diff options
Diffstat (limited to 'dom/security/test/csp/test_service_worker.html')
| -rw-r--r-- | dom/security/test/csp/test_service_worker.html | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_service_worker.html b/dom/security/test/csp/test_service_worker.html new file mode 100644 index 0000000000..1c274990f8 --- /dev/null +++ b/dom/security/test/csp/test_service_worker.html @@ -0,0 +1,61 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Bug 1208559 - ServiceWorker registration not governed by CSP</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* Description of the test: + * Spawning a worker from https://example.com but script-src is 'test1.example.com' + * CSP is not consulted + */ +SimpleTest.waitForExplicitFinish(); + +var tests = [ + { + policy: "default-src 'self'; script-src 'unsafe-inline'; child-src test1.example.com;", + expected: "blocked" + }, +]; + +var counter = 0; +var curTest; + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + is(event.data.result, curTest.expected, "Should be (" + curTest.expected + ") in Test " + counter + "!"); + loadNextTest(); +} + +onload = function() { + SpecialPowers.pushPrefEnv({"set": [ + ["dom.serviceWorkers.exemptFromPerDomainMax", true], + ["dom.serviceWorkers.enabled", true], + ["dom.serviceWorkers.testing.enabled", true], + ["privacy.partition.serviceWorkers", true], + ]}, loadNextTest); +} + +function loadNextTest() { + if (counter == tests.length) { + SimpleTest.finish(); + return; + } + curTest = tests[counter++]; + var src = "https://example.com/tests/dom/security/test/csp/file_testserver.sjs"; + // append the file that should be served + src += "?file=" + escape("tests/dom/security/test/csp/file_service_worker.html"); + // append the CSP that should be used to serve the file + src += "&csp=" + escape(curTest.policy); + document.getElementById("testframe").src = src; +} + +</script> +</body> +</html> |