diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/worker-src')
30 files changed, 298 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html new file mode 100644 index 0000000000..cff8f953af --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-child.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="child-src http://{{host}}:{{ports[http][0]}} blob:"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by host-source expression."); + + var b = new Blob(["postMessage('ping');"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html new file mode 100644 index 0000000000..25602573fb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-fallback.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:; child-src 'none'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by host-source expression."); + + var b = new Blob(["postMessage('ping');"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html new file mode 100644 index 0000000000..fc4f912324 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-list.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by host-source expression."); + + var b = new Blob(["postMessage('ping');"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html new file mode 100644 index 0000000000..62c550788a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-none.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src 'none'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_worker_is_blocked(url, "Same-origin dedicated worker blocked by host-source expression."); + + var b = new Blob(["postMessage('ping');"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_worker_is_blocked(url, "blob: dedicated worker blocked by 'blob:'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html new file mode 100644 index 0000000000..ba0cd1bb43 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-self.sub.html @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src 'self'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html new file mode 100644 index 0000000000..f9f68fe749 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for dedicated worker allowed by worker-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> + +<meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'self'; default-src 'none'; "> +<script src="../support/dedicated-worker-helper.js" blocked-worker id="foo" data-desc-fallback="Same-origin dedicated worker allowed by worker-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html new file mode 100644 index 0000000000..c16a9a543e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for dedicated worker allowed by child-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.--> +<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; "> +<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by child-src 'self'."></script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html new file mode 100644 index 0000000000..5bded3f59a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html @@ -0,0 +1,8 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for dedicated worker allowed by default-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="default-src 'self'"> +<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by default-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html new file mode 100644 index 0000000000..ca92207676 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html @@ -0,0 +1,8 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for dedicated worker allowed by script-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; "> +<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by script-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html new file mode 100644 index 0000000000..69e96473bc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for dedicated worker allowed by worker-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.--> +<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; "> +<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by worker-src 'self'."></script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html new file mode 100644 index 0000000000..3315a554b3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-child.https.sub.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="child-src https://{{host}}:{{ports[https][0]}}"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_service_worker_is_loaded(url, "Same-origin service worker allowed by host-source expression."); +</script> + diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html new file mode 100644 index 0000000000..314d8831d8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-fallback.https.sub.html @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src https://{{host}}:{{ports[https][0]}}; child-src 'none'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_service_worker_is_loaded(url, "Same-origin service worker allowed by host-source expression."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html new file mode 100644 index 0000000000..9e2cd903f2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-list.https.sub.html @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src https://{{host}}:{{ports[https][0]}}"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_service_worker_is_loaded(url, "Same-origin service worker allowed by host-source expression."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html new file mode 100644 index 0000000000..467a8ce2cf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-none.https.sub.html @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src 'none'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_service_worker_is_blocked(url, "Same-origin service worker blocked by 'none'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html new file mode 100644 index 0000000000..d725e73012 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-self.https.sub.html @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src 'self'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_service_worker_is_loaded(url, "Same-origin service worker allowed by 'self'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html new file mode 100644 index 0000000000..979abd580d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for service worker allowed by child-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> + +<meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'self'; default-src 'none'; "> +<script src="../support/service-worker-helper.js" blocked-worker id="foo" data-desc-fallback="Same-origin service worker allowed by child-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html new file mode 100644 index 0000000000..4d6f2f333a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for service worker allowed by child-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.--> +<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; "> +<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by child-src 'self'."></script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html new file mode 100644 index 0000000000..f9df743909 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html @@ -0,0 +1,8 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for service worker allowed by default-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="default-src 'self'"> +<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by default-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html new file mode 100644 index 0000000000..ce03f24f17 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html @@ -0,0 +1,8 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for service worker allowed by script-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; "> +<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by script-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html new file mode 100644 index 0000000000..575911207e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for service worker allowed by worker-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.--> +<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; "> +<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by worker-src 'self'."></script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html new file mode 100644 index 0000000000..93dd38b6f8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-child.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="child-src http://{{host}}:{{ports[http][0]}} blob:"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'."); + + var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_shared_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html new file mode 100644 index 0000000000..cfe9190a43 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-fallback.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:; child-src 'none'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'."); + + var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_shared_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html new file mode 100644 index 0000000000..6c985c76eb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-list.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src http://{{host}}:{{ports[http][0]}} blob:"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'."); + + var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_shared_worker_is_loaded(url, "blob: dedicated worker allowed by 'blob:'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html new file mode 100644 index 0000000000..b443f321d3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-none.sub.html @@ -0,0 +1,13 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src 'none'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_shared_worker_is_blocked(url, "Same-origin shared worker blocked by 'none'."); + + var b = new Blob(["onconnect = e => { e.ports[0].postMessage('ping'); }"], {type: "text/javascript"}); + var url = URL.createObjectURL(b); + assert_shared_worker_is_blocked(url, "blob: shared worker blocked by 'none'."); +</script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html new file mode 100644 index 0000000000..e6b368aab1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-self.sub.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="worker-src 'self'"> +<script> + var url = new URL("../support/ping.js", document.baseURI).toString(); + assert_shared_worker_is_loaded(url, "Same-origin dedicated worker allowed by 'self'."); +</script> + diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html new file mode 100644 index 0000000000..00dbdb4fc2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for shared worker allowed by child-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> + +<meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'self'; default-src 'none'; "> +<script src="../support/shared-worker-helper.js" blocked-worker id="foo" data-desc-fallback="Same-origin shared worker allowed by child-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html new file mode 100644 index 0000000000..1e6a1df54b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for shared worker allowed by child-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.--> +<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; "> +<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by child-src 'self'."></script> diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html new file mode 100644 index 0000000000..4a07db76aa --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html @@ -0,0 +1,8 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for shared worker allowed by default-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="default-src 'self'"> +<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by default-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html new file mode 100644 index 0000000000..0a854da3ad --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html @@ -0,0 +1,8 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for shared worker allowed by script-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; "> +<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by script-src 'self'."></script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html new file mode 100644 index 0000000000..dc8370bdbe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html @@ -0,0 +1,9 @@ +<!doctype html> +<meta charset=utf-8> +<title>Web platform test for shared worker allowed by worker-src self</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="../support/testharness-helper.js"></script> +<!-- Ideally we would use "script-src 'none'" alone but we have to allow the actual script that spawns the workers, hence the nonce.--> +<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; "> +<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by worker-src 'self'."></script> |