summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/mixed-content
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/mixed-content
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/mixed-content')
-rw-r--r--testing/web-platform/tests/mixed-content/OWNERS1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/generic/common.js398
-rw-r--r--testing/web-platform/tests/mixed-content/generic/expect.py102
-rw-r--r--testing/web-platform/tests/mixed-content/generic/mixed-content-test-case.js163
-rw-r--r--testing/web-platform/tests/mixed-content/generic/sanity-checker.js53
-rw-r--r--testing/web-platform/tests/mixed-content/generic/template/disclaimer.template1
-rw-r--r--testing/web-platform/tests/mixed-content/generic/template/spec_json.js.template1
-rw-r--r--testing/web-platform/tests/mixed-content/generic/template/test.debug.html.template31
-rw-r--r--testing/web-platform/tests/mixed-content/generic/template/test.js.template13
-rw-r--r--testing/web-platform/tests/mixed-content/generic/template/test.release.html.template20
-rw-r--r--testing/web-platform/tests/mixed-content/generic/template/test_description.template7
-rw-r--r--testing/web-platform/tests/mixed-content/generic/tools/__init__.py0
-rwxr-xr-xtesting/web-platform/tests/mixed-content/generic/tools/clean.py35
-rw-r--r--testing/web-platform/tests/mixed-content/generic/tools/common_paths.py58
-rwxr-xr-xtesting/web-platform/tests/mixed-content/generic/tools/generate.py157
-rwxr-xr-xtesting/web-platform/tests/mixed-content/generic/tools/regenerate3
-rwxr-xr-xtesting/web-platform/tests/mixed-content/generic/tools/spec_validator.py159
-rw-r--r--testing/web-platform/tests/mixed-content/generic/worker.js1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers1
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html41
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html40
-rw-r--r--testing/web-platform/tests/mixed-content/spec.src.json258
-rw-r--r--testing/web-platform/tests/mixed-content/spec_json.js1
398 files changed, 12256 insertions, 0 deletions
diff --git a/testing/web-platform/tests/mixed-content/OWNERS b/testing/web-platform/tests/mixed-content/OWNERS
new file mode 100644
index 000000000..db2d613c2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/OWNERS
@@ -0,0 +1 @@
+@kristijanburnik
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..5e6b8cbe1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..0adc65f82
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..260fb14b0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..9b18ebb78
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..742363922
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..3f781b820
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..f584e0be9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..eb24a71a7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..77adba644
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..b08d413e8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..606887e3d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..2f4f750de
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..a047941dc
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..bd24109af
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..d1be723f1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..3f8ec136a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..3ae09e2e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..883c0bbdf
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..cb3528e03
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..7bffa299c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..ce7266440
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..b9ddc78ff
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..1a9053e4c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..0488b1337
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..23f0a1fc8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..7baa3e54a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html
new file mode 100644
index 000000000..ff33c35d1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-wss
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-wss",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
new file mode 100644
index 000000000..dabaab28c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-wss
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-wss",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html.headers b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/http-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..a29157047
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..825fb2441
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..845298825
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..148a6ec88
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..e4ac20f4f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..869c05abe
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..71ef6d359
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..662ac192a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..0d846777f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..0d0eec01c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..cf8439631
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..e5bf5ce95
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..ebbc9ec0c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
new file mode 100644
index 000000000..f1cfed198
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-wss
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: allowed">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-wss",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..b30f28b2a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..c13fd88e4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..9045019de
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..d4b8292af
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..a640ddee7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..48f005a38
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..f44a0b54d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..9cd4f1ba4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..54bb60acc
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..26d7d2390
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..7d620f8da
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..f6d23405d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..c3ea33fdb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..4c5911153
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..ebfb5195e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..f5ffcf3a8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..57efd6f5e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..e3113a84c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..9dc0bb122
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..bad7e7f21
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..f044783e6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..fd0a1f923
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..d720fc4fa
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..bd69a14a9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html
new file mode 100644
index 000000000..9da0d9f98
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
new file mode 100644
index 000000000..b0fff36eb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-https
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-https",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html
new file mode 100644
index 000000000..52684b1a5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/keep-scheme-redirect/websocket-allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-wss
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-wss",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
new file mode 100644
index 000000000..a32429b88
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/allowed/no-opt-in/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-wss
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-wss",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..012bd3540
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..54fbe3a84
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..f95554558
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..277d47891
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..582ed6012
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..37d4db54b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b4957a41e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..e910a0ab7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1f8763010
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..7376626e2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..fc123d963
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..f7fd32cbf
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..8ebd99b01
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b7743daa6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..3fe162a2f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..6f71158c2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..48012dfe5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b76c48a65
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..61f10dfbf
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..69210c606
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..a2201a213
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..8fc3283a0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..21f63bd73
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d4c437147
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..314f09789
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d44e65bcd
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..973db8006
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..5f4facece
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..0d700202f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..22e930e20
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..c03b96f01
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..a7ce2a530
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1eec54d3b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..6d67e4d0e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0d8b5ebdb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..326ca747c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..35e3102a5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..eaa1cc5d7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..ff99ecf9b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b93d17784
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b23f9f0eb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..122ee404d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..4c43f3aea
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..27da8b421
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..01df78229
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..27e971ac4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0fe505a4b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d066d7f4a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..011e515da
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..5c8d860a6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..123e53d20
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..735c267a8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..d70b85768
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..bf77ac6d7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..f85094162
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0dd9e88e8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..eb7f7ea2c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..972d7f3d3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..66b20800f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..664acc6fa
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/http-csp/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..a1b37ef1e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..2ea8aadca
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..2aa9e013b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..191b4a9ea
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..ee5cfea71
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..abe50087f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..7e9a2395a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..63ba90454
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..cf95677c7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..1bc4b11d9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..0fb506de1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b5dcde734
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1fb7a9385
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..5e71b99d4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..28fdc6f08
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..9c484e398
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..44b4795c9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..22e7c6eac
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..80a633ab2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..a3cb304e0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f35fd03da
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..3b2d158d6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..24a1e8671
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..aaeaf7673
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..a649f4de4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..fa1d0fe90
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..0dad760aa
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ed11ad73e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..de84e1278
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..13c536f3e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..e94103004
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..c9efe54e4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..23e6badf7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..482024535
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f91df5037
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..09fadc8d3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..635050128
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..c3bedd387
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..4c375acd1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..21d152557
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..cd56451c5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..4feea4b7d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..2d4f15b13
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..a6782c7e5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..b2ee591a7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..e49db79f3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ffd8aeb9c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..ef959099b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..9a344137b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..fad857a6e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/cross-origin-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..d7aa3899b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..55c768525
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..13de80df7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: fetch-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "fetch-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..45a2764ad
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..09e948a84
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f72d269d1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: form-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "form-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..a69f2bb41
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..f98fe6c4c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..b891c73e8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: iframe-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "iframe-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..11d8f4877
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ce383d9aa
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..67b58e009
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-css-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-css-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..190b66b0d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..c03d5036a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..d9a166609
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: object-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "object-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..0b2a8c8ff
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..532c97bf0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..662fc9048
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: picture-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "picture-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..cc1c051a3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..23efca0a5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..69e151519
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: script-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "script-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..065ff5ba5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..3cd8a6748
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..3b3e17c27
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: worker-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "worker-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..897354a79
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..ee787d05a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
new file mode 100644
index 000000000..9a9085b86
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: xhr-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "xhr-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..cc6369045
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/keep-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..4b7ae62fd
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
new file mode 100644
index 000000000..278819b93
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/blockable/no-opt-in/same-host-ws/websocket-request/top-level/swap-scheme-redirect/ws-downgrade-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-ws
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: websocket-request
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-ws",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "websocket-request",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/generic/common.js b/testing/web-platform/tests/mixed-content/generic/common.js
new file mode 100644
index 000000000..36427a466
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/common.js
@@ -0,0 +1,398 @@
+/**
+ * @fileoverview Utilities for mixed-content in Web Platform Tests.
+ * @author burnik@google.com (Kristijan Burnik)
+ * Disclaimer: Some methods of other authors are annotated in the corresponding
+ * method's JSDoc.
+ */
+
+/**
+ * Normalizes the target port for use in a URL. For default ports, this is the
+ * empty string (omitted port), otherwise it's a colon followed by the port
+ * number. Ports 80, 443 and an empty string are regarded as default ports.
+ * @param {number} targetPort The port to use
+ * @return {string} The port portion for using as part of a URL.
+ */
+function getNormalizedPort(targetPort) {
+ return ([80, 443, ""].indexOf(targetPort) >= 0) ? "" : ":" + targetPort;
+}
+
+/**
+ * Creates a GUID.
+ * See: https://en.wikipedia.org/wiki/Globally_unique_identifier
+ * Original author: broofa (http://www.broofa.com/)
+ * Sourced from: http://stackoverflow.com/a/2117523/4949715
+ * @return {string} A pseudo-random GUID.
+ */
+function guid() {
+ return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
+ var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
+ return v.toString(16);
+ });
+}
+
+/**
+ * Initiates a new XHR via GET.
+ * @param {string} url The endpoint URL for the XHR.
+ * @param {string} responseType Optional - how should the response be parsed.
+ * Default is "json".
+ * See: https://xhr.spec.whatwg.org/#dom-xmlhttprequest-responsetype
+ * @return {Promise} A promise wrapping the success and error events.
+ */
+function xhrRequest(url, responseType) {
+ return new Promise(function(resolve, reject) {
+ var xhr = new XMLHttpRequest();
+ xhr.open('GET', url, true);
+ xhr.responseType = responseType || "json";
+
+ xhr.addEventListener("error", function() {
+ reject(Error("Network Error"));
+ });
+
+ xhr.addEventListener("load", function() {
+ if (xhr.status != 200)
+ return reject(Error(xhr.statusText));
+
+ resolve(xhr.response);
+ });
+
+ xhr.send();
+ });
+}
+
+/**
+ * Sets attributes on a given DOM element.
+ * @param {DOMElement} element The element on which to set the attributes.
+ * @param {object} An object with keys (serving as attribute names) and values.
+ */
+function setAttributes(el, attrs) {
+ attrs = attrs || {}
+ for (var attr in attrs)
+ el.setAttribute(attr, attrs[attr]);
+}
+
+
+/**
+ * Binds to success and error events of an object wrapping them into a promise
+ * available through {@code element.eventPromise}. The success event
+ * resolves and error event rejects.
+ * @param {object} element An object supporting events on which to bind the
+ * promise.
+ * @param {string} resolveEventName [="load"] The event name to bind resolve to.
+ * @param {string} rejectEventName [="error"] The event name to bind reject to.
+ */
+function bindEvents(element, resolveEventName, rejectEventName) {
+ element.eventPromise = new Promise(function(resolve, reject) {
+ element.addEventListener(resolveEventName || "load", resolve);
+ element.addEventListener(rejectEventName || "error",
+ function(e) { e.preventDefault(); reject(); } );
+ });
+}
+
+/**
+ * Creates a new DOM element.
+ * @param {string} tagName The type of the DOM element.
+ * @param {object} attrs A JSON with attributes to apply to the element.
+ * @param {DOMElement} parent Optional - an existing DOM element to append to
+ * If not provided, the returned element will remain orphaned.
+ * @param {boolean} doBindEvents Optional - Whether to bind to load and error
+ * events and provide the promise wrapping the events via the element's
+ * {@code eventPromise} property. Default value evaluates to false.
+ * @return {DOMElement} The newly created DOM element.
+ */
+function createElement(tagName, attrs, parent, doBindEvents) {
+ var element = document.createElement(tagName);
+
+ if (doBindEvents)
+ bindEvents(element);
+
+ // We set the attributes after binding to events to catch any
+ // event-triggering attribute changes. E.g. form submission.
+ //
+ // But be careful with images: unlike other elements they will start the load
+ // as soon as the attr is set, even if not in the document yet, and sometimes
+ // complete it synchronously, so the append doesn't have the effect we want.
+ // So for images, we want to set the attrs after appending, whereas for other
+ // elements we want to do it before appending.
+ var isImg = (tagName == "img");
+ if (!isImg)
+ setAttributes(element, attrs);
+
+ if (parent)
+ parent.appendChild(element);
+
+ if (isImg)
+ setAttributes(element, attrs);
+
+ return element;
+}
+
+function createRequestViaElement(tagName, attrs, parent) {
+ return createElement(tagName, attrs, parent, true).eventPromise;
+}
+
+/**
+ * Creates a new empty iframe and appends it to {@code document.body} .
+ * @param {string} name The name and ID of the new iframe.
+ * @param {boolean} doBindEvents Whether to bind load and error events.
+ * @return {DOMElement} The newly created iframe.
+ */
+function createHelperIframe(name, doBindEvents) {
+ return createElement("iframe",
+ {"name": name, "id": name},
+ document.body,
+ doBindEvents);
+}
+
+/**
+ * Creates a new iframe, binds load and error events, sets the src attribute and
+ * appends it to {@code document.body} .
+ * @param {string} url The src for the iframe.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaIframe(url) {
+ return createRequestViaElement("iframe", {"src": url}, document.body);
+}
+
+/**
+ * Creates a new image, binds load and error events, sets the src attribute and
+ * appends it to {@code document.body} .
+ * @param {string} url The src for the image.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaImage(url) {
+ return createRequestViaElement("img", {"src": url}, document.body);
+}
+
+/**
+ * Initiates a new XHR GET request to provided URL.
+ * @param {string} url The endpoint URL for the XHR.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaXhr(url) {
+ return xhrRequest(url);
+}
+
+/**
+ * Initiates a new GET request to provided URL via the Fetch API.
+ * @param {string} url The endpoint URL for the Fetch.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaFetch(url) {
+ return fetch(url);
+}
+
+/**
+ * Creates a new Worker, binds message and error events wrapping them into.
+ * {@code worker.eventPromise} and posts an empty string message to start
+ * the worker.
+ * @param {string} url The endpoint URL for the worker script.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaWorker(url) {
+ var worker = new Worker(url);
+ bindEvents(worker, "message", "error");
+ worker.postMessage('');
+
+ return worker.eventPromise;
+}
+
+/**
+ * Sets the href attribute on a navigable DOM element and performs a navigation
+ * by clicking it. To avoid navigating away from the current execution
+ * context, a target attribute is set to point to a new helper iframe.
+ * @param {DOMElement} navigableElement The navigable DOMElement
+ * @param {string} url The href for the navigable element.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaNavigable(navigableElement, url) {
+ var iframe = createHelperIframe(guid(), true);
+ setAttributes(navigableElement,
+ {"href": url,
+ "target": iframe.name});
+ navigableElement.click();
+
+ return iframe.eventPromise;
+}
+
+/**
+ * Creates a new anchor element, appends it to {@code document.body} and
+ * performs the navigation.
+ * @param {string} url The URL to navigate to.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaAnchor(url) {
+ var a = createElement("a", {"innerHTML": "Link to resource"}, document.body);
+
+ return requestViaNavigable(a, url);
+}
+
+/**
+ * Creates a new area element, appends it to {@code document.body} and performs
+ * the navigation.
+ * @param {string} url The URL to navigate to.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaArea(url) {
+ var area = createElement("area", {}, document.body);
+
+ return requestViaNavigable(area, url);
+}
+
+/**
+ * Creates a new script element, sets the src to url, and appends it to
+ * {@code document.body}.
+ * @param {string} url The src URL.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaScript(url) {
+ return createRequestViaElement("script", {"src": url}, document.body);
+}
+
+/**
+ * Creates a new form element, sets attributes, appends it to
+ * {@code document.body} and submits the form.
+ * @param {string} url The URL to submit to.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaForm(url) {
+ var iframe = createHelperIframe(guid());
+ var form = createElement("form",
+ {"action": url,
+ "method": "POST",
+ "target": iframe.name},
+ document.body);
+ bindEvents(iframe);
+ form.submit();
+
+ return iframe.eventPromise;
+}
+
+/**
+ * Creates a new link element for a stylesheet, binds load and error events,
+ * sets the href to url and appends it to {@code document.head}.
+ * @param {string} url The URL for a stylesheet.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaLinkStylesheet(url) {
+ return createRequestViaElement("link",
+ {"rel": "stylesheet", "href": url},
+ document.head);
+}
+
+/**
+ * Creates a new link element for a prefetch, binds load and error events, sets
+ * the href to url and appends it to {@code document.head}.
+ * @param {string} url The URL of a resource to prefetch.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaLinkPrefetch(url) {
+ // TODO(kristijanburnik): Check if prefetch should support load and error
+ // events. For now we assume it's not specified.
+ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ
+ return createRequestViaElement("link",
+ {"rel": "prefetch", "href": url},
+ document.head);
+}
+
+/**
+ * Creates a new media element with a child source element, binds loadeddata and
+ * error events, sets attributes and appends to document.body.
+ * @param {string} type The type of the media element (audio/video/picture).
+ * @param {object} media_attrs The attributes for the media element.
+ * @param {object} source_attrs The attributes for the child source element.
+ * @return {DOMElement} The newly created media element.
+ */
+function createMediaElement(type, media_attrs, source_attrs) {
+ var mediaElement = createElement(type, {});
+ var sourceElement = createElement("source", {}, mediaElement);
+
+ mediaElement.eventPromise = new Promise(function(resolve, reject) {
+ mediaElement.addEventListener("loadeddata", resolve);
+ // Notice that the source element will raise the error.
+ sourceElement.addEventListener("error", reject);
+ });
+
+ setAttributes(mediaElement, media_attrs);
+ setAttributes(sourceElement, source_attrs);
+ document.body.appendChild(mediaElement);
+
+ return mediaElement;
+}
+
+/**
+ * Creates a new video element, binds loadeddata and error events, sets
+ * attributes and source URL and appends to {@code document.body}.
+ * @param {string} url The URL of the video.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaVideo(url) {
+ return createMediaElement("video",
+ {},
+ {type: "video/mp4", src: url}).eventPromise;
+}
+
+/**
+ * Creates a new audio element, binds loadeddata and error events, sets
+ * attributes and source URL and appends to {@code document.body}.
+ * @param {string} url The URL of the audio.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaAudio(url) {
+ return createMediaElement("audio",
+ {},
+ {type: "audio/mpeg", src: url}).eventPromise;
+}
+
+/**
+ * Creates a new picture element, binds loadeddata and error events, sets
+ * attributes and source URL and appends to {@code document.body}. Also
+ * creates new image element appending it to the picture
+ * @param {string} url The URL of the image for the source and image elements.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaPicture(url) {
+ var picture = createMediaElement("picture", {}, {"srcset": url,
+ "type": "image/png"});
+ return createRequestViaElement("img", {"src": url}, picture);
+}
+
+/**
+ * Creates a new object element, binds load and error events, sets the data to
+ * url, and appends it to {@code document.body}.
+ * @param {string} url The data URL.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaObject(url) {
+ return createRequestViaElement("object", {"data": url}, document.body);
+}
+
+/**
+ * Creates a new WebSocket pointing to {@code url} and sends a message string
+ * "echo". The {@code message} and {@code error} events are triggering the
+ * returned promise resolve/reject events.
+ * @param {string} url The URL for WebSocket to connect to.
+ * @return {Promise} The promise for success/error events.
+ */
+function requestViaWebSocket(url) {
+ return new Promise(function(resolve, reject) {
+ var websocket = new WebSocket(url);
+
+ websocket.addEventListener("message", function(e) {
+ resolve(JSON.parse(e.data));
+ });
+
+ websocket.addEventListener("open", function(e) {
+ websocket.send("echo");
+ });
+
+ websocket.addEventListener("error", function(e) {
+ reject(e)
+ });
+ });
+}
+
+// SanityChecker does nothing in release mode. See sanity-checker.js for debug
+// mode.
+function SanityChecker() {}
+SanityChecker.prototype.checkScenario = function() {};
+SanityChecker.prototype.setFailTimeout = function(test, timeout) {};
diff --git a/testing/web-platform/tests/mixed-content/generic/expect.py b/testing/web-platform/tests/mixed-content/generic/expect.py
new file mode 100644
index 000000000..a3ea61b21
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/expect.py
@@ -0,0 +1,102 @@
+import json, os, urllib, urlparse
+
+def redirect(url, response):
+ response.add_required_headers = False
+ response.writer.write_status(301)
+ response.writer.write_header("access-control-allow-origin", "*")
+ response.writer.write_header("location", url)
+ response.writer.end_headers()
+ response.writer.write("")
+
+def create_redirect_url(request, swap_scheme = False):
+ parsed = urlparse.urlsplit(request.url)
+ destination_netloc = parsed.netloc
+ scheme = parsed.scheme
+
+ if swap_scheme:
+ scheme = "http" if parsed.scheme == "https" else "https"
+ hostname = parsed.netloc.split(':')[0]
+ port = request.server.config["ports"][scheme][0]
+ destination_netloc = ":".join([hostname, str(port)])
+
+ # Remove "redirection" from query to avoid redirect loops.
+ parsed_query = dict(urlparse.parse_qsl(parsed.query))
+ assert "redirection" in parsed_query
+ del parsed_query["redirection"]
+
+ destination_url = urlparse.urlunsplit(urlparse.SplitResult(
+ scheme = scheme,
+ netloc = destination_netloc,
+ path = parsed.path,
+ query = urllib.urlencode(parsed_query),
+ fragment = None))
+
+ return destination_url
+
+def main(request, response):
+ if "redirection" in request.GET:
+ redirection = request.GET["redirection"]
+ if redirection == "no-redirect":
+ pass
+ elif redirection == "keep-scheme-redirect":
+ redirect(create_redirect_url(request, swap_scheme=False), response)
+ return
+ elif redirection == "swap-scheme-redirect":
+ redirect(create_redirect_url(request, swap_scheme=True), response)
+ return
+ else:
+ raise ValueError ("Invalid redirect type: %s" % redirection)
+
+ content_type = "text/plain"
+ response_data = ""
+
+ if "action" in request.GET:
+ action = request.GET["action"]
+
+ if "content_type" in request.GET:
+ content_type = request.GET["content_type"]
+
+ key = request.GET["key"]
+ stash = request.server.stash
+ path = request.GET.get("path", request.url.split('?'))[0]
+
+ if action == "put":
+ value = request.GET["value"]
+ stash.take(key=key, path=path)
+ stash.put(key=key, value=value, path=path)
+ response_data = json.dumps({"status": "success", "result": key})
+ elif action == "purge":
+ value = stash.take(key=key, path=path)
+ if content_type == "image/png":
+ response_data = open(os.path.join(request.doc_root,
+ "images",
+ "smiley.png"), "rb").read()
+ elif content_type == "audio/mpeg":
+ response_data = open(os.path.join(request.doc_root,
+ "media",
+ "sound_5.oga"), "rb").read()
+ elif content_type == "video/mp4":
+ response_data = open(os.path.join(request.doc_root,
+ "media",
+ "movie_5.mp4"), "rb").read()
+ elif content_type == "application/javascript":
+ response_data = open(os.path.join(request.doc_root,
+ "mixed-content",
+ "generic",
+ "worker.js"), "rb").read()
+ else:
+ response_data = "/* purged */"
+ elif action == "take":
+ value = stash.take(key=key, path=path)
+ if value is None:
+ status = "allowed"
+ else:
+ status = "blocked"
+ response_data = json.dumps({"status": status, "result": value})
+
+ response.add_required_headers = False
+ response.writer.write_status(200)
+ response.writer.write_header("content-type", content_type)
+ response.writer.write_header("cache-control", "no-cache; must-revalidate")
+ response.writer.end_headers()
+ response.writer.write(response_data)
diff --git a/testing/web-platform/tests/mixed-content/generic/mixed-content-test-case.js b/testing/web-platform/tests/mixed-content/generic/mixed-content-test-case.js
new file mode 100644
index 000000000..7f3a7bfa9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/mixed-content-test-case.js
@@ -0,0 +1,163 @@
+/**
+ * @fileoverview Test case for mixed-content in Web Platform Tests.
+ * @author burnik@google.com (Kristijan Burnik)
+ */
+
+/**
+ * MixedContentTestCase exercises all the tests for checking browser behavior
+ * when resources regarded as mixed-content are requested. A single run covers
+ * only a single scenario.
+ * @param {object} scenario A JSON describing the test arrangement and
+ * expectation(s). Refer to /mixed-content/spec.src.json for details.
+ * @param {string} description The test scenario verbose description.
+ * @param {SanityChecker} sanityChecker Instance of an object used to check the
+ * running scenario. Useful in debug mode. See ./sanity-checker.js.
+ * Run {@code ./tools/generate.py -h} for info on test generating modes.
+ * @return {object} Object wrapping the start method used to run the test.
+ */
+function MixedContentTestCase(scenario, description, sanityChecker) {
+ var httpProtocol = "http";
+ var httpsProtocol = "https";
+ var wsProtocol = "ws";
+ var wssProtocol = "wss";
+
+ var sameOriginHost = location.hostname;
+ var crossOriginHost = "{{domains[www1]}}";
+
+ // These values can evaluate to either empty strings or a ":port" string.
+ var httpPort = getNormalizedPort(parseInt("{{ports[http][0]}}", 10));
+ var httpsPort = getNormalizedPort(parseInt("{{ports[https][0]}}", 10));
+ var wsPort = getNormalizedPort(parseInt("{{ports[ws][0]}}", 10));
+ var wssPort = getNormalizedPort(parseInt("{{ports[wss][0]}}", 10));
+
+ var resourcePath = "/mixed-content/generic/expect.py";
+ var wsResourcePath = "/stash_responder";
+
+ // Map all endpoints to scenario for use in the test.
+ var endpoint = {
+ "same-origin":
+ location.origin + resourcePath,
+ "same-host-https":
+ httpsProtocol + "://" + sameOriginHost + httpsPort + resourcePath,
+ "same-host-http":
+ httpProtocol + "://" + sameOriginHost + httpPort + resourcePath,
+ "cross-origin-https":
+ httpsProtocol + "://" + crossOriginHost + httpsPort + resourcePath,
+ "cross-origin-http":
+ httpProtocol + "://" + crossOriginHost + httpPort + resourcePath,
+ "same-host-wss":
+ wssProtocol + "://" + sameOriginHost + wssPort + wsResourcePath,
+ "same-host-ws":
+ wsProtocol + "://" + sameOriginHost + wsPort + wsResourcePath,
+ "cross-origin-wss":
+ wssProtocol + "://" + crossOriginHost + wssPort + wsResourcePath,
+ "cross-origin-ws":
+ wsProtocol + "://" + crossOriginHost + wsPort + wsResourcePath
+ };
+
+ // Mapping all the resource requesting methods to the scenario.
+ var resourceMap = {
+ "a-tag": requestViaAnchor,
+ "area-tag": requestViaArea,
+ "fetch-request": requestViaFetch,
+ "form-tag": requestViaForm,
+ "iframe-tag": requestViaIframe,
+ "img-tag": requestViaImage,
+ "script-tag": requestViaScript,
+ "worker-request": requestViaWorker,
+ "xhr-request": requestViaXhr,
+ "audio-tag": requestViaAudio,
+ "video-tag": requestViaVideo,
+ "picture-tag": requestViaPicture,
+ "object-tag": requestViaObject,
+ "link-css-tag": requestViaLinkStylesheet,
+ "link-prefetch-tag": requestViaLinkPrefetch,
+ "websocket-request": requestViaWebSocket
+ };
+
+ sanityChecker.checkScenario(scenario, resourceMap);
+
+ // Mapping all expected MIME types to the scenario.
+ var contentType = {
+ "a-tag": "text/html",
+ "area-tag": "text/html",
+ "fetch-request": "application/json",
+ "form-tag": "text/html",
+ "iframe-tag": "text/html",
+ "img-tag": "image/png",
+ "script-tag": "text/javascript",
+ "worker-request": "application/javascript",
+ "xhr-request": "application/json",
+ "audio-tag": "audio/mpeg",
+ "video-tag": "video/mp4",
+ "picture-tag": "image/png",
+ "object-tag": "text/html",
+ "link-css-tag": "text/css",
+ "link-prefetch-tag": "text/html",
+ "websocket-request": "application/json"
+ };
+
+ var mixed_content_test = async_test(description);
+
+ function runTest() {
+ sanityChecker.setFailTimeout(mixed_content_test);
+
+ var key = guid();
+ var value = guid();
+ // We use the same path for both HTTP/S and WS/S stash requests.
+ var stash_path = encodeURIComponent("/mixed-content");
+ var announceResourceRequestUrl = endpoint['same-origin'] +
+ "?action=put&key=" + key +
+ "&value=" + value +
+ "&path=" + stash_path;
+ var assertResourceRequestUrl = endpoint['same-origin'] +
+ "?action=take&key=" + key +
+ "&path=" + stash_path;
+ var resourceRequestUrl = endpoint[scenario.origin] + "?redirection=" +
+ scenario.redirection + "&action=purge&key=" + key +
+ "&path=" + stash_path + "&content_type=" +
+ contentType[scenario.subresource];
+
+ xhrRequest(announceResourceRequestUrl)
+ .then(function(response) {
+ // Send out the real resource request.
+ // This should tear down the key if it's not blocked.
+ return resourceMap[scenario.subresource](resourceRequestUrl);
+ })
+ .then(function() {
+ mixed_content_test.step(function() {
+ assert_equals("allowed", scenario.expectation,
+ "The triggered event should match '" +
+ scenario.expectation + "'.");
+ }, "Check if success event was triggered.");
+
+ // Send request to check if the key has been torn down.
+ return xhrRequest(assertResourceRequestUrl);
+ }, function(error) {
+ mixed_content_test.step(function() {
+ assert_equals("blocked", scenario.expectation,
+ "The triggered event should match '" +
+ scenario.expectation + "'.");
+ // TODO(kristijanburnik): param "error" can be an event or error.
+ // Map assertion by resource.
+ // e.g.: assert_equals(e.type, "error");
+ }, "Check if error event was triggered.");
+
+ // When requestResource fails, we also check the key state.
+ return xhrRequest(assertResourceRequestUrl);
+ })
+ .then(function(response) {
+ // Now check if the value has been torn down. If it's still there,
+ // we have blocked the request to mixed-content.
+ mixed_content_test.step(function() {
+ assert_equals(response.status, scenario.expectation,
+ "The resource request should be '" + scenario.expectation +
+ "'.");
+ }, "Check if request was sent.");
+ mixed_content_test.done();
+ });
+
+ } // runTest
+
+ return {start: runTest};
+} // MixedContentTestCase
diff --git a/testing/web-platform/tests/mixed-content/generic/sanity-checker.js b/testing/web-platform/tests/mixed-content/generic/sanity-checker.js
new file mode 100644
index 000000000..55a103adf
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/sanity-checker.js
@@ -0,0 +1,53 @@
+// The SanityChecker is used in debug mode to identify problems with the
+// structure of the testsuite and to force early test failures.
+// In release mode it is mocked out to do nothing.
+function SanityChecker() {}
+
+SanityChecker.prototype.checkScenario = function(scenario, resourceInvoker) {
+ // Check if scenario is valid.
+ test(function() {
+ var expectedFields = SPEC_JSON["test_expansion_schema"];
+
+ for (var field in expectedFields) {
+ if (field == "expansion")
+ continue
+
+ assert_own_property(scenario, field,
+ "The scenario should contain field '" + field + "'.")
+
+ var expectedFieldList = expectedFields[field];
+ if (!expectedFieldList.hasOwnProperty('length')) {
+ var expectedFieldList = [];
+ for (var key in expectedFields[field]) {
+ expectedFieldList = expectedFieldList.concat(expectedFields[field][key])
+ }
+ }
+ assert_in_array(scenario[field], expectedFieldList,
+ "Scenario's " + field + " is one of: " +
+ expectedFieldList.join(", ")) + "."
+ }
+
+ // Check if the protocol is matched.
+ assert_equals(scenario["source_scheme"] + ":", location.protocol,
+ "Protocol of the test page should match the scenario.")
+
+ assert_own_property(resourceInvoker, scenario.subresource,
+ "Subresource should be supported");
+
+ }, "[MixedContentTestCase] The test scenario should be valid.");
+}
+
+// For easier debugging runs, we can fail a test earlier.
+SanityChecker.prototype.setFailTimeout = function(test, timeout) {
+ // Due to missing implementations, tests time out, so we fail them early.
+ // TODO(kristijanburnik): Once WPT rolled in:
+ // https://github.com/w3c/testharness.js/pull/127
+ // Refactor to make use of step_timeout.
+ setTimeout(function() {
+ test.step(function() {
+ assert_equals(test.phase, test.phases.COMPLETE,
+ "Expected test to complete.");
+ test.done();
+ })
+ }, timeout || 1000);
+}
diff --git a/testing/web-platform/tests/mixed-content/generic/template/disclaimer.template b/testing/web-platform/tests/mixed-content/generic/template/disclaimer.template
new file mode 100644
index 000000000..66c43ed6f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/template/disclaimer.template
@@ -0,0 +1 @@
+<!-- DO NOT EDIT! Generated by %(generating_script_filename)s using %(html_template_filename)s. -->
diff --git a/testing/web-platform/tests/mixed-content/generic/template/spec_json.js.template b/testing/web-platform/tests/mixed-content/generic/template/spec_json.js.template
new file mode 100644
index 000000000..e4cbd0342
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/template/spec_json.js.template
@@ -0,0 +1 @@
+var SPEC_JSON = %(spec_json)s;
diff --git a/testing/web-platform/tests/mixed-content/generic/template/test.debug.html.template b/testing/web-platform/tests/mixed-content/generic/template/test.debug.html.template
new file mode 100644
index 000000000..013bb6250
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/template/test.debug.html.template
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+%(generated_disclaimer)s
+<html>
+ <head>
+ <title>Mixed-Content: %(spec_title)s</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="%(spec_description)s">
+ <meta name="assert" content="%(test_description)s">%(meta_opt_in)s
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for mixed-content tests. -->
+ <script src="/mixed-content/generic/common.js"></script>
+ <!-- The original specification JSON for validating the scenario. -->
+ <script src="/mixed-content/spec_json.js"></script>
+ <!-- Internal checking of the tests -->
+ <script src="/mixed-content/generic/sanity-checker.js"></script>
+ <!-- Simple wrapper API for all mixed-content test cases. -->
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <h1>%(spec_title)s</h1>
+ <h2>%(spec_description)s</h2>
+ <pre>%(test_description)s</pre>
+
+ <p>See <a href="%(spec_specification_url)s" target="_blank">specification</a>
+ details for this test.</p>
+
+ <div id="log"></div>
+ <script>%(test_js)s</script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/generic/template/test.js.template b/testing/web-platform/tests/mixed-content/generic/template/test.js.template
new file mode 100644
index 000000000..b8c0769fc
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/template/test.js.template
@@ -0,0 +1,13 @@
+MixedContentTestCase(
+ {
+ "opt_in_method": "%(opt_in_method)s",
+ "origin": "%(origin)s",
+ "source_scheme": "%(source_scheme)s",
+ "context_nesting": "%(context_nesting)s",
+ "redirection": "%(redirection)s",
+ "subresource": "%(subresource)s",
+ "expectation": "%(expectation)s"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+).start();
diff --git a/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template b/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template
new file mode 100644
index 000000000..ca77389cc
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+%(generated_disclaimer)s
+<html>
+ <head>
+ <title>Mixed-Content: %(spec_title)s</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="%(spec_description)s">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="%(spec_specification_url)s">
+ <meta name="assert" content="%(test_description)s">%(meta_opt_in)s
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>%(test_js)s</script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/generic/template/test_description.template b/testing/web-platform/tests/mixed-content/generic/template/test_description.template
new file mode 100644
index 000000000..33dbcaa05
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/template/test_description.template
@@ -0,0 +1,7 @@
+opt_in_method: %(opt_in_method)s
+origin: %(origin)s
+source_scheme: %(source_scheme)s
+context_nesting: %(context_nesting)s
+redirection: %(redirection)s
+subresource: %(subresource)s
+expectation: %(expectation)s
diff --git a/testing/web-platform/tests/mixed-content/generic/tools/__init__.py b/testing/web-platform/tests/mixed-content/generic/tools/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/tools/__init__.py
diff --git a/testing/web-platform/tests/mixed-content/generic/tools/clean.py b/testing/web-platform/tests/mixed-content/generic/tools/clean.py
new file mode 100755
index 000000000..9416f0b5b
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/tools/clean.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+import os, json
+from common_paths import *
+import spec_validator
+
+def rmtree(top):
+ top = os.path.abspath(top)
+ assert top != os.path.expanduser("~")
+ assert len(top) > len(os.path.expanduser("~"))
+ assert "web-platform-tests" in top
+ assert "mixed-content" in top
+
+ for root, dirs, files in os.walk(top, topdown=False):
+ for name in files:
+ os.remove(os.path.join(root, name))
+ for name in dirs:
+ os.rmdir(os.path.join(root, name))
+
+ os.rmdir(top)
+
+def main():
+ spec_json = load_spec_json();
+ spec_validator.assert_valid_spec_json(spec_json)
+
+ for spec in spec_json['specification']:
+ generated_dir = os.path.join(spec_directory, spec["name"])
+ if (os.path.isdir(generated_dir)):
+ rmtree(generated_dir)
+
+ if (os.path.isfile(generated_spec_json_filename)):
+ os.remove(generated_spec_json_filename)
+
+if __name__ == '__main__':
+ main()
diff --git a/testing/web-platform/tests/mixed-content/generic/tools/common_paths.py b/testing/web-platform/tests/mixed-content/generic/tools/common_paths.py
new file mode 100644
index 000000000..5c2807d28
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/tools/common_paths.py
@@ -0,0 +1,58 @@
+import os, sys, json, re
+
+script_directory = os.path.dirname(os.path.abspath(__file__))
+generic_directory = os.path.abspath(os.path.join(script_directory, '..'))
+
+template_directory = os.path.abspath(os.path.join(script_directory,
+ '..',
+ 'template'))
+spec_directory = os.path.abspath(os.path.join(script_directory, '..', '..'))
+test_root_directory = os.path.abspath(os.path.join(script_directory,
+ '..', '..', '..'))
+
+spec_filename = os.path.join(spec_directory, "spec.src.json")
+generated_spec_json_filename = os.path.join(spec_directory, "spec_json.js")
+
+selection_pattern = '%(opt_in_method)s/' + \
+ '%(origin)s/' + \
+ '%(subresource)s/' + \
+ '%(context_nesting)s/' + \
+ '%(redirection)s/'
+
+test_file_path_pattern = '%(spec_name)s/' + selection_pattern + \
+ '%(name)s.%(source_scheme)s.html'
+
+
+def get_template(basename):
+ with open(os.path.join(template_directory, basename), "r") as f:
+ return f.read()
+
+
+def write_file(filename, contents):
+ with open(filename, "w") as f:
+ f.write(contents)
+
+
+def read_nth_line(fp, line_number):
+ fp.seek(0)
+ for i, line in enumerate(fp):
+ if (i + 1) == line_number:
+ return line
+
+
+def load_spec_json(path_to_spec = None):
+ if path_to_spec is None:
+ path_to_spec = spec_filename
+
+ re_error_location = re.compile('line ([0-9]+) column ([0-9]+)')
+ with open(path_to_spec, "r") as f:
+ try:
+ return json.load(f)
+ except ValueError, ex:
+ print ex.message
+ match = re_error_location.search(ex.message)
+ if match:
+ line_number, column = int(match.group(1)), int(match.group(2))
+ print read_nth_line(f, line_number).rstrip()
+ print " " * (column - 1) + "^"
+ sys.exit(1)
diff --git a/testing/web-platform/tests/mixed-content/generic/tools/generate.py b/testing/web-platform/tests/mixed-content/generic/tools/generate.py
new file mode 100755
index 000000000..6dcaebdc3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/tools/generate.py
@@ -0,0 +1,157 @@
+#!/usr/bin/env python
+
+import os, sys, json
+from common_paths import *
+import spec_validator
+import argparse
+
+
+def expand_pattern(expansion_pattern, test_expansion_schema):
+ expansion = {}
+ for artifact_key in expansion_pattern:
+ artifact_value = expansion_pattern[artifact_key]
+ if artifact_value == '*':
+ expansion[artifact_key] = test_expansion_schema[artifact_key]
+ elif isinstance(artifact_value, list):
+ expansion[artifact_key] = artifact_value
+ elif isinstance(artifact_value, dict):
+ # Flattened expansion.
+ expansion[artifact_key] = []
+ values_dict = expand_pattern(artifact_value,
+ test_expansion_schema[artifact_key])
+ for sub_key in values_dict.keys():
+ expansion[artifact_key] += values_dict[sub_key]
+ else:
+ expansion[artifact_key] = [artifact_value]
+
+ return expansion
+
+
+def permute_expansion(expansion, artifact_order, selection = {}, artifact_index = 0):
+ assert isinstance(artifact_order, list), "artifact_order should be a list"
+
+ if artifact_index >= len(artifact_order):
+ yield selection
+ return
+
+ artifact_key = artifact_order[artifact_index]
+
+ for artifact_value in expansion[artifact_key]:
+ selection[artifact_key] = artifact_value
+ for next_selection in permute_expansion(expansion,
+ artifact_order,
+ selection,
+ artifact_index + 1):
+ yield next_selection
+
+
+def generate_selection(selection, spec, test_html_template_basename):
+ selection['spec_name'] = spec['name']
+ selection['spec_title'] = spec['title']
+ selection['spec_description'] = spec['description']
+ selection['spec_specification_url'] = spec['specification_url']
+
+ test_filename = test_file_path_pattern % selection
+ test_headers_filename = test_filename + ".headers"
+ test_directory = os.path.dirname(test_filename)
+ full_path = os.path.join(spec_directory, test_directory)
+
+ test_html_template = get_template(test_html_template_basename)
+ test_js_template = get_template("test.js.template")
+ disclaimer_template = get_template('disclaimer.template')
+ test_description_template = get_template("test_description.template")
+
+ html_template_filename = os.path.join(template_directory,
+ test_html_template_basename)
+ generated_disclaimer = disclaimer_template \
+ % {'generating_script_filename': os.path.relpath(__file__,
+ test_root_directory),
+ 'html_template_filename': os.path.relpath(html_template_filename,
+ test_root_directory)}
+
+ selection['generated_disclaimer'] = generated_disclaimer.rstrip()
+ test_description_template = \
+ test_description_template.rstrip().replace("\n", "\n" + " " * 33)
+ selection['test_description'] = test_description_template % selection
+
+ # Adjust the template for the test invoking JS. Indent it to look nice.
+ indent = "\n" + " " * 6;
+ test_js_template = indent + test_js_template.replace("\n", indent);
+ selection['test_js'] = test_js_template % selection
+
+ # Directory for the test files.
+ try:
+ os.makedirs(full_path)
+ except:
+ pass
+
+ # TODO(kristijanburnik): Implement the opt-in-method here.
+ opt_in_method = selection['opt_in_method']
+ selection['meta_opt_in'] = ''
+ if opt_in_method == 'meta-csp':
+ selection['meta_opt_in'] = '\n <meta http-equiv="Content-Security-Policy" ' + \
+ 'content="block-all-mixed-content">'
+ elif opt_in_method == 'http-csp':
+ opt_in_headers = "Content-Security-Policy: block-all-mixed-content\n"
+ write_file(test_headers_filename, opt_in_headers)
+ elif opt_in_method == 'no-opt-in':
+ pass
+ else:
+ raise ValueError("Invalid opt_in_method %s" % opt_in_method)
+
+ # Write out the generated HTML file.
+ write_file(test_filename, test_html_template % selection)
+
+def generate_test_source_files(spec_json, target):
+ test_expansion_schema = spec_json['test_expansion_schema']
+ specification = spec_json['specification']
+
+ spec_json_js_template = get_template('spec_json.js.template')
+ write_file(generated_spec_json_filename,
+ spec_json_js_template % {'spec_json': json.dumps(spec_json)})
+
+ # Choose a debug/release template depending on the target.
+ html_template = "test.%s.html.template" % target
+
+ artifact_order = test_expansion_schema.keys() + ['name']
+
+ # Create list of excluded tests.
+ exclusion_dict = {}
+ for excluded_pattern in spec_json['excluded_tests']:
+ excluded_expansion = \
+ expand_pattern(excluded_pattern,
+ test_expansion_schema)
+ for excluded_selection in permute_expansion(excluded_expansion, artifact_order):
+ excluded_selection_path = selection_pattern % excluded_selection
+ exclusion_dict[excluded_selection_path] = True
+
+ for spec in specification:
+ for expansion_pattern in spec['test_expansion']:
+ expansion = expand_pattern(expansion_pattern,
+ test_expansion_schema)
+ for selection in permute_expansion(expansion, artifact_order):
+ selection_path = selection_pattern % selection
+ if not selection_path in exclusion_dict:
+ generate_selection(selection,
+ spec,
+ html_template)
+ else:
+ print 'Excluding selection:', selection_path
+
+
+def main(target, spec_filename):
+ spec_json = load_spec_json(spec_filename);
+ spec_validator.assert_valid_spec_json(spec_json)
+ generate_test_source_files(spec_json, target)
+
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser(description='Test suite generator utility')
+ parser.add_argument('-t', '--target', type = str,
+ choices = ("release", "debug"), default = "release",
+ help = 'Sets the appropriate template for generating tests')
+ parser.add_argument('-s', '--spec', type = str, default = None,
+ help = 'Specify a file used for describing and generating the tests')
+ # TODO(kristijanburnik): Add option for the spec_json file.
+ args = parser.parse_args()
+ main(args.target, args.spec)
diff --git a/testing/web-platform/tests/mixed-content/generic/tools/regenerate b/testing/web-platform/tests/mixed-content/generic/tools/regenerate
new file mode 100755
index 000000000..e6bd63519
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/tools/regenerate
@@ -0,0 +1,3 @@
+#!/bin/bash
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+python $DIR/clean.py && python $DIR/generate.py
diff --git a/testing/web-platform/tests/mixed-content/generic/tools/spec_validator.py b/testing/web-platform/tests/mixed-content/generic/tools/spec_validator.py
new file mode 100755
index 000000000..a6acc1040
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/tools/spec_validator.py
@@ -0,0 +1,159 @@
+#!/usr/bin/env python
+
+import json, sys
+from common_paths import *
+
+def assert_non_empty_string(obj, field):
+ assert field in obj, 'Missing field "%s"' % field
+ assert isinstance(obj[field], basestring), \
+ 'Field "%s" must be a string' % field
+ assert len(obj[field]) > 0, 'Field "%s" must not be empty' % field
+
+
+def assert_non_empty_list(obj, field):
+ assert isinstance(obj[field], list), \
+ '%s must be a list' % field
+ assert len(obj[field]) > 0, \
+ '%s list must not be empty' % field
+
+
+def assert_non_empty_dict(obj, field):
+ assert isinstance(obj[field], dict), \
+ '%s must be a dict' % field
+ assert len(obj[field]) > 0, \
+ '%s dict must not be empty' % field
+
+
+def assert_contains(obj, field):
+ assert field in obj, 'Must contain field "%s"' % field
+
+
+def assert_string_from(obj, field, items):
+ assert obj[field] in items, \
+ 'Field "%s" must be from: %s' % (field, str(items))
+
+
+def assert_string_or_list_items_from(obj, field, items):
+ if isinstance(obj[field], basestring):
+ assert_string_from(obj, field, items)
+ return
+
+ assert isinstance(obj[field], list), "%s must be a list!" % field
+ for allowed_value in obj[field]:
+ assert allowed_value != '*', "Wildcard is not supported for lists!"
+ assert allowed_value in items, \
+ 'Field "%s" must be from: %s' % (field, str(items))
+
+
+def assert_contains_only_fields(obj, expected_fields):
+ for expected_field in expected_fields:
+ assert_contains(obj, expected_field)
+
+ for actual_field in obj:
+ assert actual_field in expected_fields, \
+ 'Unexpected field "%s".' % actual_field
+
+
+def assert_value_unique_in(value, used_values):
+ assert value not in used_values, 'Duplicate value "%s"!' % str(value)
+ used_values[value] = True
+
+
+def assert_valid_artifact(exp_pattern, artifact_key, schema):
+ if isinstance(schema, list):
+ assert_string_or_list_items_from(exp_pattern, artifact_key,
+ ["*"] + schema)
+ return
+
+ for sub_artifact_key, sub_schema in schema.iteritems():
+ assert_valid_artifact(exp_pattern[artifact_key], sub_artifact_key,
+ sub_schema)
+
+def validate(spec_json, details):
+ """ Validates the json specification for generating tests. """
+
+ details['object'] = spec_json
+ assert_contains_only_fields(spec_json, ["specification",
+ "test_expansion_schema",
+ "excluded_tests"])
+ assert_non_empty_list(spec_json, "specification")
+ assert_non_empty_dict(spec_json, "test_expansion_schema")
+ assert_non_empty_list(spec_json, "excluded_tests")
+
+ specification = spec_json['specification']
+ test_expansion_schema = spec_json['test_expansion_schema']
+ excluded_tests = spec_json['excluded_tests']
+
+ valid_test_expansion_fields = ['name'] + test_expansion_schema.keys()
+
+ # Validate each single spec.
+ for spec in specification:
+ details['object'] = spec
+
+ # Validate required fields for a single spec.
+ assert_contains_only_fields(spec, ['name',
+ 'title',
+ 'description',
+ 'specification_url',
+ 'test_expansion'])
+ assert_non_empty_string(spec, 'name')
+ assert_non_empty_string(spec, 'title')
+ assert_non_empty_string(spec, 'description')
+ assert_non_empty_string(spec, 'specification_url')
+ assert_non_empty_list(spec, 'test_expansion')
+
+ # Validate spec's test expansion.
+ used_spec_names = {}
+
+ for spec_exp in spec['test_expansion']:
+ details['object'] = spec_exp
+ assert_non_empty_string(spec_exp, 'name')
+ # The name is unique in same expansion group.
+ assert_value_unique_in((spec_exp['expansion'], spec_exp['name']),
+ used_spec_names)
+ assert_contains_only_fields(spec_exp, valid_test_expansion_fields)
+
+ for artifact in test_expansion_schema:
+ details['test_expansion_field'] = artifact
+ assert_valid_artifact(spec_exp, artifact,
+ test_expansion_schema[artifact])
+ del details['test_expansion_field']
+
+ # Validate the test_expansion schema members.
+ details['object'] = test_expansion_schema
+ assert_contains_only_fields(test_expansion_schema, ['expansion',
+ 'source_scheme',
+ 'opt_in_method',
+ 'context_nesting',
+ 'redirection',
+ 'subresource',
+ 'origin',
+ 'expectation'])
+ # Validate excluded tests.
+ details['object'] = excluded_tests
+ for excluded_test_expansion in excluded_tests:
+ assert_contains_only_fields(excluded_test_expansion,
+ valid_test_expansion_fields)
+
+
+ del details['object']
+
+
+def assert_valid_spec_json(spec_json):
+ error_details = {}
+ try:
+ validate(spec_json, error_details)
+ except AssertionError, err:
+ print 'ERROR:', err.message
+ print json.dumps(error_details, indent=4)
+ sys.exit(1)
+
+
+def main():
+ spec_json = load_spec_json();
+ assert_valid_spec_json(spec_json)
+ print "Spec JSON is valid."
+
+
+if __name__ == '__main__':
+ main()
diff --git a/testing/web-platform/tests/mixed-content/generic/worker.js b/testing/web-platform/tests/mixed-content/generic/worker.js
new file mode 100644
index 000000000..7e2168bcc
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/generic/worker.js
@@ -0,0 +1 @@
+postMessage('done');
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..ac620c107
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..abc81b301
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..27c67b081
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1816b4231
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..509fc3475
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..61baeee79
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..743515ed3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..88a54250a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..2098a60b6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..029d34c4f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..c72ca267f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b50a7b70a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..5fd63aa6d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..e6f742213
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..522e94420
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..ad615e9b2
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b6f92431a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..580f4b549
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..fa8bd8a1f
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..685f34582
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..ab0378461
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..8b64104bd
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..abe3385b0
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..78d9f8d5d
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: http-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "http-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
new file mode 100644
index 000000000..46e2255e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..283c34207
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..684d2449a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..7f5cc2955
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..a181ecd38
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..1c65507b4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..b05dff3b3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..28003d9a1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
new file mode 100644
index 000000000..05f1890c9
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: meta-csp
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: blocked">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "meta-csp",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "blocked"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..15fe5d2af
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..2da4a2b93
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..8b610ada7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..5a7bdc3b5
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..6c0a9f5e6
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..c9ffbfd0c
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..766298614
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..5bcce0017
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..312303234
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..561a2f7c1
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..e02134b4a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..f90575c13
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: cross-origin-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "cross-origin-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..cd4d8a52e
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..20d31cf69
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..2ed233dc8
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: audio-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "audio-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..aab662fc3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..6f0a8fded
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..f55cce437
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: img-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "img-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..26c765720
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..582f6c63a
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..a7feabccb
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: link-prefetch-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "link-prefetch-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..68bfc2b84
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: keep-scheme-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "keep-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..2e5eff5a7
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: no-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "no-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
new file mode 100644
index 000000000..8c5bd7b08
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Mixed-Content: Optionally-blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of optionally-blockable content">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+ <meta name="assert" content="opt_in_method: no-opt-in
+ origin: same-host-http
+ source_scheme: https
+ context_nesting: top-level
+ redirection: swap-scheme-redirect
+ subresource: video-tag
+ expectation: allowed">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/mixed-content/generic/common.js"></script>
+ <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ MixedContentTestCase(
+ {
+ "opt_in_method": "no-opt-in",
+ "origin": "same-host-http",
+ "source_scheme": "https",
+ "context_nesting": "top-level",
+ "redirection": "swap-scheme-redirect",
+ "subresource": "video-tag",
+ "expectation": "allowed"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/mixed-content/spec.src.json b/testing/web-platform/tests/mixed-content/spec.src.json
new file mode 100644
index 000000000..3f1540ab4
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/spec.src.json
@@ -0,0 +1,258 @@
+{
+ "specification": [
+ {
+ "name": "optionally-blockable",
+ "title": "Optionally-blockable content",
+ "description": "Test behavior of optionally-blockable content",
+ "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable",
+ "test_expansion": [
+ {
+ "name": "opt-in-blocks",
+ "expansion": "default",
+ "source_scheme": "https",
+ "opt_in_method": ["http-csp", "meta-csp"],
+ "context_nesting": "top-level",
+ "redirection": "*",
+ "subresource": {
+ "blockable": [],
+ "optionally-blockable": "*"
+ },
+ "origin": ["cross-origin-http", "same-host-http"],
+ "expectation": "blocked"
+ },
+ {
+ "name": "no-opt-in-allows",
+ "expansion": "default",
+ "source_scheme": "https",
+ "opt_in_method": "no-opt-in",
+ "context_nesting": "top-level",
+ "redirection": "*",
+ "subresource": {
+ "blockable": [],
+ "optionally-blockable": "*"
+ },
+ "origin": ["cross-origin-http", "same-host-http"],
+ "expectation": "allowed"
+ }
+ ]
+ },
+ {
+ "name": "blockable",
+ "title": "Blockable content",
+ "description": "Test behavior of blockable content.",
+ "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable",
+ "test_expansion": [
+ {
+ "name": "opt-in-blocks",
+ "expansion": "default",
+ "source_scheme": "https",
+ "opt_in_method": ["http-csp", "meta-csp"],
+ "context_nesting": "top-level",
+ "redirection": "*",
+ "subresource": {
+ "blockable": "*",
+ "optionally-blockable": []
+ },
+ "origin": ["cross-origin-http", "same-host-http"],
+ "expectation": "blocked"
+ },
+ {
+ "name": "no-opt-in-blocks",
+ "expansion": "default",
+ "source_scheme": "https",
+ "opt_in_method": "no-opt-in",
+ "context_nesting": "top-level",
+ "redirection": "*",
+ "subresource": {
+ "blockable": "*",
+ "optionally-blockable": []
+ },
+ "origin": ["cross-origin-http", "same-host-http"],
+ "expectation": "blocked"
+ },
+ {
+ "name": "ws-downgrade-blocks",
+ "expansion": "default",
+ "source_scheme": "https",
+ "opt_in_method": ["no-opt-in", "http-csp", "meta-csp"],
+ "context_nesting": "top-level",
+ "redirection": "*",
+ "subresource": {
+ "blockable": "websocket-request",
+ "optionally-blockable": []
+ },
+ "origin": ["cross-origin-ws", "same-host-ws"],
+ "expectation": "blocked"
+ }
+ ]
+ },
+ {
+ "name": "allowed",
+ "title": "Allowed content",
+ "description": "Test behavior of allowed content.",
+ "specification_url": "http://www.w3.org/TR/mixed-content/",
+ "test_expansion": [
+ {
+ "name": "allowed",
+ "expansion": "default",
+ "source_scheme": "https",
+ "opt_in_method": "*",
+ "context_nesting": "top-level",
+ "redirection": ["no-redirect", "keep-scheme-redirect"],
+ "subresource": {
+ "blockable": "*",
+ "optionally-blockable": "*"
+ },
+ "origin": ["same-host-https"],
+ "expectation": "allowed"
+ },
+ {
+ "name": "websocket-allowed",
+ "expansion": "default",
+ "source_scheme": "https",
+ "opt_in_method": "*",
+ "context_nesting": "top-level",
+ "redirection": ["no-redirect", "keep-scheme-redirect"],
+ "subresource": {
+ "blockable": "websocket-request",
+ "optionally-blockable": []
+ },
+ "origin": ["same-host-wss"],
+ "expectation": "allowed"
+ }
+ ]
+ }
+ ],
+
+ "excluded_tests": [
+ {
+ "name": "Redundant-subresources",
+ "expansion": "*",
+ "source_scheme": "*",
+ "opt_in_method": "*",
+ "context_nesting": "*",
+ "redirection": "*",
+ "subresource": {
+ "blockable": [
+ "a-tag"
+ ],
+ "optionally-blockable": []
+ },
+ "origin": "*",
+ "expectation": "*"
+ },
+ {
+ "name": "Skip-origins-not-applicable-to-websockets",
+ "expansion": "*",
+ "source_scheme": "*",
+ "opt_in_method": "*",
+ "context_nesting": "*",
+ "redirection": "*",
+ "subresource": {
+ "blockable": [
+ "websocket-request"
+ ],
+ "optionally-blockable": []
+ },
+ "origin": [
+ "same-host-https",
+ "same-host-http",
+ "cross-origin-https",
+ "cross-origin-http"
+ ],
+ "expectation": "*"
+ },
+ {
+ "name": "TODO-opt-in-method-img-cross-origin",
+ "expansion": "*",
+ "source_scheme": "*",
+ "opt_in_method": "img-crossorigin",
+ "context_nesting": "*",
+ "redirection": "*",
+ "subresource": {
+ "blockable": "*",
+ "optionally-blockable": "*"
+ },
+ "origin": "*",
+ "expectation": "*"
+ },
+ {
+ "name": "Skip-redundant-for-opt-in-method",
+ "expansion": "*",
+ "source_scheme": "*",
+ "opt_in_method": [
+ "meta-csp",
+ "img-crossorigin"
+ ],
+ "context_nesting": "*",
+ "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"],
+ "subresource": {
+ "blockable": "*",
+ "optionally-blockable": "*"
+ },
+ "origin": "*",
+ "expectation": "*"
+ }
+ ],
+
+ "test_expansion_schema": {
+ "expansion": [
+ "default",
+ "override"
+ ],
+ "source_scheme": [
+ "http",
+ "https"
+ ],
+ "opt_in_method": [
+ "no-opt-in",
+ "http-csp",
+ "meta-csp",
+ "img-crossorigin"
+ ],
+ "redirection": [
+ "no-redirect",
+ "keep-scheme-redirect",
+ "swap-scheme-redirect"
+ ],
+ "context_nesting": [
+ "top-level",
+ "sub-level"
+ ],
+ "origin": [
+ "same-host-https",
+ "same-host-http",
+ "cross-origin-https",
+ "cross-origin-http",
+ "same-host-wss",
+ "same-host-ws",
+ "cross-origin-wss",
+ "cross-origin-ws"
+ ],
+ "subresource": {
+ "blockable": [
+ "iframe-tag",
+ "script-tag",
+ "link-css-tag",
+ "form-tag",
+ "xhr-request",
+ "worker-request",
+ "fetch-request",
+ "a-tag",
+ "object-tag",
+ "picture-tag",
+ "websocket-request"
+ ],
+ "optionally-blockable": [
+ "img-tag",
+ "audio-tag",
+ "video-tag",
+ "link-prefetch-tag"
+ ]
+ },
+ "expectation": [
+ "allowed",
+ "blocked"
+ ]
+ }
+}
diff --git a/testing/web-platform/tests/mixed-content/spec_json.js b/testing/web-platform/tests/mixed-content/spec_json.js
new file mode 100644
index 000000000..5de1b17e3
--- /dev/null
+++ b/testing/web-platform/tests/mixed-content/spec_json.js
@@ -0,0 +1 @@
+var SPEC_JSON = {"test_expansion_schema": {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http", "same-host-wss", "same-host-ws", "cross-origin-wss", "cross-origin-ws"], "subresource": {"blockable": ["iframe-tag", "script-tag", "link-css-tag", "form-tag", "xhr-request", "worker-request", "fetch-request", "a-tag", "object-tag", "picture-tag", "websocket-request"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag", "link-prefetch-tag"]}, "context_nesting": ["top-level", "sub-level"], "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme-redirect", "swap-scheme-redirect"], "opt_in_method": ["no-opt-in", "http-csp", "meta-csp", "img-crossorigin"], "source_scheme": ["http", "https"]}, "specification": [{"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-allows", "redirection": "*", "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-ws", "same-host-ws"], "name": "ws-downgrade-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["no-opt-in", "http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"origin": ["same-host-https"], "name": "allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": ["same-host-wss"], "name": "websocket-allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "excluded_tests": [{"origin": "*", "name": "Redundant-subresources", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag"], "optionally-blockable": []}}, {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http"], "name": "Skip-origins-not-applicable-to-websockets", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["websocket-request"], "optionally-blockable": []}}, {"origin": "*", "name": "TODO-opt-in-method-img-cross-origin", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "img-crossorigin", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": "*", "name": "Skip-redundant-for-opt-in-method", "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": ["meta-csp", "img-crossorigin"], "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}]};