1 files changed, 24 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/reporting/report-preload-and-consume.https.html b/testing/web-platform/tests/content-security-policy/reporting/report-preload-and-consume.https.html
new file mode 100644
index 0000000000..771434f673
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/reporting/report-preload-and-consume.https.html
@@ -0,0 +1,24 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test that reports are sent with credentials to same-origin endpoints</title>
+  <script src="/common/utils.js"></script>
+  <script src='/resources/testharness.js'></script>
+  <script src='/resources/testharnessreport.js'></script>
+  <script src='/reporting/resources/report-helper.js'></script>
+</head>
+<body>
+  <script>
+    const endpoint = '/reporting/resources/report.py';
+
+    promise_test(async t => {
+        const uid = token();
+        const win = window.open(`./support/preload-csp-report.https.sub.html?uid=${uid}`);
+        t.add_cleanup(() => win.close());
+        const reports = await pollReports(endpoint, uid);
+        const failures = reports.filter(r => r['csp-report']['blocked-uri'].endsWith('fail.png'));
+        assert_equals(failures.length, 2);
+    }, "Reporting endpoints received credentials.");
+  </script>
+</body>
+</html>