summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html31
-rw-r--r--testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.headers2
2 files changed, 33 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html
new file mode 100644
index 0000000000..c63206db46
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html
@@ -0,0 +1,31 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/testharness-helper.sub.js"></script>
+<body></body>
+<script>
+ function waitForViolation(el, t, policy, blockedURI) {
+ return new Promise(resolve => {
+ el.addEventListener('securitypolicyviolation', e => {
+ if (e.originalPolicy == policy && e.blockedURI == blockedURI)
+ resolve(e);
+ else
+ t.unreached_func("Unexpected violation event for " + e.blockedURI)();
+ });
+ });
+ }
+
+ async_test(t => {
+ var i = document.createElement("img");
+ var redirect = generateCrossOriginRedirectImage();
+ i.src = redirect.url;
+
+ // Report-only policy should trigger a violation on the redirected request.
+ waitForViolation(window, t, "img-src https:", new URL(redirect.url, window.location).href).then(t.step_func(e => {
+ t.done();
+ }));
+
+ document.body.appendChild(i);
+ }, "Image that redirects to http:// URL prohibited by Report-Only must generate a violation report, even with upgrade-insecure-requests");
+</script>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.headers b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.headers
new file mode 100644
index 0000000000..57207bbd23
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.headers
@@ -0,0 +1,2 @@
+Content-Security-Policy-Report-Only: img-src https:
+Content-Security-Policy: upgrade-insecure-requests
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 18:50:36 +0000