summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html')
-rw-r--r--testing/web-platform/tests/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html35
1 files changed, 35 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html b/testing/web-platform/tests/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html
new file mode 100644
index 0000000000..c1954641b1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/content-security-policy/support/testharness-helper.js"></script>
+<script src="/content-security-policy/support/prefetch-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'unsafe-inline'; img-src http://{{domains[www2]}}:{{ports[http][0]}}"/>
+
+<script>
+ const { OTHER_ORIGIN, REMOTE_ORIGIN } = get_host_info();
+
+ promise_test(async (t) => {
+ const url = new URL("/common/dummy.xml", location.href);
+ assert_true(await try_to_prefetch(url, t));
+ }, "Prefetch should succeed when restricted by default-src but allowed by " +
+ "other directive");
+
+ promise_test(async (t) => {
+ const url = new URL("/common/dummy.xml", REMOTE_ORIGIN);
+ assert_false(await try_to_prefetch(url, t));
+ }, "Prefetch should fail when restricted by default-src and different " +
+ "origin allowed by other directive");
+
+ promise_test(async (t) => {
+ const url = new URL("/common/dummy.xml", OTHER_ORIGIN);
+ assert_true(await try_to_prefetch(url, t));
+ }, "Prefetch should succeed when restricted by default-src but origin " +
+ "allowed by other directive");
+</script>
+</head>
+<body></body>
+</html>