Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 89 insertions, 0 deletions

diff --git a/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html b/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html
new file mode 100644
index 0000000000..55498eaa4e
--- /dev/null
+++ b/testing/web-platform/tests/web-bundle/subresource-loading/csp-allowed.https.tentative.html
@@ -0,0 +1,89 @@
+<!DOCTYPE html>
+<title>CSP for subresource WebBundle (allowed cases)</title>
+<link
+  rel="help"
+  href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md"
+/>
+<meta
+  http-equiv="Content-Security-Policy"
+  content="
+    script-src
+      https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn
+      https://web-platform.test:8444/resources/testharness.js
+      https://web-platform.test:8444/resources/testharnessreport.js
+      'unsafe-inline';
+    img-src
+      https://web-platform.test:8444/web-bundle/resources/wbn/pass.png;
+    frame-src
+      https://web-platform.test:8444/web-bundle/resources/wbn/uuid-in-package.wbn"
+/>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+  <script type="webbundle">
+    {
+      "source": "../resources/wbn/subresource.wbn",
+      "resources": ["https://web-platform.test:8444/web-bundle/resources/wbn/pass.png"]
+    }
+  </script>
+  <script type="webbundle">
+    {
+      "source": "../resources/wbn/uuid-in-package.wbn",
+      "resources": ["uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720",
+                    "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae"
+      ]
+    }
+  </script>
+  <script>
+    promise_test(() => {
+      return new Promise((resolve, reject) => {
+        const img = document.createElement("img");
+        img.src =
+          "https://web-platform.test:8444/web-bundle/resources/wbn/pass.png";
+        img.onload = resolve;
+        img.onerror = reject;
+        document.body.appendChild(img);
+      });
+    }, "URL matching of CSP should be done based on the subresource URL " +
+       "when the subresource URL is HTTPS URL.");
+
+    promise_test(async () => {
+      const result = await new Promise((resolve) => {
+        // This function will be called from the script.
+        window.report_result = resolve;
+        const script = document.createElement("script");
+        script.src = "uuid-in-package:020111b3-437a-4c5c-ae07-adb6bbffb720";
+        document.body.appendChild(script);
+      });
+      assert_equals(result, "OK");
+    }, "URL matching of script-src CSP should be done based on the bundle URL " +
+       "when the subresource URL is uuid-in-package: URL.");
+
+    promise_test(async () => {
+      const frame_url = "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae";
+      const iframe = document.createElement("iframe");
+      iframe.src = frame_url;
+      const load_promise = new Promise((resolve) => {
+        iframe.addEventListener("load", resolve);
+      });
+      document.body.appendChild(iframe);
+      await load_promise;
+      assert_equals(await evalInIframe(iframe, "location.href"), frame_url);
+    }, "URL matching of frame-src CSP should be done based on the bundle URL " +
+       "when the frame URL is uuid-in-package: URL.");
+
+    async function evalInIframe(iframe, code) {
+      const message_promise = new Promise((resolve) => {
+        window.addEventListener(
+          "message",
+          (e) => {
+            resolve(e.data);
+          },
+          { once: true }
+        );
+      });
+      iframe.contentWindow.postMessage(code, "*");
+      return message_promise;
+    }
+  </script>
+</body>