diff options
Diffstat (limited to '')
| -rw-r--r-- | testing/web-platform/tests/mixed-content/csp.https.window.js | 41 | ||||
| -rw-r--r-- | testing/web-platform/tests/mixed-content/csp.https.window.js.headers | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/testing/web-platform/tests/mixed-content/csp.https.window.js b/testing/web-platform/tests/mixed-content/csp.https.window.js new file mode 100644 index 0000000000..5428fb4791 --- /dev/null +++ b/testing/web-platform/tests/mixed-content/csp.https.window.js @@ -0,0 +1,41 @@ +// META: script=/common/dispatcher/dispatcher.js +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js + +promise_test((t) => { + const url = `${get_host_info().HTTP_ORIGIN}/common/text-plain.txt`; + const promise = fetch(url, { mode: "no-cors" }); + return promise_rejects_js(t, TypeError, promise, "mixed content fetch"); +}, "Mixed content checks apply to fetches in sandboxed documents"); + +promise_test(async (t) => { + const uuid = token(); + const context = new RemoteContext(uuid); + + const iframe = document.body.appendChild(document.createElement("iframe")); + iframe.src = remoteExecutorUrl(uuid, { protocol: "http:" }); + + const result = await Promise.race([ + context.execute_script(() => "loaded"), + new Promise((resolve) => t.step_timeout(() => { + resolve("timed out"); + }, 1000 /* ms */)), + ]); + assert_equals(result, "timed out"); +}, "Mixed content checks apply to iframes in sandboxed documents"); + + +promise_test(async (t) => { + const uuid = token(); + + const popup = window.open(remoteExecutorUrl(uuid, { protocol: "http:" })); + + const context = new RemoteContext(uuid); + const result = await Promise.race([ + context.execute_script(() => "loaded"), + new Promise((resolve) => t.step_timeout(() => { + resolve("timed out"); + }, 1000 /* ms */)), + ]); + assert_equals(result, "timed out"); +}, "Mixed content checks apply to popups in sandboxed documents"); diff --git a/testing/web-platform/tests/mixed-content/csp.https.window.js.headers b/testing/web-platform/tests/mixed-content/csp.https.window.js.headers new file mode 100644 index 0000000000..6b6605899c --- /dev/null +++ b/testing/web-platform/tests/mixed-content/csp.https.window.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: sandbox allow-scripts allow-popups; |