Skip to main content

Browse the archive

https://github.com/web-platform-tests/wpt
26 December 2018, 22:31:15 UTC
Raw File
Tip revision: 081d5deaff4a25ca5f8b6c0baa30e085de230c36 authored by Mike West on 13 September 2015, 08:25:34 UTC
CSP: Correct a cookie name.
Tip revision: 081d5de
shared-worker-connect-src-blocked.sub.html 
<!DOCTYPE html>
<html>

<head>
    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
    <title>shared-worker-connect-src-blocked</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src="../support/logTest.sub.js?logs=[]"></script>
    <script src='../support/alertAssert.sub.js?alerts=["xhr blocked","TEST COMPLETE"]'></script>
    <!-- enforcing policy:
connect-src *; script-src 'self' 'unsafe-inline';
-->

</head>

<body>
    <p>This test loads a shared worker, delivered with its own
    policy.  The worker should be blocked from making an XHR
    as that policy specifies a connect-src 'none', though
    this resource's policy is connect-src *.  No report
    should be sent since the worker's policy doesn't specify
    a report-uri.</p>
    <script>
        try {
            var worker = new SharedWorker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js');
            worker.port.onmessage = function(event) {
                alert_assert(event.data);
            };
        } catch (e) {
            alert_assert(e);
        }

    </script>
    <div id="log"></div>
    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
</body>

</html>
back to top