4 <script src="/js-test-resources/js-test.js"></script>
5 <script>window.test_count = 8;</script>
6 <script src="resources/link-crossorigin-common.js"></script>
9 <p>Test that a linked stylesheet with a crossorigin attribute does not load a cross-origin resource that isn't CORS enabled.</p>
10 <link crossorigin="anonymous" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?1" onload="fail()" onerror="pass()">
11 <link crossorigin="use-credentials" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?2" onload="fail()" onerror="pass()">
12 <!-- Check that from-cache loads are also failing (and does not generate separate loads.) -->
13 <link crossorigin="anonymous" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?1" onload="fail()" onerror="pass()">
14 <link crossorigin="use-credentials" rel="stylesheet" href="http://localhost:8080/security/resources/green-background.css?2" onload="fail()" onerror="pass()">
15 <!-- These are same-origin and should load as the fetch wasn't out of origin -->
16 <link crossorigin="anonymous" rel="stylesheet" href="resources/green-background.css?3" onload="pass()" onerror="fail()">
17 <link crossorigin="use-credentials" rel="stylesheet" href="resources/green-background.css?4" onload="pass()" onerror="fail()">
21 // Test that dynamically inserted <link> elements are handled the same way.
22 var link = document.createElement("link");
23 link.rel = "stylesheet";
24 link.crossOrigin = "anonymous";
27 link.href = "http://localhost:8080/security/resources/green-background.css?8";
28 document.body.appendChild(link);
30 link = document.createElement("link");
31 link.rel = "stylesheet";
32 link.crossOrigin = "use-credentials";
35 link.href = "http://localhost:8080/security/resources/green-background.css?9";
36 document.body.appendChild(link);
38 window.onload = runTest;