diff options
Diffstat (limited to 'testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html')
-rw-r--r-- | testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html b/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html new file mode 100644 index 0000000000..55498eaa4e --- /dev/null +++ b/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html @@ -0,0 +1,89 @@ +<!DOCTYPE html> +<title>CSP for subresource WebBundle (allowed cases)</title> +<link + rel="help" + href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md" +/> +<meta + http-equiv="Content-Security-Policy" + content=" + script-src + https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn + https://web-platform.test:8444/resources/testharness.js + https://web-platform.test:8444/resources/testharnessreport.js + 'unsafe-inline'; + img-src + https://web-platform.test:8444/web-bundle/resources/wbn/pass.png; + frame-src + https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn" +/> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<body> + <script type="webbundle"> + { + "source": "../resources/wbn/subresource.wbn", + "resources": ["https://web-platform.test:8444/web-bundle/resources/wbn/pass.png"] + } + </script> + <script type="webbundle"> + { + "source": "../resources/wbn/uuid-in-package.wbn", + "resources": ["uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720", + "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae" + ] + } + </script> + <script> + promise_test(() => { + return new Promise((resolve, reject) => { + const img = document.createElement("img"); + img.src = + "https://web-platform.test:8444/web-bundle/resources/wbn/pass.png"; + img.onload = resolve; + img.onerror = reject; + document.body.appendChild(img); + }); + }, "URL matching of CSP should be done based on the subresource URL " + + "when the subresource URL is HTTPS URL."); + + promise_test(async () => { + const result = await new Promise((resolve) => { + // This function will be called from the script. + window.report_result = resolve; + const script = document.createElement("script"); + script.src = "uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720"; + document.body.appendChild(script); + }); + assert_equals(result, "OK"); + }, "URL matching of script-src CSP should be done based on the bundle URL " + + "when the subresource URL is uuid-in-package: URL."); + + promise_test(async () => { + const frame_url = "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae"; + const iframe = document.createElement("iframe"); + iframe.src = frame_url; + const load_promise = new Promise((resolve) => { + iframe.addEventListener("load", resolve); + }); + document.body.appendChild(iframe); + await load_promise; + assert_equals(await evalInIframe(iframe, "location.href"), frame_url); + }, "URL matching of frame-src CSP should be done based on the bundle URL " + + "when the frame URL is uuid-in-package: URL."); + + async function evalInIframe(iframe, code) { + const message_promise = new Promise((resolve) => { + window.addEventListener( + "message", + (e) => { + resolve(e.data); + }, + { once: true } + ); + }); + iframe.contentWindow.postMessage(code, "*"); + return message_promise; + } + </script> +</body> |