From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- dom/security/test/csp/file_bug802872.js | 47 +++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 dom/security/test/csp/file_bug802872.js (limited to 'dom/security/test/csp/file_bug802872.js') diff --git a/dom/security/test/csp/file_bug802872.js b/dom/security/test/csp/file_bug802872.js new file mode 100644 index 0000000000..042e190269 --- /dev/null +++ b/dom/security/test/csp/file_bug802872.js @@ -0,0 +1,47 @@ +/* + * The policy for this test is: + * Content-Security-Policy: default-src 'self' + */ + +function createAllowedEvent() { + /* + * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on + * 'http://mochi.test', a default-src of 'self' allows this request. + */ + var src_event = new EventSource( + "http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs" + ); + + src_event.onmessage = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("allowedEventSrcCallbackOK")); + }; + + src_event.onerror = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("allowedEventSrcCallbackFailed")); + }; +} + +function createBlockedEvent() { + /* + * creates a new EventSource using 'http://example.com'. This domain is not allowlisted by the + * CSP of this page, therefore the CSP blocks this request. + */ + var src_event = new EventSource( + "http://example.com/tests/dom/security/test/csp/file_bug802872.sjs" + ); + + src_event.onmessage = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("blockedEventSrcCallbackOK")); + }; + + src_event.onerror = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("blockedEventSrcCallbackFailed")); + }; +} + +addLoadEvent(createAllowedEvent); +addLoadEvent(createBlockedEvent); -- cgit v1.2.3