. """ + + details['object'] = spec_json + assert_contains_only_fields(spec_json, ["specification", + "test_expansion_schema", + "excluded_tests"]) + assert_non_empty_list(spec_json, "specification") + assert_non_empty_dict(spec_json, "test_expansion_schema") + assert_non_empty_list(spec_json, "excluded_tests") + + specification = spec_json['specification'] + test_expansion_schema = spec_json['test_expansion_schema'] + excluded_tests = spec_json['excluded_tests'] + + valid_test_expansion_fields = ['name'] + test_expansion_schema.keys() + + # Validate each single spec. + for spec in specification: + details['object'] = spec + + # Validate required fields for a single spec. + assert_contains_only_fields(spec, ['name', + 'title', + 'description', + 'specification_url', + 'test_expansion']) + assert_non_empty_string(spec, 'name') + assert_non_empty_string(spec, 'title') + assert_non_empty_string(spec, 'description') + assert_non_empty_string(spec, 'specification_url') + assert_non_empty_list(spec, 'test_expansion') + + # Validate spec's test expansion. + used_spec_names = {} + + for spec_exp in spec['test_expansion']: + details['object'] = spec_exp + assert_non_empty_string(spec_exp, 'name') + # The name is unique in same expansion group. + assert_value_unique_in((spec_exp['expansion'], spec_exp['name']), + used_spec_names) + assert_contains_only_fields(spec_exp, valid_test_expansion_fields) + + for artifact in test_expansion_schema: + details['test_expansion_field'] = artifact + assert_valid_artifact(spec_exp, artifact, + test_expansion_schema[artifact]) + del details['test_expansion_field'] + + # Validate the test_expansion schema members. + details['object'] = test_expansion_schema + assert_contains_only_fields(test_expansion_schema, ['expansion', + 'source_scheme', + 'opt_in_method', + 'context_nesting', + 'redirection', + 'subresource', + 'origin', + 'expectation']) + # Validate excluded tests. + details['object'] = excluded_tests + for excluded_test_expansion in excluded_tests: + assert_contains_only_fields(excluded_test_expansion, + valid_test_expansion_fields) + + + del details['object'] + + +def assert_valid_spec_json(spec_json): + error_details = {} + try: + validate(spec_json, error_details) + except AssertionError, err: + print 'ERROR:', err.message + print json.dumps(error_details, indent=4) + sys.exit(1) + + +def main(): + spec_json = load_spec_json(); + assert_valid_spec_json(spec_json) + print "Spec JSON is valid." + + +if __name__ == '__main__': + main() diff --git a/testing/web-platform/tests/mixed-content/generic/worker.js b/testing/web-platform/tests/mixed-content/generic/worker.js new file mode 100644 index 000000000..7e2168bcc --- /dev/null +++ b/testing/web-platform/tests/mixed-content/generic/worker.js @@ -0,0 +1 @@ +postMessage('done'); diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..ac620c107 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..abc81b301 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..27c67b081 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..1816b4231 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..509fc3475 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..61baeee79 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..743515ed3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..88a54250a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..2098a60b6 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..029d34c4f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..c72ca267f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b50a7b70a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..5fd63aa6d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..e6f742213 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..522e94420 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..ad615e9b2 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b6f92431a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..580f4b549 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..fa8bd8a1f --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..685f34582 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..ab0378461 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..8b64104bd --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..abe3385b0 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..78d9f8d5d --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 000000000..46e2255e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..283c34207 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..684d2449a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..7f5cc2955 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..a181ecd38 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..1c65507b4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..b05dff3b3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..28003d9a1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 000000000..05f1890c9 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"> + <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..15fe5d2af --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..2da4a2b93 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..8b610ada7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..5a7bdc3b5 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..6c0a9f5e6 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..c9ffbfd0c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..766298614 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..5bcce0017 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..312303234 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..561a2f7c1 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..e02134b4a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..f90575c13 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..cd4d8a52e --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..20d31cf69 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..2ed233dc8 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..aab662fc3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..6f0a8fded --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..f55cce437 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..26c765720 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..582f6c63a --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..a7feabccb --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..68bfc2b84 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..2e5eff5a7 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 000000000..8c5bd7b08 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/mixed-content/spec.src.json b/testing/web-platform/tests/mixed-content/spec.src.json new file mode 100644 index 000000000..3f1540ab4 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/spec.src.json @@ -0,0 +1,258 @@ +{ + "specification": [ + { + "name": "optionally-blockable", + "title": "Optionally-blockable content", + "description": "Test behavior of optionally-blockable content", + "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", + "test_expansion": [ + { + "name": "opt-in-blocks", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": ["http-csp", "meta-csp"], + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": [], + "optionally-blockable": "*" + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "blocked" + }, + { + "name": "no-opt-in-allows", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": "no-opt-in", + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": [], + "optionally-blockable": "*" + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "allowed" + } + ] + }, + { + "name": "blockable", + "title": "Blockable content", + "description": "Test behavior of blockable content.", + "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", + "test_expansion": [ + { + "name": "opt-in-blocks", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": ["http-csp", "meta-csp"], + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": "*", + "optionally-blockable": [] + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "blocked" + }, + { + "name": "no-opt-in-blocks", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": "no-opt-in", + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": "*", + "optionally-blockable": [] + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "blocked" + }, + { + "name": "ws-downgrade-blocks", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": ["no-opt-in", "http-csp", "meta-csp"], + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": "websocket-request", + "optionally-blockable": [] + }, + "origin": ["cross-origin-ws", "same-host-ws"], + "expectation": "blocked" + } + ] + }, + { + "name": "allowed", + "title": "Allowed content", + "description": "Test behavior of allowed content.", + "specification_url": "http://www.w3.org/TR/mixed-content/", + "test_expansion": [ + { + "name": "allowed", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": "*", + "context_nesting": "top-level", + "redirection": ["no-redirect", "keep-scheme-redirect"], + "subresource": { + "blockable": "*", + "optionally-blockable": "*" + }, + "origin": ["same-host-https"], + "expectation": "allowed" + }, + { + "name": "websocket-allowed", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": "*", + "context_nesting": "top-level", + "redirection": ["no-redirect", "keep-scheme-redirect"], + "subresource": { + "blockable": "websocket-request", + "optionally-blockable": [] + }, + "origin": ["same-host-wss"], + "expectation": "allowed" + } + ] + } + ], + + "excluded_tests": [ + { + "name": "Redundant-subresources", + "expansion": "*", + "source_scheme": "*", + "opt_in_method": "*", + "context_nesting": "*", + "redirection": "*", + "subresource": { + "blockable": [ + "a-tag" + ], + "optionally-blockable": [] + }, + "origin": "*", + "expectation": "*" + }, + { + "name": "Skip-origins-not-applicable-to-websockets", + "expansion": "*", + "source_scheme": "*", + "opt_in_method": "*", + "context_nesting": "*", + "redirection": "*", + "subresource": { + "blockable": [ + "websocket-request" + ], + "optionally-blockable": [] + }, + "origin": [ + "same-host-https", + "same-host-http", + "cross-origin-https", + "cross-origin-http" + ], + "expectation": "*" + }, + { + "name": "TODO-opt-in-method-img-cross-origin", + "expansion": "*", + "source_scheme": "*", + "opt_in_method": "img-crossorigin", + "context_nesting": "*", + "redirection": "*", + "subresource": { + "blockable": "*", + "optionally-blockable": "*" + }, + "origin": "*", + "expectation": "*" + }, + { + "name": "Skip-redundant-for-opt-in-method", + "expansion": "*", + "source_scheme": "*", + "opt_in_method": [ + "meta-csp", + "img-crossorigin" + ], + "context_nesting": "*", + "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], + "subresource": { + "blockable": "*", + "optionally-blockable": "*" + }, + "origin": "*", + "expectation": "*" + } + ], + + "test_expansion_schema": { + "expansion": [ + "default", + "override" + ], + "source_scheme": [ + "http", + "https" + ], + "opt_in_method": [ + "no-opt-in", + "http-csp", + "meta-csp", + "img-crossorigin" + ], + "redirection": [ + "no-redirect", + "keep-scheme-redirect", + "swap-scheme-redirect" + ], + "context_nesting": [ + "top-level", + "sub-level" + ], + "origin": [ + "same-host-https", + "same-host-http", + "cross-origin-https", + "cross-origin-http", + "same-host-wss", + "same-host-ws", + "cross-origin-wss", + "cross-origin-ws" + ], + "subresource": { + "blockable": [ + "iframe-tag", + "script-tag", + "link-css-tag", + "form-tag", + "xhr-request", + "worker-request", + "fetch-request", + "a-tag", + "object-tag", + "picture-tag", + "websocket-request" + ], + "optionally-blockable": [ + "img-tag", + "audio-tag", + "video-tag", + "link-prefetch-tag" + ] + }, + "expectation": [ + "allowed", + "blocked" + ] + } +} diff --git a/testing/web-platform/tests/mixed-content/spec_json.js b/testing/web-platform/tests/mixed-content/spec_json.js new file mode 100644 index 000000000..5de1b17e3 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/spec_json.js @@ -0,0 +1 @@ +var SPEC_JSON = {"test_expansion_schema": {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http", "same-host-wss", "same-host-ws", "cross-origin-wss", "cross-origin-ws"], "subresource": {"blockable": ["iframe-tag", "script-tag", "link-css-tag", "form-tag", "xhr-request", "worker-request", "fetch-request", "a-tag", "object-tag", "picture-tag", "websocket-request"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag", "link-prefetch-tag"]}, "context_nesting": ["top-level", "sub-level"], "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme-redirect", "swap-scheme-redirect"], "opt_in_method": ["no-opt-in", "http-csp", "meta-csp", "img-crossorigin"], "source_scheme": ["http", "https"]}, "specification": [{"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-allows", "redirection": "*", "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-ws", "same-host-ws"], "name": "ws-downgrade-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["no-opt-in", "http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"origin": ["same-host-https"], "name": "allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": ["same-host-wss"], "name": "websocket-allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "excluded_tests": [{"origin": "*", "name": "Redundant-subresources", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag"], "optionally-blockable": []}}, {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http"], "name": "Skip-origins-not-applicable-to-websockets", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["websocket-request"], "optionally-blockable": []}}, {"origin": "*", "name": "TODO-opt-in-method-img-cross-origin", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "img-crossorigin", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": "*", "name": "Skip-redundant-for-opt-in-method", "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": ["meta-csp", "img-crossorigin"], "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}]}; |