diff --git a/testing/web-platform/meta/MANIFEST.json b/testing/web-platform/meta/MANIFEST.json
index af4b63b8bbaf7..96b0886a12cc8 100644
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -1671491,6 +1671491,174 @@ html
 "
 fetch
 /
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+green
+.
+png
+"
+:
+[
+[
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+hello
+.
+py
+"
+:
+[
+[
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+iframe
+.
+py
+"
+:
+[
+[
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+iframeFetch
+.
+html
+"
+:
+[
+[
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+image
+.
+py
+"
+:
+[
+[
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+redirect
+.
+py
+"
+:
+[
+[
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+script
+.
+py
+"
+:
+[
+[
+{
+}
+]
+]
+"
+fetch
+/
 data
 -
 urls
@@ -2072676,6 +2072844,216 @@ html
 "
 fetch
 /
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+fetch
+-
+in
+-
+iframe
+.
+html
+"
+:
+[
+[
+"
+/
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+fetch
+-
+in
+-
+iframe
+.
+html
+"
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+fetch
+.
+html
+"
+:
+[
+[
+"
+/
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+fetch
+.
+html
+"
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+iframe
+-
+loads
+.
+html
+"
+:
+[
+[
+"
+/
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+iframe
+-
+loads
+.
+html
+"
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+image
+-
+loads
+.
+html
+"
+:
+[
+[
+"
+/
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+image
+-
+loads
+.
+html
+"
+{
+}
+]
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+script
+-
+loads
+.
+html
+"
+:
+[
+[
+"
+/
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+script
+-
+loads
+.
+html
+"
+{
+}
+]
+]
+"
+fetch
+/
 data
 -
 urls
@@ -2710743,7 +2711121,7 @@ js
 :
 [
 "
-4175d0fff3555e25a646b0673a082fefdc113fe0
+1eae4a7e29b73d60b9832ef5d8c808f6fd10db5c
 "
 "
 support
@@ -3778371,6 +3778749,318 @@ testharness
 "
 fetch
 /
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+fetch
+-
+in
+-
+iframe
+.
+html
+"
+:
+[
+"
+4d836bed1e90a2d14b1651c0f3229b3f3d0b6b91
+"
+"
+testharness
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+fetch
+.
+html
+"
+:
+[
+"
+6a881615d9df0750b640298725be56e60cd5804c
+"
+"
+testharness
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+iframe
+-
+loads
+.
+html
+"
+:
+[
+"
+8429fdb1695fc73c853dc37bf29544b8139d5396
+"
+"
+testharness
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+image
+-
+loads
+.
+html
+"
+:
+[
+"
+6e81ede4b474b2516ec735d4d8f99694b4124773
+"
+"
+testharness
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+green
+.
+png
+"
+:
+[
+"
+ef91d21307a12b2cfaf33a90dffe16aa1cba42c9
+"
+"
+support
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+hello
+.
+py
+"
+:
+[
+"
+0d8e30350c97fd6a040b14348929cf7e87e0e406
+"
+"
+support
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+iframe
+.
+py
+"
+:
+[
+"
+d8f4af86d37d2f257b4166a1f7d3001d55eeda69
+"
+"
+support
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+iframeFetch
+.
+html
+"
+:
+[
+"
+d66a9c958288a97469e8cfa75eba973e9f35e190
+"
+"
+support
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+image
+.
+py
+"
+:
+[
+"
+72f4bbf045fbb61623246d44b763bd06024c0f63
+"
+"
+support
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+redirect
+.
+py
+"
+:
+[
+"
+eb237d6f61e042db8454efad97a7ca58ea90eba9
+"
+"
+support
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+resources
+/
+script
+.
+py
+"
+:
+[
+"
+330a0ae1420b41e63bd639fa24f75e64e4528bcc
+"
+"
+support
+"
+]
+"
+fetch
+/
+cross
+-
+origin
+-
+resource
+-
+policy
+/
+script
+-
+loads
+.
+html
+"
+:
+[
+"
+cd28267293f2d20ee78d6b946fe6b8793edf1bae
+"
+"
+testharness
+"
+]
+"
+fetch
+/
 data
 -
 urls
diff --git a/testing/web-platform/tests/common/get-host-info.sub.js b/testing/web-platform/tests/common/get-host-info.sub.js
index 85c6df730e2e0..823da9c417751 100644
--- a/testing/web-platform/tests/common/get-host-info.sub.js
+++ b/testing/web-platform/tests/common/get-host-info.sub.js
@@ -111,6 +111,38 @@ www2
 }
 '
 ;
+var
+NOTSAMESITE_HOST
+=
+(
+ORIGINAL_HOST
+=
+=
+=
+'
+localhost
+'
+)
+?
+'
+127
+.
+0
+.
+0
+.
+1
+'
+:
+(
+'
+not
+-
+'
++
+ORIGINAL_HOST
+)
+;
 return
 {
 HTTP_PORT
@@ -211,6 +243,22 @@ REMOTE_HOST
 '
 +
 HTTP_PORT
+HTTP_NOTSAMESITE_ORIGIN
+:
+'
+http
+:
+/
+/
+'
++
+NOTSAMESITE_HOST
++
+'
+:
+'
++
+HTTP_PORT
 HTTP_REMOTE_ORIGIN_WITH_DIFFERENT_PORT
 :
 '
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html b/testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html
new file mode 100644
index 0000000000000..9cc6e51a4c7e1
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch-in-iframe.html
@@ -0,0 +1,764 @@
+<
+!
+DOCTYPE
+html
+>
+<
+html
+>
+<
+head
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharness
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharnessreport
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+common
+/
+get
+-
+host
+-
+info
+.
+sub
+.
+js
+"
+>
+<
+/
+script
+>
+<
+/
+head
+>
+<
+body
+>
+<
+script
+>
+const
+host
+=
+get_host_info
+(
+)
+;
+const
+remoteBaseURL
+=
+host
+.
+HTTP_REMOTE_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+notSameSiteBaseURL
+=
+host
+.
+HTTP_NOTSAMESITE_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+localBaseURL
+=
+host
+.
+HTTP_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+function
+with_iframe
+(
+url
+)
+{
+return
+new
+Promise
+(
+function
+(
+resolve
+)
+{
+var
+frame
+=
+document
+.
+createElement
+(
+'
+iframe
+'
+)
+;
+frame
+.
+src
+=
+url
+;
+frame
+.
+onload
+=
+function
+(
+)
+{
+resolve
+(
+frame
+)
+;
+}
+;
+document
+.
+body
+.
+appendChild
+(
+frame
+)
+;
+}
+)
+;
+}
+function
+loadIFrameAndFetch
+(
+iframeURL
+fetchURL
+expectedFetchResult
+title
+)
+{
+promise_test
+(
+async
+(
+)
+=
+>
+{
+const
+frame
+=
+await
+with_iframe
+(
+iframeURL
+)
+;
+let
+receiveMessage
+;
+const
+promise
+=
+new
+Promise
+(
+(
+resolve
+reject
+)
+=
+>
+{
+receiveMessage
+=
+(
+event
+)
+=
+>
+{
+if
+(
+event
+.
+data
+!
+=
+=
+expectedFetchResult
+)
+{
+reject
+(
+"
+Received
+unexpected
+message
+"
++
+event
+.
+data
+)
+;
+return
+;
+}
+resolve
+(
+)
+;
+}
+window
+.
+addEventListener
+(
+"
+message
+"
+receiveMessage
+false
+)
+;
+}
+)
+;
+frame
+.
+contentWindow
+.
+postMessage
+(
+fetchURL
+"
+*
+"
+)
+;
+return
+promise
+.
+finally
+(
+(
+)
+=
+>
+{
+frame
+.
+remove
+(
+)
+;
+window
+.
+removeEventListener
+(
+"
+message
+"
+receiveMessage
+false
+)
+;
+}
+)
+;
+}
+title
+)
+;
+}
+/
+/
+This
+above
+data
+URL
+should
+be
+equivalent
+to
+resources
+/
+iframeFetch
+.
+html
+var
+dataIFrameURL
+=
+"
+data
+:
+text
+/
+html
+;
+base64
+PCFET0NUWVBFIGh0bWw
++
+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ
++
+CiAgICAgICAgZnVuY3Rpb24gcHJvY2Vzc01lc3NhZ2UoZXZlbnQpCiAgICAgICAgewogICAgICAgICAgICBmZXRjaChldmVudC5kYXRhLCB7IG1vZGU6ICJuby1jb3JzIiB9KS50aGVuKCgpID0
++
+IHsKICAgICAgICAgICAgICAgIHBhcmVudC5wb3N0TWVzc2FnZSgib2siLCAiKiIpOwogICAgICAgICAgICB9LCAoKSA9PiB7CiAgICAgICAgICAgICAgICBwYXJlbnQucG9zdE1lc3NhZ2UoImtvIiwgIioiKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgcHJvY2Vzc01lc3NhZ2UsIGZhbHNlKTsKICAgIDwvc2NyaXB0Pgo8L2hlYWQ
++
+Cjxib2R5PgogICAgPGgzPlRoZSBpZnJhbWUgbWFraW5nIGEgc2FtZSBvcmlnaW4gZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk
++
+CjwvaHRtbD4K
+"
+;
+loadIFrameAndFetch
+(
+dataIFrameURL
+localBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+"
+ko
+"
+"
+Cross
+-
+origin
+fetch
+in
+a
+data
+:
+iframe
+load
+fails
+if
+the
+server
+blocks
+cross
+-
+origin
+loads
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadIFrameAndFetch
+(
+dataIFrameURL
+localBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+"
+ko
+"
+"
+Cross
+-
+origin
+fetch
+in
+a
+data
+:
+iframe
+load
+fails
+if
+the
+server
+blocks
+cross
+-
+origin
+loads
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+loadIFrameAndFetch
+(
+remoteBaseURL
++
+"
+resources
+/
+iframeFetch
+.
+html
+"
+localBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+"
+ko
+"
+"
+Cross
+-
+origin
+fetch
+in
+a
+cross
+origin
+iframe
+load
+fails
+if
+the
+server
+blocks
+cross
+-
+origin
+loads
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadIFrameAndFetch
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+iframeFetch
+.
+html
+"
+localBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+"
+ko
+"
+"
+Cross
+-
+origin
+fetch
+in
+a
+cross
+origin
+iframe
+load
+fails
+if
+the
+server
+blocks
+cross
+-
+origin
+loads
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+loadIFrameAndFetch
+(
+remoteBaseURL
++
+"
+resources
+/
+iframeFetch
+.
+html
+"
+remoteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+"
+ok
+"
+"
+Same
+-
+origin
+fetch
+in
+a
+cross
+origin
+iframe
+load
+succeeds
+if
+the
+server
+blocks
+cross
+-
+origin
+loads
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+<
+/
+script
+>
+<
+/
+body
+>
+<
+/
+html
+>
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch.html b/testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch.html
new file mode 100644
index 0000000000000..4747d346e0b0f
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/fetch.html
@@ -0,0 +1,1253 @@
+<
+!
+DOCTYPE
+html
+>
+<
+html
+>
+<
+head
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharness
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharnessreport
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+common
+/
+get
+-
+host
+-
+info
+.
+sub
+.
+js
+"
+>
+<
+/
+script
+>
+<
+/
+head
+>
+<
+body
+>
+<
+script
+>
+const
+host
+=
+get_host_info
+(
+)
+;
+const
+localBaseURL
+=
+host
+.
+HTTP_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+sameSiteBaseURL
+=
+"
+http
+:
+/
+/
+"
++
+host
+.
+ORIGINAL_HOST
++
+"
+:
+"
++
+host
+.
+HTTP_PORT2
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+notSameSiteBaseURL
+=
+host
+.
+HTTP_NOTSAMESITE_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+httpsBaseURL
+=
+host
+.
+HTTPS_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+promise_test
+(
+async
+(
+)
+=
+>
+{
+const
+response
+=
+await
+fetch
+(
+"
+.
+/
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+)
+;
+assert_equals
+(
+await
+response
+.
+text
+(
+)
+"
+hello
+"
+)
+;
+}
+"
+Same
+-
+origin
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+async
+(
+)
+=
+>
+{
+const
+response
+=
+await
+fetch
+(
+"
+.
+/
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+)
+;
+assert_equals
+(
+await
+response
+.
+text
+(
+)
+"
+hello
+"
+)
+;
+}
+"
+Same
+-
+origin
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+async
+(
+test
+)
+=
+>
+{
+const
+response
+=
+await
+fetch
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+)
+;
+assert_equals
+(
+await
+response
+.
+text
+(
+)
+"
+hello
+"
+)
+;
+}
+"
+Cross
+-
+origin
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+async
+(
+test
+)
+=
+>
+{
+const
+response
+=
+await
+fetch
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+)
+;
+assert_equals
+(
+await
+response
+.
+text
+(
+)
+"
+hello
+"
+)
+;
+}
+"
+Cross
+-
+origin
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+(
+test
+)
+=
+>
+{
+const
+remoteURL
+=
+notSameSiteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+;
+return
+promise_rejects
+(
+test
+new
+TypeError
+fetch
+(
+remoteURL
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+)
+;
+}
+"
+Cross
+-
+origin
+no
+-
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+(
+test
+)
+=
+>
+{
+const
+remoteURL
+=
+notSameSiteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+;
+return
+promise_rejects
+(
+test
+new
+TypeError
+fetch
+(
+remoteURL
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+)
+;
+}
+"
+Cross
+-
+origin
+no
+-
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+(
+test
+)
+=
+>
+{
+const
+remoteURL
+=
+httpsBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+;
+return
+fetch
+(
+remoteURL
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+;
+}
+"
+Cross
+-
+origin
+no
+-
+cors
+fetch
+to
+a
+same
+-
+site
+URL
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+(
+test
+)
+=
+>
+{
+const
+remoteURL
+=
+httpsBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+;
+return
+promise_rejects
+(
+test
+new
+TypeError
+fetch
+(
+remoteURL
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+)
+;
+}
+"
+Cross
+-
+origin
+no
+-
+cors
+fetch
+to
+a
+same
+-
+site
+URL
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+async
+(
+test
+)
+=
+>
+{
+const
+remoteSameSiteURL
+=
+sameSiteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+;
+await
+fetch
+(
+remoteSameSiteURL
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+;
+return
+promise_rejects
+(
+test
+new
+TypeError
+fetch
+(
+sameSiteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+)
+;
+}
+"
+Valid
+cross
+-
+origin
+no
+-
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+promise_test
+(
+(
+test
+)
+=
+>
+{
+const
+finalURL
+=
+notSameSiteBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+;
+return
+promise_rejects
+(
+test
+new
+TypeError
+fetch
+(
+"
+resources
+/
+redirect
+.
+py
+?
+redirectTo
+=
+"
++
+encodeURIComponent
+(
+finalURL
+)
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+)
+;
+}
+"
+Cross
+-
+origin
+no
+-
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+after
+a
+redirection
+.
+"
+)
+;
+promise_test
+(
+(
+test
+)
+=
+>
+{
+const
+finalURL
+=
+localBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+;
+return
+fetch
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+redirect
+.
+py
+?
+redirectTo
+=
+"
++
+encodeURIComponent
+(
+finalURL
+)
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+;
+}
+"
+Cross
+-
+origin
+no
+-
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+after
+a
+cross
+-
+origin
+redirection
+.
+"
+)
+;
+promise_test
+(
+async
+(
+test
+)
+=
+>
+{
+const
+finalURL
+=
+localBaseURL
++
+"
+resources
+/
+hello
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+;
+await
+fetch
+(
+finalURL
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+;
+return
+promise_rejects
+(
+test
+new
+TypeError
+fetch
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+redirect
+.
+py
+?
+corp
+=
+same
+-
+origin
+&
+redirectTo
+=
+"
++
+encodeURIComponent
+(
+finalURL
+)
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+)
+;
+}
+"
+Cross
+-
+origin
+no
+-
+cors
+fetch
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+redirect
+response
+header
+.
+"
+)
+;
+<
+/
+script
+>
+<
+/
+body
+>
+<
+/
+html
+>
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/iframe-loads.html b/testing/web-platform/tests/fetch/cross-origin-resource-policy/iframe-loads.html
new file mode 100644
index 0000000000000..aaa87dd28e68f
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/iframe-loads.html
@@ -0,0 +1,395 @@
+<
+!
+DOCTYPE
+html
+>
+<
+html
+>
+<
+head
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharness
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharnessreport
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+common
+/
+get
+-
+host
+-
+info
+.
+sub
+.
+js
+"
+>
+<
+/
+script
+>
+<
+/
+head
+>
+<
+body
+>
+<
+script
+>
+const
+host
+=
+get_host_info
+(
+)
+;
+const
+remoteBaseURL
+=
+host
+.
+HTTP_REMOTE_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+localBaseURL
+=
+host
+.
+HTTP_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+function
+with_iframe
+(
+url
+)
+{
+return
+new
+Promise
+(
+function
+(
+resolve
+)
+{
+var
+frame
+=
+document
+.
+createElement
+(
+'
+iframe
+'
+)
+;
+frame
+.
+src
+=
+url
+;
+frame
+.
+onload
+=
+function
+(
+)
+{
+resolve
+(
+frame
+)
+;
+}
+;
+document
+.
+body
+.
+appendChild
+(
+frame
+)
+;
+}
+)
+;
+}
+promise_test
+(
+async
+(
+)
+=
+>
+{
+const
+url
+=
+remoteBaseURL
++
+"
+resources
+/
+iframe
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+;
+await
+new
+Promise
+(
+(
+resolve
+reject
+)
+=
+>
+{
+return
+fetch
+(
+url
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+.
+then
+(
+reject
+resolve
+)
+;
+}
+)
+;
+const
+iframe
+=
+await
+with_iframe
+(
+url
+)
+;
+return
+new
+Promise
+(
+(
+resolve
+reject
+)
+=
+>
+{
+window
+.
+addEventListener
+(
+"
+message
+"
+(
+event
+)
+=
+>
+{
+if
+(
+event
+.
+data
+!
+=
+=
+"
+pong
+"
+)
+{
+reject
+(
+event
+.
+data
+)
+;
+return
+;
+}
+resolve
+(
+)
+;
+}
+false
+)
+;
+iframe
+.
+contentWindow
+.
+postMessage
+(
+"
+ping
+"
+"
+*
+"
+)
+;
+}
+)
+.
+finally
+(
+(
+)
+=
+>
+{
+iframe
+.
+remove
+(
+)
+;
+}
+)
+;
+}
+"
+Load
+an
+iframe
+that
+has
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+header
+"
+)
+;
+<
+/
+script
+>
+<
+/
+body
+>
+<
+/
+html
+>
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/image-loads.html b/testing/web-platform/tests/fetch/cross-origin-resource-policy/image-loads.html
new file mode 100644
index 0000000000000..cc70b4389cb94
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/image-loads.html
@@ -0,0 +1,561 @@
+<
+!
+DOCTYPE
+html
+>
+<
+html
+>
+<
+head
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharness
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharnessreport
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+common
+/
+get
+-
+host
+-
+info
+.
+sub
+.
+js
+"
+>
+<
+/
+script
+>
+<
+/
+head
+>
+<
+body
+>
+<
+div
+id
+=
+"
+testDiv
+"
+>
+<
+/
+div
+>
+<
+script
+>
+const
+host
+=
+get_host_info
+(
+)
+;
+const
+notSameSiteBaseURL
+=
+host
+.
+HTTP_NOTSAMESITE_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+ok
+=
+true
+;
+const
+ko
+=
+false
+;
+const
+noCors
+=
+false
+;
+function
+loadImage
+(
+url
+shoudLoad
+corsMode
+title
+)
+{
+promise_test
+(
+(
+)
+=
+>
+{
+const
+img
+=
+new
+Image
+(
+)
+;
+if
+(
+corsMode
+)
+img
+.
+crossOrigin
+=
+corsMode
+;
+img
+.
+src
+=
+url
+;
+return
+new
+Promise
+(
+(
+resolve
+reject
+)
+=
+>
+{
+img
+.
+onload
+=
+shoudLoad
+?
+resolve
+:
+reject
+;
+img
+.
+onerror
+=
+shoudLoad
+?
+reject
+:
+resolve
+;
+testDiv
+.
+appendChild
+(
+img
+)
+;
+}
+)
+.
+finally
+(
+(
+)
+=
+>
+{
+testDiv
+.
+innerHTML
+=
+"
+"
+;
+}
+)
+;
+}
+title
+)
+;
+}
+loadImage
+(
+"
+.
+/
+resources
+/
+image
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+ok
+noCors
+"
+Same
+-
+origin
+image
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadImage
+(
+"
+.
+/
+resources
+/
+image
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+ok
+noCors
+"
+Same
+-
+origin
+image
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+loadImage
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+image
+.
+py
+?
+corp
+=
+same
+-
+origin
+&
+acao
+=
+*
+"
+ok
+"
+anonymous
+"
+"
+Cross
+-
+origin
+cors
+image
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadImage
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+image
+.
+py
+?
+corp
+=
+same
+-
+site
+&
+acao
+=
+*
+"
+ok
+"
+anonymous
+"
+"
+Cross
+-
+origin
+cors
+image
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+loadImage
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+image
+.
+py
+?
+corp
+=
+same
+-
+origin
+&
+acao
+=
+*
+"
+ko
+noCors
+"
+Cross
+-
+origin
+no
+-
+cors
+image
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadImage
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+image
+.
+py
+?
+corp
+=
+same
+-
+site
+&
+acao
+=
+*
+"
+ko
+noCors
+"
+Cross
+-
+origin
+no
+-
+cors
+image
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+<
+/
+script
+>
+<
+/
+body
+>
+<
+/
+html
+>
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/green.png b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/green.png
new file mode 100644
index 0000000000000..7f599ffae4da2
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/green.png
@@ -0,0 +1,13 @@
+PNG
+IHDR
+d
+2
+PLTE
+4
+^
+IDAT
+(
+c
+h
+IEND
+B
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/hello.py b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/hello.py
new file mode 100644
index 0000000000000..5824f47423ffb
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/hello.py
@@ -0,0 +1,73 @@
+def
+main
+(
+request
+response
+)
+:
+    
+headers
+=
+[
+(
+"
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+"
+request
+.
+GET
+[
+'
+corp
+'
+]
+)
+]
+    
+if
+'
+origin
+'
+in
+request
+.
+headers
+:
+        
+headers
+.
+append
+(
+(
+'
+Access
+-
+Control
+-
+Allow
+-
+Origin
+'
+request
+.
+headers
+[
+'
+origin
+'
+]
+)
+)
+    
+return
+200
+headers
+"
+hello
+"
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/iframe.py b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/iframe.py
new file mode 100644
index 0000000000000..2dce55cc0c63f
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/iframe.py
@@ -0,0 +1,95 @@
+def
+main
+(
+request
+response
+)
+:
+    
+headers
+=
+[
+(
+"
+Content
+-
+Type
+"
+"
+text
+/
+html
+"
+)
+               
+(
+"
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+"
+request
+.
+GET
+[
+'
+corp
+'
+]
+)
+]
+    
+return
+200
+headers
+"
+<
+body
+>
+<
+h3
+>
+The
+iframe
+<
+/
+h3
+>
+<
+script
+>
+window
+.
+onmessage
+=
+(
+)
+=
+>
+{
+parent
+.
+postMessage
+(
+'
+pong
+'
+'
+*
+'
+)
+;
+}
+<
+/
+script
+>
+<
+/
+body
+>
+"
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html
new file mode 100644
index 0000000000000..a272c7a90e917
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/iframeFetch.html
@@ -0,0 +1,123 @@
+<
+!
+DOCTYPE
+html
+>
+<
+html
+>
+<
+head
+>
+<
+script
+>
+function
+processMessage
+(
+event
+)
+{
+fetch
+(
+event
+.
+data
+{
+mode
+:
+"
+no
+-
+cors
+"
+}
+)
+.
+then
+(
+(
+)
+=
+>
+{
+parent
+.
+postMessage
+(
+"
+ok
+"
+"
+*
+"
+)
+;
+}
+(
+)
+=
+>
+{
+parent
+.
+postMessage
+(
+"
+ko
+"
+"
+*
+"
+)
+;
+}
+)
+;
+}
+window
+.
+addEventListener
+(
+"
+message
+"
+processMessage
+false
+)
+;
+<
+/
+script
+>
+<
+/
+head
+>
+<
+body
+>
+<
+h3
+>
+The
+iframe
+making
+a
+same
+origin
+fetch
+call
+.
+<
+/
+h3
+>
+<
+/
+body
+>
+<
+/
+html
+>
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py
new file mode 100644
index 0000000000000..439aba561c15e
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/image.py
@@ -0,0 +1,200 @@
+import
+os
+.
+path
+def
+main
+(
+request
+response
+)
+:
+    
+type
+=
+request
+.
+GET
+.
+first
+(
+"
+type
+"
+None
+)
+    
+body
+=
+open
+(
+os
+.
+path
+.
+join
+(
+os
+.
+path
+.
+dirname
+(
+__file__
+)
+"
+green
+.
+png
+"
+)
+"
+rb
+"
+)
+.
+read
+(
+)
+    
+response
+.
+add_required_headers
+=
+False
+    
+response
+.
+writer
+.
+write_status
+(
+200
+)
+    
+if
+'
+corp
+'
+in
+request
+.
+GET
+:
+        
+response
+.
+writer
+.
+write_header
+(
+"
+cross
+-
+origin
+-
+resource
+-
+policy
+"
+request
+.
+GET
+[
+'
+corp
+'
+]
+)
+    
+if
+'
+acao
+'
+in
+request
+.
+GET
+:
+        
+response
+.
+writer
+.
+write_header
+(
+"
+access
+-
+control
+-
+allow
+-
+origin
+"
+request
+.
+GET
+[
+'
+acao
+'
+]
+)
+    
+response
+.
+writer
+.
+write_header
+(
+"
+content
+-
+length
+"
+len
+(
+body
+)
+)
+    
+if
+(
+type
+!
+=
+None
+)
+:
+      
+response
+.
+writer
+.
+write_header
+(
+"
+content
+-
+type
+"
+type
+)
+    
+response
+.
+writer
+.
+end_headers
+(
+)
+    
+response
+.
+writer
+.
+write
+(
+body
+)
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/redirect.py b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/redirect.py
new file mode 100644
index 0000000000000..5c6a04153b04d
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/redirect.py
@@ -0,0 +1,66 @@
+def
+main
+(
+request
+response
+)
+:
+    
+headers
+=
+[
+(
+"
+Location
+"
+request
+.
+GET
+[
+'
+redirectTo
+'
+]
+)
+]
+    
+if
+'
+corp
+'
+in
+request
+.
+GET
+:
+        
+headers
+.
+append
+(
+(
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+'
+request
+.
+GET
+[
+'
+corp
+'
+]
+)
+)
+    
+return
+302
+headers
+"
+"
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/script.py b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/script.py
new file mode 100644
index 0000000000000..89cf1435d8977
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/resources/script.py
@@ -0,0 +1,72 @@
+def
+main
+(
+request
+response
+)
+:
+    
+headers
+=
+[
+(
+"
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+"
+request
+.
+GET
+[
+'
+corp
+'
+]
+)
+]
+    
+if
+'
+origin
+'
+in
+request
+.
+headers
+:
+        
+headers
+.
+append
+(
+(
+'
+Access
+-
+Control
+-
+Allow
+-
+Origin
+'
+request
+.
+headers
+[
+'
+origin
+'
+]
+)
+)
+    
+return
+200
+headers
+"
+"
diff --git a/testing/web-platform/tests/fetch/cross-origin-resource-policy/script-loads.html b/testing/web-platform/tests/fetch/cross-origin-resource-policy/script-loads.html
new file mode 100644
index 0000000000000..3470748f9bec8
--- /dev/null
+++ b/testing/web-platform/tests/fetch/cross-origin-resource-policy/script-loads.html
@@ -0,0 +1,548 @@
+<
+!
+DOCTYPE
+html
+>
+<
+html
+>
+<
+head
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharness
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+resources
+/
+testharnessreport
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
+src
+=
+"
+/
+common
+/
+get
+-
+host
+-
+info
+.
+sub
+.
+js
+"
+>
+<
+/
+script
+>
+<
+/
+head
+>
+<
+body
+>
+<
+div
+id
+=
+"
+testDiv
+"
+>
+<
+/
+div
+>
+<
+script
+>
+const
+host
+=
+get_host_info
+(
+)
+;
+const
+notSameSiteBaseURL
+=
+host
+.
+HTTP_NOTSAMESITE_ORIGIN
++
+window
+.
+location
+.
+pathname
+.
+replace
+(
+/
+\
+/
+[
+^
+\
+/
+]
+*
+/
+'
+/
+'
+)
+;
+const
+ok
+=
+true
+;
+const
+ko
+=
+false
+;
+const
+noCors
+=
+false
+;
+function
+loadScript
+(
+url
+shoudLoad
+corsMode
+title
+)
+{
+promise_test
+(
+(
+)
+=
+>
+{
+const
+script
+=
+document
+.
+createElement
+(
+"
+script
+"
+)
+;
+if
+(
+corsMode
+)
+script
+.
+crossOrigin
+=
+corsMode
+;
+script
+.
+src
+=
+url
+;
+return
+new
+Promise
+(
+(
+resolve
+reject
+)
+=
+>
+{
+script
+.
+onload
+=
+shoudLoad
+?
+resolve
+:
+reject
+;
+script
+.
+onerror
+=
+shoudLoad
+?
+reject
+:
+resolve
+;
+testDiv
+.
+appendChild
+(
+script
+)
+;
+}
+)
+;
+}
+title
+)
+;
+}
+loadScript
+(
+"
+.
+/
+resources
+/
+script
+.
+py
+?
+corp
+=
+same
+-
+origin
+"
+ok
+noCors
+"
+Same
+-
+origin
+script
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadScript
+(
+"
+.
+/
+resources
+/
+script
+.
+py
+?
+corp
+=
+same
+-
+site
+"
+ok
+noCors
+"
+Same
+-
+origin
+script
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+loadScript
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+script
+.
+py
+?
+corp
+=
+same
+-
+origin
+&
+acao
+=
+*
+"
+ok
+"
+anonymous
+"
+"
+Cross
+-
+origin
+cors
+script
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadScript
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+script
+.
+py
+?
+corp
+=
+same
+-
+site
+&
+acao
+=
+*
+"
+ok
+"
+anonymous
+"
+"
+Cross
+-
+origin
+cors
+script
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+loadScript
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+script
+.
+py
+?
+corp
+=
+same
+-
+origin
+&
+acao
+=
+*
+"
+ko
+noCors
+"
+Cross
+-
+origin
+no
+-
+cors
+script
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+origin
+'
+response
+header
+.
+"
+)
+;
+loadScript
+(
+notSameSiteBaseURL
++
+"
+resources
+/
+script
+.
+py
+?
+corp
+=
+same
+-
+site
+&
+acao
+=
+*
+"
+ko
+noCors
+"
+Cross
+-
+origin
+no
+-
+cors
+script
+load
+with
+a
+'
+Cross
+-
+Origin
+-
+Resource
+-
+Policy
+:
+same
+-
+site
+'
+response
+header
+.
+"
+)
+;
+<
+/
+script
+>
+<
+/
+body
+>
+<
+/
+html
+>