This test makes sure that once an HTTP Basic Auth. protected path is authenticated once, urls that emanate from that path automatically have their credentials sent without a challenge.
The first frame's path is /loading/resources/subresources/protected-resource.php, and we should get a challenge for it.
It will be authorized with first/first-pw.
The second frame's path is /loading/resources/protected-resource.php, and we should get a challenge for it, because it does not share a common subpath of the previously authorized resource.
It will be authorized with second/second-pw.
The third frame's path is also /loading/resources/protected-resource.php, and we should *not* get a challenge for it because we authorized to this path for the second frame.
It will be authorized with second/second-pw.
The fourth frame's path is /loading/resources/othersubresources/protected-resource.php, and we should *not* get a challenge for it, because it has a common subpath with the previously authorized second and third frames.
It will be authorized with second/second-pw.