summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/worker-src
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/content-security-policy/worker-src
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/worker-src')
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html8
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html8
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html10
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html8
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html8
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html13
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html10
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html9
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html8
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html8
-rw-r--r--testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html9
30 files changed, 298 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html
new file mode 100644
index 0000000000..cff8f953af
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="child-src http://{{host}}:{{ports[http][0]}} blob:">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by host-source expression.");
+
+ var b = new Blob(["postMessage('ping');"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html
new file mode 100644
index 0000000000..25602573fb
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:; child-src 'none'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by host-source expression.");
+
+ var b = new Blob(["postMessage('ping');"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html
new file mode 100644
index 0000000000..fc4f912324
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by host-source expression.");
+
+ var b = new Blob(["postMessage('ping');"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html
new file mode 100644
index 0000000000..62c550788a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src 'none'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_worker_is_blocked(url, "Same-origin dedicated worker blocked by host-source expression.");
+
+ var b = new Blob(["postMessage('ping');"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_worker_is_blocked(url, "blob: dedicated worker blocked by 'blob:'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html
new file mode 100644
index 0000000000..ba0cd1bb43
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html
new file mode 100644
index 0000000000..f9f68fe749
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'self'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" blocked-worker id="foo" data-desc-fallback="Same-origin dedicated worker allowed by worker-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html
new file mode 100644
index 0000000000..c16a9a543e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by child-src 'self'."></script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html
new file mode 100644
index 0000000000..5bded3f59a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by default-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html
new file mode 100644
index 0000000000..ca92207676
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by script-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html
new file mode 100644
index 0000000000..69e96473bc
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by worker-src 'self'."></script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html
new file mode 100644
index 0000000000..3315a554b3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="child-src https://{{host}}:{{ports[https][0]}}">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_service_worker_is_loaded(url, "Same-origin service worker allowed by host-source expression.");
+</script>
+
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html
new file mode 100644
index 0000000000..314d8831d8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src https://{{host}}:{{ports[https][0]}}; child-src 'none'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_service_worker_is_loaded(url, "Same-origin service worker allowed by host-source expression.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html
new file mode 100644
index 0000000000..9e2cd903f2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src https://{{host}}:{{ports[https][0]}}">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_service_worker_is_loaded(url, "Same-origin service worker allowed by host-source expression.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html
new file mode 100644
index 0000000000..467a8ce2cf
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src 'none'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_service_worker_is_blocked(url, "Same-origin service worker blocked by 'none'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html
new file mode 100644
index 0000000000..d725e73012
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_service_worker_is_loaded(url, "Same-origin service worker allowed by 'self'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html
new file mode 100644
index 0000000000..979abd580d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'self'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" blocked-worker id="foo" data-desc-fallback="Same-origin service worker allowed by child-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html
new file mode 100644
index 0000000000..4d6f2f333a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by child-src 'self'."></script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html
new file mode 100644
index 0000000000..f9df743909
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by default-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html
new file mode 100644
index 0000000000..ce03f24f17
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by script-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html
new file mode 100644
index 0000000000..575911207e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by worker-src 'self'."></script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html
new file mode 100644
index 0000000000..93dd38b6f8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="child-src http://{{host}}:{{ports[http][0]}} blob:">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'.");
+
+ var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_shared_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html
new file mode 100644
index 0000000000..cfe9190a43
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:; child-src 'none'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'.");
+
+ var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_shared_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html
new file mode 100644
index 0000000000..6c985c76eb
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'.");
+
+ var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_shared_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html
new file mode 100644
index 0000000000..b443f321d3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src 'none'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_shared_worker_is_blocked(url, "Same-origin shared worker blocked by 'none'.");
+
+ var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"});
+ var url = URL.createObjectURL(b);
+ assert_shared_worker_is_blocked(url, "blob: shared worker blocked by 'none'.");
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html
new file mode 100644
index 0000000000..e6b368aab1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'">
+<script>
+ var url = new URL("../support/ping.js", document.baseURI).toString();
+ assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'.");
+</script>
+
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html
new file mode 100644
index 0000000000..00dbdb4fc2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'self'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" blocked-worker id="foo" data-desc-fallback="Same-origin shared worker allowed by child-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html
new file mode 100644
index 0000000000..1e6a1df54b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by child-src 'self'."></script>
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html
new file mode 100644
index 0000000000..4a07db76aa
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by default-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html
new file mode 100644
index 0000000000..0a854da3ad
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by script-src 'self'."></script> \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html
new file mode 100644
index 0000000000..dc8370bdbe
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by worker-src 'self'."></script>