summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/file_bug802872.js
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/file_bug802872.js')
-rw-r--r--dom/security/test/csp/file_bug802872.js47
1 files changed, 47 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_bug802872.js b/dom/security/test/csp/file_bug802872.js
new file mode 100644
index 0000000000..042e190269
--- /dev/null
+++ b/dom/security/test/csp/file_bug802872.js
@@ -0,0 +1,47 @@
+/*
+ * The policy for this test is:
+ * Content-Security-Policy: default-src 'self'
+ */
+
+function createAllowedEvent() {
+ /*
+ * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
+ * 'http://mochi.test', a default-src of 'self' allows this request.
+ */
+ var src_event = new EventSource(
+ "http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs"
+ );
+
+ src_event.onmessage = function (e) {
+ src_event.close();
+ parent.dispatchEvent(new Event("allowedEventSrcCallbackOK"));
+ };
+
+ src_event.onerror = function (e) {
+ src_event.close();
+ parent.dispatchEvent(new Event("allowedEventSrcCallbackFailed"));
+ };
+}
+
+function createBlockedEvent() {
+ /*
+ * creates a new EventSource using 'http://example.com'. This domain is not allowlisted by the
+ * CSP of this page, therefore the CSP blocks this request.
+ */
+ var src_event = new EventSource(
+ "http://example.com/tests/dom/security/test/csp/file_bug802872.sjs"
+ );
+
+ src_event.onmessage = function (e) {
+ src_event.close();
+ parent.dispatchEvent(new Event("blockedEventSrcCallbackOK"));
+ };
+
+ src_event.onerror = function (e) {
+ src_event.close();
+ parent.dispatchEvent(new Event("blockedEventSrcCallbackFailed"));
+ };
+}
+
+addLoadEvent(createAllowedEvent);
+addLoadEvent(createBlockedEvent);