| <!DOCTYPE html> |
| <html> |
| <body> |
| <script src="/js-test-resources/js-test.js"></script> |
| <script> |
| if (window.testRunner) { |
| testRunner.setHandlesAuthenticationChallenges(true); |
| testRunner.setAuthenticationUsername("testUser"); |
| testRunner.setAuthenticationPassword("testPassword"); |
| } |
| |
| window.jsTestIsAsync = true; |
| |
| function pass() |
| { |
| testPassed("did not load image."); |
| finishJSTest(); |
| } |
| |
| function fail() |
| { |
| testFailed("did load image."); |
| finishJSTest(); |
| } |
| |
| function runTest() |
| { |
| // Load the image programmatically instead of declaratively to avoid output flakiness caused by |
| // the preload scanner performing mixed content checks as part of preloading the image. |
| let image = new Image; |
| image.onload = fail; |
| image.onerror = pass; |
| image.src = "https://127.0.0.1:8443/resources/redirect.php?url=http%3A//127.0.0.1%3A8080/resources/redirect.php%3Furl%3Dhttps%3A//localhost%3A8443/security/mixedContent/resources/subresource/protected-image.php"; |
| document.body.appendChild(image); |
| } |
| |
| window.onload = runTest; |
| </script> |
| <script> |
| description("This test loads a secure image that redirects to an insecure image that redirects to a secure image guarded by basic authentication. The secure image should be blocked because it requires credentials and was loaded via an insecure redirect."); |
| </script> |
| </body> |
| </html> |
