diff options
Diffstat (limited to '')
3 files changed, 67 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js new file mode 100644 index 0000000000..58bd02fd9e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js @@ -0,0 +1,57 @@ +importScripts("{{location[scheme]}}://{{host}}:{{location[port]}}/resources/testharness.js"); +importScripts("{{location[scheme]}}://{{host}}:{{location[port]}}/content-security-policy/support/testharness-helper.js"); + +var cspEventFiredInDocument = false; +// ServiceWorker and Worker +self.addEventListener("message", e => { + if (e.data == "SecurityPolicyViolation from Document") + cspEventFiredInDocument = true; +}); +// SharedWorker +self.addEventListener("connect", c => { + c.ports[0].addEventListener("message", m => { + if (m.data == "SecurityPolicyViolation from Document") + cspEventFiredInDocument = true; + }); +}); + +async_test(t => { + var url = "{{location[scheme]}}://{{host}}:{{location[port]}}/content-security-policy/support/resource.py"; + assert_no_csp_event_for_url(t, url); + + fetch(url) + .catch(t.unreached_func("Fetch should succeed.")) + .then(t.step_func_done(r => { + assert_equals(r.status, 200); + assert_false(cspEventFiredInDocument); + })); +}, "No SecurityPolicyViolation event fired for successful load."); + +async_test(t => { + var url = "{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/support/resource.py"; + waitUntilCSPEventForURL(t, url) + .then(t.step_func_done(e => { + assert_equals(e.blockedURI, url); + assert_false(cspEventFiredInDocument); + })); + + fetch(url) + .then(t.unreached_func("Fetch should not succeed.")) + .catch(t.step_func(e => assert_true(e instanceof TypeError))); +}, "SecurityPolicyViolation event fired on global."); + +async_test(t => { + var url = "{{location[scheme]}}://{{host}}:{{location[port]}}/common/redirect.py?location={{location[scheme]}}://{{domains[www]}}:{{location[port]}}/content-security-policy/support/ping.js"; + waitUntilCSPEventForURL(t, url) + .then(t.step_func_done(e => { + assert_equals(e.blockedURI, url); + assert_false(cspEventFiredInDocument); + })); + + fetch(url) + .then(t.unreached_func("Fetch should not succeed.")) + .catch(t.step_func(e => assert_true(e instanceof TypeError))); +}, "SecurityPolicyViolation event fired on global with the correct blockedURI."); + +// Worker tests need an explicit `done()`. +done(); diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js.headers b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js.headers new file mode 100644 index 0000000000..50ff4a5b94 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Content-Security-Policy: connect-src 'self' diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/testharness-helper.sub.js b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/testharness-helper.sub.js new file mode 100644 index 0000000000..816b88fc6e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/testharness-helper.sub.js @@ -0,0 +1,5 @@ +function generateCrossOriginRedirectImage() { + var target = "http://{{host}}:{{ports[https][0]}}/content-security-policy/support/pass.png"; + var url = "/common/redirect.py?location=" + encodeURIComponent(target); + return { url: url, target: target } +}
\ No newline at end of file |