| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.dumpChildFramesAsText(); |
| testRunner.dumpFrameLoadCallbacks(); |
| } |
| </script> |
| </head> |
| <body> |
| <p>This test loads a secure iframe that loads an insecure image. We should trigger a |
| mixed content block because the child frame inherited the CSP directive block-all-mixed-content |
| from the main frame.</p> |
| <iframe src="https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image.html"></iframe> |
| </body> |
| </html> |