Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(73)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-csp-iframe.html

Issue 1454003003: [CSP] Don't check the path component of the URL when the response was fetched via ServiceWorker. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-csp-expected.txt ('k') | third_party/WebKit/Source/core/fetch/FetchContext.h » ('j') | third_party/WebKit/Source/core/loader/FrameFetchContext.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <script src="../../resources/get-host-info.js"></script>
2 <script src="test-helpers.js?pipe=sub"></script>
3 <script> 1 <script>
4 var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE';
5 var host_info = get_host_info();
6 var results = '';
7 var port = undefined;
8
9 var meta = document.createElement('meta'); 2 var meta = document.createElement('meta');
10 meta.setAttribute('http-equiv', 'Content-Security-Policy'); 3 meta.setAttribute('http-equiv', 'Content-Security-Policy');
11 meta.setAttribute('content', 'img-src ' + host_info['HTTP_ORIGIN'] + 4 meta.setAttribute('content', decodeURIComponent(location.search.substring(1)));
12 '; script-src \'unsafe-inline\'');
13 document.head.appendChild(meta); 5 document.head.appendChild(meta);
14 6
15 function test1() { 7 function load_image(url) {
16 var img = document.createElement('img'); 8 return new Promise(function(resolve, reject) {
17 document.body.appendChild(img); 9 var img = document.createElement('img');
18 img.onload = function() { 10 document.body.appendChild(img);
19 test2(); 11 img.onload = resolve;
20 }; 12 img.onerror = reject;
21 img.onerror = function() { 13 img.src = url;
22 results += 'FAIL(1)'; 14 });
23 test2();
24 };
25 img.src = host_info['HTTP_ORIGIN'] + image_path;
26 } 15 }
27
28 function test2() {
29 var img = document.createElement('img');
30 document.body.appendChild(img);
31 img.onload = function() {
32 results += 'FAIL(2)';
33 test3();
34 };
35 img.onerror = function() {
36 test3();
37 };
38 img.src = host_info['HTTP_REMOTE_ORIGIN'] + image_path;
39 }
40
41 function test3() {
42 var img = document.createElement('img');
43 document.body.appendChild(img);
44 img.onload = function() {
45 test4();
46 };
47 img.onerror = function() {
48 results += 'FAIL(3)';
49 test4();
50 };
51 img.src = './dummy?url=' +
52 encodeURIComponent(host_info['HTTP_ORIGIN'] + image_path);
53 }
54
55 function test4() {
56 var img = document.createElement('img');
57 document.body.appendChild(img);
58 img.onload = function() {
59 results += 'FAIL(4)';
60 finish();
61 };
62 img.onerror = function() {
63 finish();
64 };
65 img.src = './dummy?mode=no-cors&url=' +
66 encodeURIComponent(host_info['HTTP_REMOTE_ORIGIN'] + image_path);
67 }
68
69 function finish() {
70 results += 'finish';
71 port.postMessage({results: results});
72 }
73
74 window.addEventListener('message', function(evt) {
75 port = evt.ports[0];
76 test1();
77 }, false);
78 </script> 16 </script>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-csp-expected.txt ('k') | third_party/WebKit/Source/core/fetch/FetchContext.h » ('j') | third_party/WebKit/Source/core/loader/FrameFetchContext.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698