blob: a5a3f74a2fed2ce592d29d3a873e019eff127426 [file] [log] [blame]
<?php
header("Content-Security-Policy: img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php");
?>
<!DOCTYPE html>
<html>
<body>
<script>
if (window.testRunner) {
testRunner.waitUntilDone();
testRunner.dumpAsText();
testRunner.setStatisticsShouldDowngradeReferrer(false, function () {
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://localhost:8080/cookies/resources/setCookies.cgi", false);
xhr.setRequestHeader("SET-COOKIE", "hello=world;path=/");
xhr.send(null);
// This image will generate a CSP violation report.
let imgElement = document.createElement("img");
imgElement.onload = imgElement.onerror = function () {
window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
};
imgElement.src = "/security/resources/abe.png";
document.body.appendChild(imgElement);
});
}
</script>
</body>
</html>