testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

<!doctype html>
<meta charset=utf-8>
<meta http-equiv="Content-Security-Policy" content="font-src 'self'">
<head>
  <title>Test font loads if it matches font-src.</title>
  <script src='/resources/testharness.js'></script>
  <script src='/resources/testharnessreport.js'></script>
</head>
<body>
  <div id="log"></div>
  <script>
    async_test(function(t) {
      document.addEventListener("securitypolicyviolation", t.unreached_func("Loading allowed fonts should not trigger a violation."));
      var link = document.createElement('link');
      link.rel="preload";
      link.as="font";
      link.href="/fonts/Ahem.ttf?font-self-allowed";
      link.onload = t.step_func_done();
      link.onerror = t.unreached_func("Should have loaded the font.");
      document.getElementsByTagName('head')[0].appendChild(link);
    }, "Test font loads if it matches font-src.");
  </script>
</body>