From 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 03:47:29 +0200
Subject: Adding upstream version 115.8.0esr.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../script-src-self/sharedworker-import.http.html  | 118 ++++++++++++++++++++
 .../script-src-self/sharedworker-import.https.html | 118 ++++++++++++++++++++
 .../script-src-self/worker-import.http.html        | 118 ++++++++++++++++++++
 .../script-src-self/worker-import.https.html       | 118 ++++++++++++++++++++
 .../worker-src-self/sharedworker-import.http.html  | 118 ++++++++++++++++++++
 .../worker-src-self/sharedworker-import.https.html | 118 ++++++++++++++++++++
 .../worker-src-self/worker-import.http.html        | 118 ++++++++++++++++++++
 .../worker-src-self/worker-import.https.html       | 118 ++++++++++++++++++++
 .../script-src-self/sharedworker-import.http.html  | 119 +++++++++++++++++++++
 .../script-src-self/sharedworker-import.https.html | 119 +++++++++++++++++++++
 .../script-src-self/worker-import.http.html        | 119 +++++++++++++++++++++
 .../script-src-self/worker-import.https.html       | 119 +++++++++++++++++++++
 .../worker-src-self/sharedworker-import.http.html  | 119 +++++++++++++++++++++
 .../worker-src-self/sharedworker-import.https.html | 119 +++++++++++++++++++++
 .../worker-src-self/worker-import.http.html        | 119 +++++++++++++++++++++
 .../worker-src-self/worker-import.https.html       | 119 +++++++++++++++++++++
 .../generic/test-case.sub.js                       |  98 +++++++++++++++++
 17 files changed, 1994 insertions(+)
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html
 create mode 100644 testing/web-platform/mozilla/tests/content-security-policy/generic/test-case.sub.js

(limited to 'testing/web-platform/mozilla/tests/content-security-policy')

diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html
new file mode 100644
index 0000000000..c420b940f8
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html
new file mode 100644
index 0000000000..a7bb3de773
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html
new file mode 100644
index 0000000000..482a41186d
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html
new file mode 100644
index 0000000000..4d75fa1ccc
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html
new file mode 100644
index 0000000000..f06c11dd78
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html
new file mode 100644
index 0000000000..1c9483fc05
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html
new file mode 100644
index 0000000000..f8a9e51557
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+            ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html
new file mode 100644
index 0000000000..7d6a82d8fc
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html
new file mode 100644
index 0000000000..f66bc9ed7c
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html
new file mode 100644
index 0000000000..bcd1f0f2ef
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html
new file mode 100644
index 0000000000..68a610d994
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html
new file mode 100644
index 0000000000..829e6e2b90
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'script-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html
new file mode 100644
index 0000000000..4c6757c65f
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="worker-src 'self'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html
new file mode 100644
index 0000000000..2655a33036
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="worker-src 'self'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "sharedworker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html
new file mode 100644
index 0000000000..281987acfe
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="worker-src 'self'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-http",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "http",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html
new file mode 100644
index 0000000000..4654856ada
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted -->
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="timeout" content="long">
+    <meta http-equiv="Content-Security-Policy" content="worker-src 'self'">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        [
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "allowed",
+            "origin": "same-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "keep-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "no-redirect",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "cross-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context."
+          },
+          {
+            "expectation": "blocked",
+            "origin": "same-https",
+            "redirection": "swap-origin",
+            "source_context_list": [],
+            "source_scheme": "https",
+            "subresource": "worker-import",
+            "subresource_policy_deliveries": [
+                {
+                  "deliveryType": "meta",
+                  "key": "contentSecurityPolicy",
+                  "value": 'worker-src-self'
+                }
+             ],
+            "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context."
+          }
+        ],
+        new SanityChecker()
+      ).start();
+    </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/generic/test-case.sub.js b/testing/web-platform/mozilla/tests/content-security-policy/generic/test-case.sub.js
new file mode 100644
index 0000000000..d9a6494dd3
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/content-security-policy/generic/test-case.sub.js
@@ -0,0 +1,98 @@
+function TestCase(scenarios, sanityChecker) {
+  function runTest(scenario) {
+    sanityChecker.checkScenario(scenario, subresourceMap);
+
+    const urls = getRequestURLs(scenario.subresource,
+                                scenario.origin,
+                                scenario.redirection);
+
+    /** @type {Subresource} */
+    const subresource = {
+      subresourceType: scenario.subresource,
+      url: urls.testUrl,
+      policyDeliveries: scenario.subresource_policy_deliveries,
+    };
+
+    let violationEventResolve;
+    // Resolved with an array of securitypolicyviolation events.
+    const violationEventPromise = new Promise(resolve => {
+        violationEventResolve = resolve;
+      });
+
+    promise_test(async t => {
+      await xhrRequest(urls.announceUrl);
+
+      // Currently only requests from top-level Documents are tested
+      // (specified by `spec.src.json`) and thus securitypolicyviolation
+      // events are assumed to be fired on the top-level Document here.
+      // When adding non-top-level Document tests, securitypolicyviolation
+      // events should be caught in appropriate contexts.
+      const violationEvents = [];
+      const listener = e => { violationEvents.push(e); };
+      document.addEventListener('securitypolicyviolation', listener);
+
+      try {
+        // Send out the real resource request.
+        // This should tear down the key if it's not blocked.
+        const mainPromise = invokeRequest(subresource, scenario.source_context_list);
+        if (scenario.expectation === 'allowed') {
+          await mainPromise;
+        } else {
+          await mainPromise
+              .then(t.unreached_func('main promise resolved unexpectedly'))
+              .catch(_ => {});
+        }
+      } finally {
+        // Always perform post-processing/clean up for
+        // 'securitypolicyviolation' events and resolve
+        // `violationEventPromise`, to prevent timeout of the
+        // promise_test() below.
+
+        // securitypolicyviolation events are fired in a queued task in
+        // https://w3c.github.io/webappsec-csp/#report-violation
+        // so wait for queued tasks to run using setTimeout().
+        let timeout = 0;
+        if (scenario.subresource.startsWith('worklet-') &&
+            navigator.userAgent.includes("Firefox/")) {
+          // https://bugzilla.mozilla.org/show_bug.cgi?id=1808911
+          // In Firefox sometimes violations from Worklets are delayed.
+          timeout = 10;
+        }
+        await new Promise(resolve => setTimeout(resolve, timeout));
+
+        // Pass violation events to `violationEventPromise` (which will be tested
+        // in the subsequent promise_test()) and clean up the listener.
+        violationEventResolve(violationEvents);
+        document.removeEventListener('securitypolicyviolation', listener);
+      }
+
+      // Send request to check if the key has been torn down.
+      const assertResult = await xhrRequest(urls.assertUrl);
+
+      // Now check if the value has been torn down. If it's still there,
+      // we have blocked the request by content security policy.
+      assert_equals(assertResult.status, scenario.expectation,
+        "The resource request should be '" + scenario.expectation + "'.");
+
+    }, scenario.test_description);
+
+    promise_test(async _ => {
+        const violationEvents = await violationEventPromise;
+        if (scenario.expectation === 'allowed') {
+          assert_array_equals(violationEvents, [],
+              'no violation events should be fired');
+        } else {
+          assert_equals(violationEvents.length, 1,
+              'One violation event should be fired');
+        }
+      }, scenario.test_description + ": securitypolicyviolation");
+  }  // runTest
+
+  function runTests() {
+    for (const scenario of scenarios) {
+      runTest(scenario);
+    }
+  }
+
+  return {start: runTests};
+}
-- 
cgit v1.2.3