23 lines
838 B
JavaScript
23 lines
838 B
JavaScript
// META: script=/service-workers/service-worker/resources/test-helpers.sub.js
|
|
// META: script=resources/utils.js
|
|
'use strict';
|
|
|
|
// Tests that requests blocked by Content Security Policy are rejected.
|
|
// https://w3c.github.io/webappsec-csp/#should-block-request
|
|
|
|
// This is not a comprehensive test of Content Security Policy - it is just
|
|
// intended to check that CSP checks are enabled.
|
|
|
|
var meta = document.createElement('meta');
|
|
meta.setAttribute('http-equiv', 'Content-Security-Policy');
|
|
meta.setAttribute('content', "connect-src 'none'");
|
|
document.head.appendChild(meta);
|
|
|
|
backgroundFetchTest(async (t, bgFetch) => {
|
|
const fetch = await bgFetch.fetch(uniqueId(), '/');
|
|
|
|
const record = await fetch.match('/');
|
|
return promise_rejects_js(
|
|
t, TypeError,
|
|
record.responseReady);
|
|
}, 'fetch blocked by CSP should reject');
|