diff options
Diffstat (limited to 'testing/web-platform/tests/fetch/stale-while-revalidate/revalidate-not-blocked-by-csp.html')
| -rw-r--r-- | testing/web-platform/tests/fetch/stale-while-revalidate/revalidate-not-blocked-by-csp.html | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/stale-while-revalidate/revalidate-not-blocked-by-csp.html b/testing/web-platform/tests/fetch/stale-while-revalidate/revalidate-not-blocked-by-csp.html new file mode 100644 index 0000000000..ea70b9a9c7 --- /dev/null +++ b/testing/web-platform/tests/fetch/stale-while-revalidate/revalidate-not-blocked-by-csp.html @@ -0,0 +1,69 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<title>Test revalidations requests aren't blocked by CSP.</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<body> +<script> + +// Regression test for https://crbug.com/1070117. +var request_token = token(); +let image_src = "resources/stale-image.py?token=" + request_token; + +let loadImage = async () => { + let img = document.createElement("img"); + img.src = image_src; + let loaded = new Promise(r => img.onload = r); + document.body.appendChild(img); + await loaded; + return img; +}; + +promise_test(async t => { + await new Promise(r => window.onload = r); + + // No CSP report must be sent from now. + // + // TODO(arthursonzogni): Some browser implementations do not support the + // ReportingObserver yet. Ideally, another way to access the reports should be + // used to test them. + const observer = new ReportingObserver(t.unreached_func( + "CSP reports aren't sent for revalidation requests")); + if (observer) + observer.observe(); + + let img1 = await loadImage(); // Load initial resource. + let img2 = loadImage(); // Request stale resource. + + // Insert a <meta> CSP. This will block any image load starting from now. + const metaCSP = document.createElement("meta"); + metaCSP.httpEquiv = "Content-Security-Policy"; + metaCSP.content = "img-src 'none'"; + document.getElementsByTagName("head")[0].appendChild(metaCSP) + + // The images were requested before the <meta> CSP above was added. So they + // will load. Nevertheless, the resource will be stale. A revalidation request + // is going to be made after that. + assert_equals(img1.width, 16, "(initial version loaded)"); + assert_equals((await img2).width, 16, "(stale version loaded)"); + + // At some point, the <img> resource is going to be revalidated. It must not + // be blocked nor trigger a CSP violation report. + + // Query the server again and again. At some point it must have received the + // revalidation request. We poll, because we don't know when the revalidation + // will occur. + let query = false; + while(true) { + await new Promise(r => step_timeout(r, 25)); + let response = await fetch(`${image_src}${query ? "&query" : ""}`); + let count = response.headers.get("Count"); + if (count == "2") + break; + query ^= true; + } +}, "Request revalidation aren't blocked by CSP"); + +</script> +</body> |