summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/prefetch-src
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/content-security-policy/prefetch-src
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/prefetch-src')
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-allowed.html30
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked-by-default.html25
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked.html23
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html25
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html.headers2
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html37
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html.headers2
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html37
-rw-r--r--testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html.headers2
9 files changed, 183 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-allowed.html b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-allowed.html
new file mode 100644
index 0000000000..b738823c4c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-allowed.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='/content-security-policy/support/testharness-helper.js'></script>
+ <script src='/content-security-policy/support/prefetch-helper.js'></script>
+ <script>
+ async_test(t => {
+ var win = window.open('/content-security-policy/support/' +
+ 'file-prefetch-allowed.html');
+ win.addEventListener('load', function () {
+ // Cache control headers are added,since they are needed
+ // to enable prefetching.
+ let url = '/content-security-policy/support/pass.png' +
+ '?pipe=header(Cache-Control, max-age=604800)';
+
+ // Link element is created on the new opened window.
+ let link = win.document.createElement('link');
+ link.rel = 'prefetch';
+ link.href = url;
+ assert_link_prefetches(t, link);
+ win.close();
+ }, false);
+ }, 'Prefetch succeeds when allowed by prefetch-src');
+ </script>
+</head>
+<body>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked-by-default.html b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked-by-default.html
new file mode 100644
index 0000000000..0e54de66de
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked-by-default.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <!-- Block everything by default, but allow the page's scripts to execute. -->
+ <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-inline' 'self'">
+
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='/content-security-policy/support/testharness-helper.js'></script>
+ <script src='/content-security-policy/support/prefetch-helper.js'></script>
+ <script>
+ async_test(t => {
+ let url = window.origin + '/content-security-policy/support/fail.png';
+
+ let link = document.createElement('link');
+ link.rel = 'prefetch';
+ link.href = url;
+
+ assert_link_does_not_prefetch(t, link);
+ }, "`default-src`-blocked prefetch generates report.");
+ </script>
+</head>
+<body>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked.html b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked.html
new file mode 100644
index 0000000000..890a65f82c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-blocked.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta http-equiv="Content-Security-Policy" content="prefetch-src 'none';">
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='/content-security-policy/support/testharness-helper.js'></script>
+ <script src='/content-security-policy/support/prefetch-helper.js'></script>
+ <script>
+ async_test(t => {
+ let url = window.origin + '/content-security-policy/support/fail.png';
+
+ let link = document.createElement('link');
+ link.rel = 'prefetch';
+ link.href = url;
+
+ assert_link_does_not_prefetch(t, link);
+ }, "Blocked prefetch generates report.");
+ </script>
+</head>
+<body>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html
new file mode 100644
index 0000000000..45f6289e34
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <!-- Headers:
+ Content-Security-Policy: prefetch-src 'self'
+ Link: </content-security-policy/support/pass.png>;rel=prefetch
+ -->
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='/content-security-policy/support/testharness-helper.js'></script>
+ <script src='/content-security-policy/support/prefetch-helper.js'></script>
+ <script>
+ async_test(t => {
+ let url = window.origin + '/content-security-policy/support/pass.png';
+ assert_no_csp_event_for_url(t, url);
+
+ waitUntilResourceDownloaded(url)
+ .then(t.step_func_done());
+ }, 'Prefetch via `Link` header succeeds when allowed by prefetch-src');
+ </script>
+</head>
+<body>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html.headers b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html.headers
new file mode 100644
index 0000000000..2b1d42a8d1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-allowed.html.headers
@@ -0,0 +1,2 @@
+Content-Security-Policy: prefetch-src 'self'
+Link: </content-security-policy/support/pass.png>;rel=prefetch
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html
new file mode 100644
index 0000000000..e43dca7659
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <!-- Headers:
+ Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline' 'self'; img-src 'self'; style-src 'self'
+ Link: </content-security-policy/support/fail.png>;rel=prefetch
+ -->
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='/content-security-policy/support/testharness-helper.js'></script>
+ <script src='/content-security-policy/support/prefetch-helper.js'></script>
+ <script>
+ async_test(t => {
+ let url = window.origin + '/content-security-policy/support/fail.png';
+ waitUntilCSPEventForURL(t, url)
+ .then(t.step_func_done(e => {
+ assert_equals(e.violatedDirective, 'prefetch-src');
+
+ // This assert verifies both that the resource wasn't downloaded
+ // when prefetched via `Link` on both this document itself, and
+ // on the stylesheet subresource below.
+ assert_resource_not_downloaded(t, url);
+ }));
+
+ // Load a stylesheet that tries to trigger a prefetch:
+ let link = document.createElement('link');
+ link.rel = 'stylesheet';
+ link.href = '/content-security-policy/support/prefetch-subresource.css';
+ document.head.appendChild(link);
+ }, 'Prefetch via `Link` header blocked when allowed by default-src');
+ </script>
+</head>
+<body>
+</body>
+</html>
+
+
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html.headers b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html.headers
new file mode 100644
index 0000000000..6d19ed181e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked-by-default.html.headers
@@ -0,0 +1,2 @@
+Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline' 'self'; img-src 'self'; style-src 'self'
+Link: </content-security-policy/support/fail.png>;rel=prefetch
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html
new file mode 100644
index 0000000000..a2abef3c17
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <!-- Headers:
+ Content-Security-Policy: prefetch-src 'none'
+ Link: </content-security-policy/support/fail.png>;rel=prefetch
+ -->
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='/content-security-policy/support/testharness-helper.js'></script>
+ <script src='/content-security-policy/support/prefetch-helper.js'></script>
+ <script>
+ async_test(t => {
+ let url = window.origin + '/content-security-policy/support/fail.png';
+ waitUntilCSPEventForURL(t, url)
+ .then(t.step_func_done(e => {
+ assert_equals(e.violatedDirective, 'prefetch-src');
+
+ // This assert verifies both that the resource wasn't downloaded
+ // when prefetched via `Link` on both this document itself, and
+ // on the stylesheet subresource below.
+ assert_resource_not_downloaded(t, url);
+ }));
+
+ // Load a stylesheet that tries to trigger a prefetch:
+ let link = document.createElement('link');
+ link.rel = 'stylesheet';
+ link.href = '/content-security-policy/support/prefetch-subresource.css';
+ document.head.appendChild(link);
+ }, 'Prefetch via `Link` header blocked when allowed by prefetch-src');
+ </script>
+</head>
+<body>
+</body>
+</html>
+
+
diff --git a/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html.headers b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html.headers
new file mode 100644
index 0000000000..732f62d58a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/prefetch-src/prefetch-header-blocked.html.headers
@@ -0,0 +1,2 @@
+Content-Security-Policy: prefetch-src 'none'
+Link: </content-security-policy/support/fail.png>;rel=prefetch