blob: 7cf3c6381092dd762fcf11d266529194c88a7d9f [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<style>
#clear-left {
clear: left;
font: 20px/1 Ahem, sans-serif;
color: green;
}
#clear-left > div {
float: left;
width: 200px;
height: 20px;
}
/* blocked because the URL's port number doesn't match this document's origin. */
#shape-outside-block-origin {
-webkit-shape-outside: url("http://localhost:8080/resources/square100.png");
}
/* Access is OK because the URL and this document have the same origin. */
#shape-outside-same-origin {
-webkit-shape-outside: url("/resources/square100.png");
}
/* DataURL Access is OK, as it is with Canvas. */
#shape-outside-data-url {
-webkit-shape-outside: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='100px' height='20px'><rect width='200' height='20' fill='blue'/></svg>");
}
/* Cross-origin request is OK because the "Access-Control-Allow-Origin: *" is returned. */
#shape-outside-allow-origin-url {
-webkit-shape-outside: url("http://localhost:8080/security/resources/image-access-control.py?file=../../resources/square100.png&allow=true");
}
/* Cross-origin request is not OK because a "Access-Control-Allow-Origin:" header is not returned. */
#shape-outside-disallow-origin-url {
-webkit-shape-outside: url("http://localhost:8080/security/resources/image-access-control.py?file=../../resources/square100.png&allow=false");
}
</style>
</head>
<body>
<p>Verify that images not allowed by CORS don't affect the layout and that same-origin images, data URLs, and images with a "Access-Control-Allow-Origin: *" header do define the layout.</p>
<div id="clear-left"><div id="shape-outside-block-origin"></div>X</div>
<div id="clear-left"><div id="shape-outside-same-origin"></div>X</div>
<div id="clear-left"><div id="shape-outside-data-url"></div>X</div>
<div id="clear-left"><div id="shape-outside-allow-origin-url"></div>X</div>
<div id="clear-left"><div id="shape-outside-disallow-origin-url"></div>X</div>
</body>
</html>