diff options
Diffstat (limited to 'testing/web-platform/tests/background-fetch/content-security-policy.https.window.js')
| -rw-r--r-- | testing/web-platform/tests/background-fetch/content-security-policy.https.window.js | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/testing/web-platform/tests/background-fetch/content-security-policy.https.window.js b/testing/web-platform/tests/background-fetch/content-security-policy.https.window.js new file mode 100644 index 0000000000..2939595c13 --- /dev/null +++ b/testing/web-platform/tests/background-fetch/content-security-policy.https.window.js @@ -0,0 +1,20 @@ +// META: script=/service-workers/service-worker/resources/test-helpers.sub.js +// META: script=resources/utils.js +'use strict'; + +// Tests that requests blocked by Content Security Policy are rejected. +// https://w3c.github.io/webappsec-csp/#should-block-request + +// This is not a comprehensive test of Content Security Policy - it is just +// intended to check that CSP checks are enabled. + +var meta = document.createElement('meta'); +meta.setAttribute('http-equiv', 'Content-Security-Policy'); +meta.setAttribute('content', "connect-src 'none'"); +document.head.appendChild(meta); + +backgroundFetchTest((t, bgFetch) => { + return promise_rejects_js( + t, TypeError, + bgFetch.fetch(uniqueId(), 'https://example.com')); +}, 'fetch blocked by CSP should reject'); |