OLD | NEW |
1 <!doctype html> | 1 <!doctype html> |
2 <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> | 2 <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> |
3 <script src="/resources/testharness.js"></script> | 3 <script src="/resources/testharness.js"></script> |
4 <script src="/resources/testharnessreport.js"></script> | 4 <script src="/resources/testharnessreport.js"></script> |
5 <body> | 5 <body> |
6 <script> | 6 <script> |
7 async_test(t => { | 7 function waitForEvent(t, el, name) { |
8 var i = document.createElement('img'); | 8 return new EventWatcher(t, el, [name]).wait_for(name); |
9 i.onload = t.assert_unreached; | 9 } |
10 i.onerror = t.step_func_done(_ => { | |
11 assert_equals(0, i.naturalWidth); | |
12 assert_equals(0, i.naturalHeight); | |
13 }); | |
14 i.src = "http://127.0.0.1:8080/security/resources/compass.jpg?t=1"; | |
15 }, "Mixed images are blocked in the presence of 'block-all-mixed-content'.")
; | |
16 | 10 |
17 async_test(t => { | 11 async_test(t => { |
18 var i = document.createElement('img'); | 12 var i = document.createElement('img'); |
19 i.onload = t.assert_unreached; | 13 i.onload = t.unreached_func(); |
20 document.addEventListener('securitypolicyviolation', t.step_func_done(e
=> { | 14 |
21 var expectations = { | 15 Promise.all([ |
22 'documentURI': document.location.toString(), | 16 waitForEvent(t, i, 'error').then(_ => { |
23 'referrer': document.referrer, | 17 assert_equals(0, i.naturalWidth); |
24 'blockedURI': 'http://127.0.0.1:8080', | 18 assert_equals(0, i.naturalHeight); |
25 'violatedDirective': 'block-all-mixed-content', | 19 }), |
26 'effectiveDirective': 'block-all-mixed-content', | 20 waitForEvent(t, document, 'securitypolicyviolation').then(e => { |
27 'originalPolicy': 'block-all-mixed-content', | 21 var expectations = { |
28 'sourceFile': '', | 22 'documentURI': document.location.toString(), |
29 'lineNumber': 0, | 23 'referrer': document.referrer, |
30 'columnNumber': 0, | 24 'blockedURI': 'http://127.0.0.1:8080/security/resources/comp
ass.jpg?t=1', |
31 'statusCode': 0 | 25 'violatedDirective': 'block-all-mixed-content', |
32 }; | 26 'effectiveDirective': 'block-all-mixed-content', |
33 for (key in expectations) | 27 'originalPolicy': 'block-all-mixed-content', |
34 assert_equals(expectations[key], e[key], key); | 28 'sourceFile': '', |
35 })); | 29 'lineNumber': 0, |
36 i.src = "http://127.0.0.1:8080/security/resources/compass.jpg?t=2"; | 30 'columnNumber': 0, |
37 }, "Mixed images generate CSP violation reports in the presence of 'block-al
l-mixed-content'."); | 31 'statusCode': 0 |
| 32 }; |
| 33 for (key in expectations) |
| 34 assert_equals(expectations[key], e[key], key); |
| 35 }) |
| 36 ]).then(t.step_func_done()); |
| 37 |
| 38 i.src = "http://127.0.0.1:8080/security/resources/compass.jpg?t=1"; |
| 39 }, "Mixed images are blocked and generate CSP violation reports in the prese
nce of 'block-all-mixed-content'."); |
38 </script> | 40 </script> |
OLD | NEW |