Source code

Revision control

Copy as Markdown

Other Tools

importScripts("{{location[scheme]}}://{{host}}:{{location[port]}}/resources/testharness.js");
importScripts("{{location[scheme]}}://{{host}}:{{location[port]}}/content-security-policy/support/testharness-helper.js");
var cspEventFiredInDocument = false;
// ServiceWorker and Worker
self.addEventListener("message", e => {
if (e.data == "SecurityPolicyViolation from Document")
cspEventFiredInDocument = true;
});
// SharedWorker
self.addEventListener("connect", c => {
c.ports[0].addEventListener("message", m => {
if (m.data == "SecurityPolicyViolation from Document")
cspEventFiredInDocument = true;
});
});
async_test(t => {
var url = "{{location[scheme]}}://{{host}}:{{location[port]}}/content-security-policy/support/resource.py";
assert_no_csp_event_for_url(t, url);
fetch(url)
.catch(t.unreached_func("Fetch should succeed."))
.then(t.step_func_done(r => {
assert_equals(r.status, 200);
assert_false(cspEventFiredInDocument);
}));
}, "No SecurityPolicyViolation event fired for successful load.");
async_test(t => {
var url = "{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/support/resource.py";
waitUntilCSPEventForURL(t, url)
.then(t.step_func_done(e => {
assert_equals(e.blockedURI, url);
assert_false(cspEventFiredInDocument);
}));
fetch(url)
.then(t.unreached_func("Fetch should not succeed."))
.catch(t.step_func(e => assert_true(e instanceof TypeError)));
}, "SecurityPolicyViolation event fired on global.");
async_test(t => {
var url = "{{location[scheme]}}://{{host}}:{{location[port]}}/common/redirect.py?location={{location[scheme]}}://{{domains[www]}}:{{location[port]}}/content-security-policy/support/ping.js";
waitUntilCSPEventForURL(t, url)
.then(t.step_func_done(e => {
assert_equals(e.blockedURI, url);
assert_false(cspEventFiredInDocument);
}));
fetch(url)
.then(t.unreached_func("Fetch should not succeed."))
.catch(t.step_func(e => assert_true(e instanceof TypeError)));
}, "SecurityPolicyViolation event fired on global with the correct blockedURI.");
// Worker tests need an explicit `done()`.
done();