third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-redirect-anonymous.html - chromium/src - Git at Google

 <!DOCTYPE HTML>
 <script src="/js-test-resources/js-test.js"></script>
 <script>
 description("Testing the handling of CORS-enabled fetch in the presence of 'anonymous' redirects.");

 // Explain the short form descriptions ('=>' representing the redirect.)
 debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
 debug("");

 var redirect_cors = "anonymous";

 window.jsTestIsAsync = true;
 if (window.testRunner)
     testRunner.dumpAsText();

 function finish() {
     if (window.testRunner)
         finishJSTest();
 }

 function fail() {
     debug("FAIL: " + this.description);
     runNextTest();
 }

 function pass() {
     debug("PASS: " + this.description);
     runNextTest();
 }
 var tests = [
     { description: "Anonymous request: anonymous => no-CORS image resource.",
       url: "http://localhost:8000/security/resources/abe.png",
       // Redirect is allowed, but fails access check on the non-CORS resource.
       success: false,
       access: "anonymous"},
     { description: "Anonymous request: anonymous => anonymous-CORS image resource.",
       url: "http://localhost:8000/security/resources/abe-allow-star.php",
       // Redirect is allowed, and passes access check on the CORS resource.
       success: true,
       access: "anonymous"},
     { description: "Credentialled request: anonymous => credentialled image resource (same origin.)",
       url: "http://localhost:8000/security/resources/abe-allow-credentials.php",
       // Redirect is not allowed ('*' on the CORS redirect response), no access.
       success: false,
       access: "use-credentials"},
     { description: "Credentialled request: anonymous => credentialled image resource (cross origin.)",
       url: "http://127.0.0.1:8000/security/resources/abe-allow-credentials.php",
       // Redirect is not allowed ('*' on the CORS redirect response), no access.
       success: false,
       access: "use-credentials"},
     ];

 function runNextTest() {
     if (!tests.length) {
 	finish();
 	return;
     }
     var test = tests.shift();
     var img = new Image();
     img.onload = test.success ? pass : fail;
     img.onerror = test.success ? fail : pass;
     img.crossOrigin = test.access;
     img.description = test.description;
     var args = [ "mode=" + redirect_cors,
 		 "url=" + test.url];
     img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
     document.body.appendChild(img);
 }
 window.onload = runNextTest;
 </script>
	<!DOCTYPE HTML>
	<script src="/js-test-resources/js-test.js"></script>
	<script>
	description("Testing the handling of CORS-enabled fetch in the presence of 'anonymous' redirects.");

	// Explain the short form descriptions ('=>' representing the redirect.)
	debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
	debug("");

	var redirect_cors = "anonymous";

	window.jsTestIsAsync = true;
	if (window.testRunner)
	testRunner.dumpAsText();

	function finish() {
	if (window.testRunner)
	finishJSTest();
	}

	function fail() {
	debug("FAIL: " + this.description);
	runNextTest();
	}

	function pass() {
	debug("PASS: " + this.description);
	runNextTest();
	}
	var tests = [
	{ description: "Anonymous request: anonymous => no-CORS image resource.",
	url: "http://localhost:8000/security/resources/abe.png",
	// Redirect is allowed, but fails access check on the non-CORS resource.
	success: false,
	access: "anonymous"},
	{ description: "Anonymous request: anonymous => anonymous-CORS image resource.",
	url: "http://localhost:8000/security/resources/abe-allow-star.php",
	// Redirect is allowed, and passes access check on the CORS resource.
	success: true,
	access: "anonymous"},
	{ description: "Credentialled request: anonymous => credentialled image resource (same origin.)",
	url: "http://localhost:8000/security/resources/abe-allow-credentials.php",
	// Redirect is not allowed ('*' on the CORS redirect response), no access.
	success: false,
	access: "use-credentials"},
	{ description: "Credentialled request: anonymous => credentialled image resource (cross origin.)",
	url: "http://127.0.0.1:8000/security/resources/abe-allow-credentials.php",
	// Redirect is not allowed ('*' on the CORS redirect response), no access.
	success: false,
	access: "use-credentials"},
	];

	function runNextTest() {
	if (!tests.length) {
	finish();
	return;
	}
	var test = tests.shift();
	var img = new Image();
	img.onload = test.success ? pass : fail;
	img.onerror = test.success ? fail : pass;
	img.crossOrigin = test.access;
	img.description = test.description;
	var args = [ "mode=" + redirect_cors,
	"url=" + test.url];
	img.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
	document.body.appendChild(img);
	}
	window.onload = runNextTest;
	</script>