1 files changed, 71 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html
new file mode 100644
index 0000000000..a0708bf5ed
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html
@@ -0,0 +1,71 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Video element src attribute must match src list - positive test</title>
+    <meta http-equiv="Content-Security-Policy" content="script-src * 'unsafe-inline'; media-src http://{{domains[www2]}}:{{ports[http][0]}}/ 'self'; connect-src 'self';">
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Video element in media-src list - redirect test</h1>
+    <div id='log'></div>
+
+  <p>This test tests a buggy interaction in Chrome 46.  Two hosts (self and www2) are both allowed
+    as media-src, but only one (self) is allowed for connect-src.  If a video src starts on
+    an allowed host (self), and is redirected to another allowed media-src host, it should succeed. But a bug
+    causes the redirect to be done in a fetch context to which connect-src is being applied instead, so
+    the load is blocked. (This test passes in Firefox 45, modulo an event listener not firing.)</p>
+
+  <script>
+    var src_test = async_test("In-policy async video src");
+    var src_redir_test = async_test("in-policy async video src w/redir")
+    var source_test = async_test("In-policy async video source element");
+    var source_redir_test = async_test("In-policy async video source element w/redir");
+
+    var t_spv = async_test("Should not fire policy violation events");
+    var test_count = 4;
+    window.addEventListener("securitypolicyviolation", t_spv.unreached_func("Should not have fired any event"));
+
+    function media_loaded(t) {
+      t.done();
+      if (--test_count <= 0) {
+        t_spv.done();
+      }
+    }
+
+    function media_error_handler(t) {
+      t.step( function () {
+          assert_unreached("Media error handler shouldn't be triggered for allowed domain.");
+      });
+      t.done();
+    }
+  </script>
+
+    <video id="videoObject" width="320" height="240" controls
+           onloadeddata="media_loaded(source_test)">
+        <source id="videoSourceObject"
+                type="video/ogg"
+                onerror="media_error_handler(source_test)"
+                src="http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
+    </video>
+
+    <video id="videoObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_test)"
+           onloadeddata="media_loaded(src_test)"
+           src="http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
+
+    <video id="videoObject3" width="320" height="240" controls
+           onloadeddata="media_loaded(source_redir_test)">
+        <source id="videoSourceObject"
+                type="video/ogg"
+                onerror="media_error_handler(source_test)"
+                src="/common/redirect.py?location=http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
+    </video>
+
+    <video id="videoObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_redir_test)"
+           onloadeddata="media_loaded(src_redir_test)"
+           src="/common/redirect.py?location=http://{{domains[www2]}}:{{ports[http][0]}}/media/A4.ogv">
+
+</body>
+</html>