diff options
Diffstat (limited to '')
2 files changed, 23 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html new file mode 100644 index 0000000000..784cdc8875 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html @@ -0,0 +1,22 @@ +<!DOCTYPE HTML> +<html> +<head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <!-- This tests that a report only policy is not treated as enforcing when + inherited by a worker. This manifests in particular for `unsafe-eval` + in this bug crbug.com/777076 --> + <script nonce="abc"> + var t1 = async_test("Check that inline is allowed since the inherited policy is report only"); + var t2 = async_test("Check that eval is allowed since the inherited policy is report only"); + + var w = new Worker("support/eval.js"); + w.onmessage = function(e) { + if (e.data == "unsafe-inline allowed") t1.done(); + else if (e.data == "unsafe-eval allowed") t2.done(); + } + </script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers new file mode 100644 index 0000000000..877e192bbf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy-Report-Only: script-src 'self' 'nonce-abc'; |