third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.html

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
    <script src="/js-test-resources/js-test.js"></script>
    <script src="../resources/securitypolicyviolation-test.js"></script>
    <script>
        description('Check that a SecurityPolicyViolationEvent strips detail from cross-origin blocked URLs.');

        var expectations = {
            'documentURI': document.location.toString(),
            'referrer': document.referrer,
            'blockedURI': 'http://localhost:8000/security/resources/abe.png',
            'violatedDirective': 'img-src',
            'effectiveDirective': 'img-src',
            'originalPolicy': 'img-src \'none\'',
            'disposition': 'enforce',
            'sourceFile': '',
            'lineNumber': 0,
            'columnNumber': 0,
            'statusCode': 200,
        };

        function run() {
            var img = document.createElement('img');
            img.src = 'http://localhost:8000/security/resources/abe.png';
            document.body.appendChild(img);
        }
    </script>
</head>
<body>
</body>
</html>