summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html')
-rw-r--r--testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html89
1 files changed, 89 insertions, 0 deletions
diff --git a/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html b/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html
new file mode 100644
index 0000000000..55498eaa4e
--- /dev/null
+++ b/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html
@@ -0,0 +1,89 @@
+<!DOCTYPE html>
+<title>CSP for subresource WebBundle (allowed cases)</title>
+<link
+ rel="help"
+ href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md"
+/>
+<meta
+ http-equiv="Content-Security-Policy"
+ content="
+ script-src
+ https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn
+ https://web-platform.test:8444/resources/testharness.js
+ https://web-platform.test:8444/resources/testharnessreport.js
+ 'unsafe-inline';
+ img-src
+ https://web-platform.test:8444/web-bundle/resources/wbn/pass.png;
+ frame-src
+ https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn"
+/>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+ <script type="webbundle">
+ {
+ "source": "../resources/wbn/subresource.wbn",
+ "resources": ["https://web-platform.test:8444/web-bundle/resources/wbn/pass.png"]
+ }
+ </script>
+ <script type="webbundle">
+ {
+ "source": "../resources/wbn/uuid-in-package.wbn",
+ "resources": ["uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720",
+ "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae"
+ ]
+ }
+ </script>
+ <script>
+ promise_test(() => {
+ return new Promise((resolve, reject) => {
+ const img = document.createElement("img");
+ img.src =
+ "https://web-platform.test:8444/web-bundle/resources/wbn/pass.png";
+ img.onload = resolve;
+ img.onerror = reject;
+ document.body.appendChild(img);
+ });
+ }, "URL matching of CSP should be done based on the subresource URL " +
+ "when the subresource URL is HTTPS URL.");
+
+ promise_test(async () => {
+ const result = await new Promise((resolve) => {
+ // This function will be called from the script.
+ window.report_result = resolve;
+ const script = document.createElement("script");
+ script.src = "uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720";
+ document.body.appendChild(script);
+ });
+ assert_equals(result, "OK");
+ }, "URL matching of script-src CSP should be done based on the bundle URL " +
+ "when the subresource URL is uuid-in-package: URL.");
+
+ promise_test(async () => {
+ const frame_url = "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae";
+ const iframe = document.createElement("iframe");
+ iframe.src = frame_url;
+ const load_promise = new Promise((resolve) => {
+ iframe.addEventListener("load", resolve);
+ });
+ document.body.appendChild(iframe);
+ await load_promise;
+ assert_equals(await evalInIframe(iframe, "location.href"), frame_url);
+ }, "URL matching of frame-src CSP should be done based on the bundle URL " +
+ "when the frame URL is uuid-in-package: URL.");
+
+ async function evalInIframe(iframe, code) {
+ const message_promise = new Promise((resolve) => {
+ window.addEventListener(
+ "message",
+ (e) => {
+ resolve(e.data);
+ },
+ { once: true }
+ );
+ });
+ iframe.contentWindow.postMessage(code, "*");
+ return message_promise;
+ }
+ </script>
+</body>