| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="../../../resources/testharness.js"></script> |
| <script src="../../../resources/testharnessreport.js"></script> |
| <link rel="stylesheet" |
| href="resources/redir.php?url=http://localhost:8000/security/resources/cssStyle.css"> |
| <link rel="stylesheet" |
| href="http://localhost:8000/security/resources/redir.php?url=http://127.0.0.1:8000/security/resources/cssStyle.css"> |
| <script> |
| |
| test(() => { |
| var sheet1 = document.styleSheets[0]; |
| assert_throws("SecurityError", () => { |
| sheet1.cssRules; |
| }); |
| assert_throws("SecurityError", () => { |
| sheet1.rules; |
| }); |
| }, "Can't access Cross-Origin sheets that were redirected to from Same-Origin"); |
| |
| test(() => { |
| var sheet2 = document.styleSheets[1]; |
| assert_throws("SecurityError", () => { |
| sheet2.cssRules; |
| }); |
| assert_throws("SecurityError", () => { |
| sheet2.rules; |
| }); |
| }, "Can't access Same-Origin sheets that were redirected to from Cross-Origin"); |
| |
| </script> |
| </head> |
| <body> |
| <p>This test whether a script can read the rules from a cross-origin style |
| sheet in the presence of redirects. For more information on why we block |
| this, please see |
| <a href="https://bugs.webkit.org/show_bug.cgi?id=20527">https://bugs.webkit.org/show_bug.cgi?id=20527</a>. |
| </p> |
| </body> |
| </html> |