third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/html5-import-CORS-expected.txt - chromium/src - Git at Google

 CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3clink%20rel=%22import%22%20href=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%22%3e' because its source code was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header.

 This test passes if the XSSAuditor blocks the load prior to the CORS restriction kicking in. We've not bothered to enable CORS for this test, unlike what a real attacker would do, so a CORS error here means failure.
	CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3clink%20rel=%22import%22%20href=%22http://127.0.0.1:8000/security/xssAuditor/resources/xss.js%22%3e' because its source code was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header.

	This test passes if the XSSAuditor blocks the load prior to the CORS restriction kicking in. We've not bothered to enable CORS for this test, unlike what a real attacker would do, so a CORS error here means failure.