diff options
Diffstat (limited to 'dom/security/test/csp/test_bug1505412.html')
-rw-r--r-- | dom/security/test/csp/test_bug1505412.html | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_bug1505412.html b/dom/security/test/csp/test_bug1505412.html new file mode 100644 index 0000000000..717af2054b --- /dev/null +++ b/dom/security/test/csp/test_bug1505412.html @@ -0,0 +1,50 @@ +<!DOCTYPE HTML> +<html> + +<head> + <title> Bug 1505412 CSP-RO reports violations in inline-scripts with nonce</title> + <script src="/tests/SimpleTest/SimpleTest.js" nonce="foobar"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> + + +<body> + <p id="display"></p> + <div id="content" style="display: none"> + </div> + + <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1505412">Test for 1505412 </a> + <script class="testbody" type="text/javascript" nonce="foobar"> + /* Description of the test: + 1: We setup a Proxy that will cause the Test to Fail + if Firefox sends a CSP-Report to /report + 2: We Load an iframe with has a Script pointing to + file_bug1505412.sjs + 3: The Preloader will fetch the file and Gets redirected + 4: If correct, the File should be loaded and no CSP-Report + should be send. + */ + + + + SimpleTest.waitForExplicitFinish(); + SimpleTest.requestCompleteLog(); + SimpleTest.requestLongerTimeout(2); // Or might fail for Linux-Debug in some cases. + var script; + + window.addEventListener("load",()=>{ + let t = document.querySelector("#target"); + t.src = "file_bug1505412_frame.html"; + t.addEventListener("load",async () => { + let reportCount = await fetch("file_bug1505412_reporter.sjs?state").then(r => r.text()); + info(reportCount); + ok(reportCount == 0 , "Script Loaded without CSP beeing triggered"); + await fetch("file_bug1505412_reporter.sjs?flush"); + SimpleTest.finish(); + }); + }) + + </script> + <iframe id="target" frameborder="0"></iframe> +</body> + +</html>
\ No newline at end of file |