| frame "<!--frame1-->" - didStartProvisionalLoadForFrame |
| main frame - didFinishDocumentLoadForFrame |
| frame "<!--frame1-->" - didCommitLoadForFrame |
| frame "<!--frame2-->" - didStartProvisionalLoadForFrame |
| frame "<!--frame2-->" - didCommitLoadForFrame |
| frame "<!--frame2-->" - didFinishDocumentLoadForFrame |
| frame "<!--frame2-->" - didHandleOnloadEventsForFrame |
| frame "<!--frame2-->" - didFinishLoadForFrame |
| frame "<!--frame2-->" - willPerformClientRedirectToURL: javascript:document.write('%3Cimg%20src=%22http://127.0.0.1:8000/security/resources/compass.jpg%22%3E'); |
| frame "<!--frame1-->" - didFinishDocumentLoadForFrame |
| CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/resources/compass.jpg because 'block-all-mixed-content' appears in the Content Security Policy. |
| frame "<!--frame1-->" - didFinishLoadForFrame |
| main frame - didFinishLoadForFrame |
| This test loads a secure iframe that loads an insecure image inside a JavaScript URL iframe. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content and a JavaScript URL executes in the same origin as its embedding document. |
| |
| |
| |
| -------- |
| Frame: '<!--frame1-->' |
| -------- |
| |
| |
| -------- |
| Frame: '<!--frame2-->' |
| -------- |
| |