4 <script src="../../../resources/testharness.js"></script>
5 <script src="../../../resources/testharnessreport.js"></script>
6 <link rel="help" "https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/imports/index.html#imported-document" />
8 <link id="cors-same" rel="import" href="http://localhost:8000/security/resources/cors-redir.php?url=http://127.0.0.1:8000/htmlimports/resources/hello.html">
12 function assert_loaded(id)
14 var target = document.getElementById(id);
15 assert_true(target.import instanceof Document)
16 assert_true(0 <= target.import.querySelector("h1").innerHTML.indexOf("Hello"));
19 function assert_not_loaded(id)
21 var target = document.getElementById(id);
22 assert_equals(target.import, null);
25 // Redirect passes CORS check, but the redirect is to another origin (hence a unique origin must be used.) This does not pass the final access control check.
26 test(function() { assert_not_loaded("cors-same"); }, "Accessing to a same origin import including CORS domain redirect");