blob: b43ea5f1cf982d74d852d1e205adade72ea45c6e [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="../../../resources/testharness.js"></script>
<script src="../../../resources/testharnessreport.js"></script>
<link rel="stylesheet"
href="resources/redir.php?url=http://localhost:8000/security/resources/cssStyle.css">
<link rel="stylesheet"
href="http://localhost:8000/security/resources/redir.php?url=http://127.0.0.1:8000/security/resources/cssStyle.css">
<script>
test(() => {
var sheet1 = document.styleSheets[0];
assert_throws("SecurityError", () => {
sheet1.cssRules;
});
assert_throws("SecurityError", () => {
sheet1.rules;
});
}, "Can't access Cross-Origin sheets that were redirected to from Same-Origin");
test(() => {
var sheet2 = document.styleSheets[1];
assert_throws("SecurityError", () => {
sheet2.cssRules;
});
assert_throws("SecurityError", () => {
sheet2.rules;
});
}, "Can't access Same-Origin sheets that were redirected to from Cross-Origin");
</script>
</head>
<body>
<p>This test whether a script can read the rules from a cross-origin style
sheet in the presence of redirects. For more information on why we block
this, please see
<a href="https://bugs.webkit.org/show_bug.cgi?id=20527">https://bugs.webkit.org/show_bug.cgi?id=20527</a>.
</p>
</body>
</html>