Demo of CORB

This page demonstrates how Cross-Origin Read Blocking (CORB) works. Please see one of the following resources for more information about CORB:

Repro steps to trigger CORB:

  1. Make sure that CORB is active (e.g. by launching Chrome M63 or later with the --enable-features=CrossSiteDocumentBlockingAlways cmdline flag).
  2. Open Javascript console (e.g. by pressing Ctrl-Shift-I in Chrome).
  3. Press the button below to add an <img src="https://www.chromium.org/"> element that tries to sneak a cross-origin text/html document into memory of a renderer process hosting another origin.
  4. Observe that CORB blocks the http request triggered by the inserted img element.

Dynamic content below...