2 <p>Test that a subresource with a crossorigin attribute does not load a cross-origin resource that isn't CORS enabled.</p>
4 <script src="resources/link-crossorigin-common.js"></script>
5 <link crossorigin="anonymous" rel="subresource" href="http://localhost:8000/security/resources/abe.png?1" onload="fail()" onerror="pass()">
6 <link crossorigin="use-credentials" rel="subresource" href="http://localhost:8000/security/resources/abe.png?2" onload="fail()" onerror="pass()">
8 // Test that dynamically inserted <link> elements are handled the same way.
9 var link = document.createElement("link");
10 link.rel = "subresource";
11 link.crossOrigin = "anonymous";
14 link.href = "http://localhost:8000/security/resources/abe.png?3";
15 document.body.appendChild(link);
17 link = document.createElement("link");
18 link.rel = "subresource";
19 link.crossOrigin = "use-credentials";
22 link.href = "http://localhost:8000/security/resources/abe.png?4";
23 document.body.appendChild(link);