2 files changed, 23 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html b/testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html
new file mode 100644
index 0000000000..1cfff902a2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <title>Blocked relative images are reported correctly</title>
+    <!-- CSP headers
+Content-Security-Policy: script-src 'self' 'unsafe-inline'
+Content-Security-Policy-Report-Only: img-src 'none'; script-src 'self' 'unsafe-inline'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}}
+-->
+</head>
+<body>
+    <img src="../support/pass.png">
+    <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=img-src%20%27none%27'></script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html.sub.headers b/testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html.sub.headers
new file mode 100644
index 0000000000..8fb2f58aba
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/reporting/report-blocked-uri.html.sub.headers
@@ -0,0 +1,7 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: report-blocked-uri={{$id:uuid()}}; Path=/content-security-policy/reporting/
+Content-Security-Policy: script-src 'self' 'unsafe-inline'
+Content-Security-Policy-Report-Only: img-src 'none'; script-src 'self' 'unsafe-inline'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}}