Use normal loading path for ping loads
[WebKit-https.git] / LayoutTests / platform / wk2 / http / tests / security / contentSecurityPolicy / block-all-mixed-content / insecure-css-in-iframe-report-only-expected.txt
1 main frame - didFinishDocumentLoadForFrame
2 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
3 frame "<!--frame1-->" - didCommitLoadForFrame
4 CONSOLE MESSAGE: [Report Only] Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/style.css because 'block-all-mixed-content' appears in the Content Security Policy.
5 CONSOLE MESSAGE: line 9: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php was not allowed to run insecure content from http://127.0.0.1:8000/security/mixedContent/resources/style.css.
6
7 frame "<!--frame1-->" - willPerformClientRedirectToURL: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php 
8 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
9 main frame - didHandleOnloadEventsForFrame
10 frame "<!--frame1-->" - didFinishLoadForFrame
11 frame "<!--frame1-->" - didStartProvisionalLoadForFrame
12 frame "<!--frame1-->" - didCancelClientRedirectForFrame
13 frame "<!--frame1-->" - didCommitLoadForFrame
14 frame "<!--frame1-->" - didFinishDocumentLoadForFrame
15 frame "<!--frame1-->" - didHandleOnloadEventsForFrame
16 frame "<!--frame1-->" - didFinishLoadForFrame
17 main frame - didFinishLoadForFrame
18 This test loads a secure iframe that loads an insecure stylesheet. We should trigger a mixed content block even though the child frame has a report only CSP block-all-mixed-content directive because an active network attacker can use CSS3 to breach the confidentiality of the HTTPS security origin.
19
20
21
22 --------
23 Frame: '<!--frame1-->'
24 --------
25 CSP report received:
26 CONTENT_TYPE: application/csp-report
27 HTTP_HOST: 127.0.0.1:8443
28 HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php
29 REQUEST_METHOD: POST
30 REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php
31 === POST DATA ===
32 {"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php","blocked-uri":"http://127.0.0.1:8000","status-code":0}}