diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/web-bundle/subresource-loading/csp-blockes-bundle.https.tentative.html | |
parent | Initial commit. (diff) | |
download | thunderbird-upstream.tar.xz thunderbird-upstream.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/web-bundle/subresource-loading/csp-blockes-bundle.https.tentative.html')
-rw-r--r-- | testing/web-platform/tests/web-bundle/subresource-loading/csp-blockes-bundle.https.tentative.html | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/testing/web-platform/tests/web-bundle/subresource-loading/csp-blockes-bundle.https.tentative.html b/testing/web-platform/tests/web-bundle/subresource-loading/csp-blockes-bundle.https.tentative.html new file mode 100644 index 0000000000..06cef8c118 --- /dev/null +++ b/testing/web-platform/tests/web-bundle/subresource-loading/csp-blockes-bundle.https.tentative.html @@ -0,0 +1,66 @@ +<!DOCTYPE html> +<title>CSP blocks WebBundle</title> +<link + rel="help" + href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md" +/> +<meta + http-equiv="Content-Security-Policy" + content=" + default-src + https://web-platform.test:8444/web-bundle/resources/wbn/relative-url-file.js + https://web-platform.test:8444/resources/testharness.js + https://web-platform.test:8444/resources/testharnessreport.js + https://web-platform.test:8444/web-bundle/resources/test-helpers.js + 'unsafe-inline'; + img-src + https://web-platform.test:8444/web-bundle/resources/wbn/pass.png;" +/> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../resources/test-helpers.js"></script> +<body> + <script> + // This bundle should be blocked because its URL is not listed in CSP directive. + const bundle_url = + "https://web-platform.test:8444/web-bundle/resources/wbn/relative-url.wbn"; + + const subresource_url = + "https://web-platform.test:8444/web-bundle/resources/wbn/relative-url-file.js"; + + promise_test(() => { + // if a WebBundle is blocked by CSP, + // - A request for the WebBundle should fail. + // - A subresource request associated with the bundle should fail. + // - A window.load should be fired. In other words, any request shouldn't remain + // pending forever. + + const window_load = new Promise((resolve) => { + window.addEventListener("load", () => { + resolve(); + }); + }); + + const script_webbundle = createWebBundleElement(bundle_url, [ + subresource_url, + ]); + const webbundle_error = new Promise((resolve) => { + script_webbundle.addEventListener("error", () => { + resolve(); + }); + }); + document.body.appendChild(script_webbundle); + + const script_js = document.createElement("script"); + script_js.src = subresource_url; + const script_js_error = new Promise((resolve) => { + script_js.addEventListener("error", () => { + resolve(); + }); + }); + document.body.appendChild(script_js); + + return Promise.all([window_load, webbundle_error, script_js_error]); + }, "WebBundle and subresource loadings should fail when CSP blocks a WebBundle"); + </script> +</body> |