diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
| commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
| tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/preload/preload-csp.sub.html | |
| parent | Initial commit. (diff) | |
| download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip | |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/preload/preload-csp.sub.html')
| -rw-r--r-- | testing/web-platform/tests/preload/preload-csp.sub.html | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/testing/web-platform/tests/preload/preload-csp.sub.html b/testing/web-platform/tests/preload/preload-csp.sub.html new file mode 100644 index 0000000000..7d367bf846 --- /dev/null +++ b/testing/web-platform/tests/preload/preload-csp.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; font-src 'none'; style-src 'none'; img-src 'none'; media-src 'none';"> +<title>Makes sure that preload requests respect CSP</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<script src="/preload/resources/preload_helper.js"></script> +<link rel=preload href="http://{{host}}:{{ports[http][1]}}/preload/resources/stash-put.py?key={{uuid()}}" as=style> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=style> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=image> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=font crossorigin> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=video> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=audio> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=track> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=foobarxmlthing> +<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}"> +<body> +<script> +promise_test(async (t) => { + verifyPreloadAndRTSupport(); + const keys = []; + const links = document.querySelectorAll('link'); + for (const link of links) { + if (link.rel === 'preload') { + const r = /\?key=([a-zA-Z0-9\-]+)$/; + keys.push(link.href.match(r)[1]); + } + } + await new Promise((resolve) => step_timeout(resolve, 3000)); + + for (const key of keys) { + assert_false(await hasArrivedAtServer(key)); + } +}, 'Preload requests are blocked by CSP.'); +</script> |