summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html
blob: c1954641b11bb55507fb379e08a1ce0dbd4f3732 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/content-security-policy/support/testharness-helper.js"></script>
<script src="/content-security-policy/support/prefetch-helper.js"></script>
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'unsafe-inline'; img-src http://{{domains[www2]}}:{{ports[http][0]}}"/>

<script>
  const { OTHER_ORIGIN, REMOTE_ORIGIN } = get_host_info();

  promise_test(async (t) => {
    const url = new URL("/common/dummy.xml", location.href);
    assert_true(await try_to_prefetch(url, t));
  }, "Prefetch should succeed when restricted by default-src but allowed by " +
     "other directive");

  promise_test(async (t) => {
    const url = new URL("/common/dummy.xml", REMOTE_ORIGIN);
    assert_false(await try_to_prefetch(url, t));
  }, "Prefetch should fail when restricted by default-src and different " +
     "origin allowed by other directive");

  promise_test(async (t) => {
    const url = new URL("/common/dummy.xml", OTHER_ORIGIN);
    assert_true(await try_to_prefetch(url, t));
  }, "Prefetch should succeed when restricted by default-src but origin " +
     "allowed by other directive");
</script>
</head>
<body></body>
</html>