diff options
Diffstat (limited to 'dom/security/test/csp/file_bug802872.js')
-rw-r--r-- | dom/security/test/csp/file_bug802872.js | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_bug802872.js b/dom/security/test/csp/file_bug802872.js new file mode 100644 index 0000000000..042e190269 --- /dev/null +++ b/dom/security/test/csp/file_bug802872.js @@ -0,0 +1,47 @@ +/* + * The policy for this test is: + * Content-Security-Policy: default-src 'self' + */ + +function createAllowedEvent() { + /* + * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on + * 'http://mochi.test', a default-src of 'self' allows this request. + */ + var src_event = new EventSource( + "http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs" + ); + + src_event.onmessage = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("allowedEventSrcCallbackOK")); + }; + + src_event.onerror = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("allowedEventSrcCallbackFailed")); + }; +} + +function createBlockedEvent() { + /* + * creates a new EventSource using 'http://example.com'. This domain is not allowlisted by the + * CSP of this page, therefore the CSP blocks this request. + */ + var src_event = new EventSource( + "http://example.com/tests/dom/security/test/csp/file_bug802872.sjs" + ); + + src_event.onmessage = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("blockedEventSrcCallbackOK")); + }; + + src_event.onerror = function (e) { + src_event.close(); + parent.dispatchEvent(new Event("blockedEventSrcCallbackFailed")); + }; +} + +addLoadEvent(createAllowedEvent); +addLoadEvent(createBlockedEvent); |