Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(586)

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html

Issue 2002003002: Generate CSP violation reports for 'block-all-mixed-content' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: PHP Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html b/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html
index fea9de0014f5468c9f2b079beae2688ef0f3dde4..76f5e8c4d9e78c12eaefc078766b78125c1e16ec 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html
@@ -1,15 +1,38 @@
<!doctype html>
-<html>
-<head>
- <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
- <script>
- if (window.testRunner) {
- testRunner.dumpAsText();
- }
- </script>
-</head>
+<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
<body>
- <p>This test passes if the image below is treated as blockable content.</p>
- <img src="http://127.0.0.1:8080/security/resources/compass.jpg">
-</body>
-</html>
+<script>
+ async_test(t => {
+ var i = document.createElement('img');
+ i.onload = t.assert_unreached;
+ i.onerror = t.step_func_done(_ => {
+ assert_equals(0, i.naturalWidth);
+ assert_equals(0, i.naturalHeight);
+ });
+ i.src = "http://127.0.0.1:8080/security/resources/compass.jpg?t=1";
+ }, "Mixed images are blocked in the presence of 'block-all-mixed-content'.");
+
+ async_test(t => {
+ var i = document.createElement('img');
+ i.onload = t.assert_unreached;
+ document.addEventListener('securitypolicyviolation', t.step_func_done(e => {
+ var expectations = {
+ 'documentURI': document.location.toString(),
+ 'referrer': document.referrer,
+ 'blockedURI': 'http://127.0.0.1:8080',
+ 'violatedDirective': 'block-all-mixed-content',
+ 'effectiveDirective': 'block-all-mixed-content',
+ 'originalPolicy': 'block-all-mixed-content',
+ 'sourceFile': '',
+ 'lineNumber': 0,
+ 'columnNumber': 0,
+ 'statusCode': 0
+ };
+ for (key in expectations)
+ assert_equals(expectations[key], e[key], key);
+ }));
+ i.src = "http://127.0.0.1:8080/security/resources/compass.jpg?t=2";
+ }, "Mixed images generate CSP violation reports in the presence of 'block-all-mixed-content'.");
+</script>
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698