OLD | NEW |
1 <?php | 1 bodyDefault = ''' |
2 header('Content-Type: application/javascript'); | |
3 $directive = $_GET['directive']; | |
4 | |
5 if ($directive == 'default') { | |
6 header('Content-Security-Policy: default-src \'self\''); | |
7 | |
8 ?> | |
9 importScripts('worker-testharness.js'); | 2 importScripts('worker-testharness.js'); |
10 importScripts('test-helpers.js'); | 3 importScripts('test-helpers.sub.js'); |
11 importScripts('../../resources/get-host-info.js'); | 4 importScripts('../resources/get-host-info.sub.js'); |
12 | 5 |
13 var host_info = get_host_info(); | 6 var host_info = get_host_info(); |
14 | 7 |
15 test(function() { | 8 test(function() { |
16 var import_script_failed = false; | 9 var import_script_failed = false; |
17 try { | 10 try { |
18 importScripts(host_info.HTTP_REMOTE_ORIGIN + | 11 importScripts(host_info.HTTPS_REMOTE_ORIGIN + |
19 '/serviceworker/resources/empty.js'); | 12 base_path() + 'empty.js'); |
20 } catch(e) { | 13 } catch(e) { |
21 import_script_failed = true; | 14 import_script_failed = true; |
22 } | 15 } |
23 assert_true(import_script_failed, | 16 assert_true(import_script_failed, |
24 'Importing the other origins script should fail.'); | 17 'Importing the other origins script should fail.'); |
25 }, 'importScripts test for default-src'); | 18 }, 'importScripts test for default-src'); |
26 | 19 |
27 async_test(function(t) { | 20 async_test(function(t) { |
28 fetch(host_info.HTTP_REMOTE_ORIGIN + | 21 fetch(host_info.HTTPS_REMOTE_ORIGIN + |
29 '/serviceworker/resources/fetch-access-control.php?ACAOrigin=*', | 22 base_path() + 'fetch-access-control.py?ACAOrigin=*', |
30 {mode: 'cors'}) | 23 {mode: 'cors'}) |
31 .then(function(response){ | 24 .then(function(response){ |
32 assert_unreached('fetch should fail.'); | 25 assert_unreached('fetch should fail.'); |
33 }, function(){ | 26 }, function(){ |
34 t.done(); | 27 t.done(); |
35 }) | 28 }) |
36 .catch(unreached_rejection(t)); | 29 .catch(unreached_rejection(t)); |
37 }, 'Fetch test for default-src'); | 30 }, 'Fetch test for default-src'); |
38 | 31 |
39 async_test(function(t) { | 32 async_test(function(t) { |
40 var REDIRECT_URL = host_info.HTTP_ORIGIN + | 33 var REDIRECT_URL = host_info.HTTPS_ORIGIN + |
41 '/serviceworker/resources/redirect.php?Redirect='; | 34 base_path() + 'redirect.py?Redirect='; |
42 var OTHER_BASE_URL = host_info.HTTP_REMOTE_ORIGIN + | 35 var OTHER_BASE_URL = host_info.HTTPS_REMOTE_ORIGIN + |
43 '/serviceworker/resources/fetch-access-control.php?' | 36 base_path() + 'fetch-access-control.py?' |
44 fetch(REDIRECT_URL + encodeURIComponent(OTHER_BASE_URL + 'ACAOrigin=*'), | 37 fetch(REDIRECT_URL + encodeURIComponent(OTHER_BASE_URL + 'ACAOrigin=*'), |
45 {mode: 'cors'}) | 38 {mode: 'cors'}) |
46 .then(function(response){ | 39 .then(function(response){ |
47 assert_unreached('Redirected fetch should fail.'); | 40 assert_unreached('Redirected fetch should fail.'); |
48 }, function(){ | 41 }, function(){ |
49 t.done(); | 42 t.done(); |
50 }) | 43 }) |
51 .catch(unreached_rejection(t)); | 44 .catch(unreached_rejection(t)); |
52 }, 'Redirected fetch test for default-src'); | 45 }, 'Redirected fetch test for default-src');''' |
53 | 46 |
54 <?php | 47 bodyScript = ''' |
55 | |
56 } else if ($directive == 'script') { | |
57 header('Content-Security-Policy: script-src \'self\''); | |
58 | |
59 ?> | |
60 importScripts('worker-testharness.js'); | 48 importScripts('worker-testharness.js'); |
61 importScripts('test-helpers.js'); | 49 importScripts('test-helpers.sub.js'); |
62 importScripts('../../resources/get-host-info.js'); | 50 importScripts('../resources/get-host-info.sub.js'); |
63 | 51 |
64 var host_info = get_host_info(); | 52 var host_info = get_host_info(); |
65 | 53 |
66 test(function() { | 54 test(function() { |
67 var import_script_failed = false; | 55 var import_script_failed = false; |
68 try { | 56 try { |
69 importScripts(host_info.HTTP_REMOTE_ORIGIN + | 57 importScripts(host_info.HTTPS_REMOTE_ORIGIN + |
70 '/serviceworker/resources/empty.js'); | 58 base_path() + 'empty.js'); |
71 } catch(e) { | 59 } catch(e) { |
72 import_script_failed = true; | 60 import_script_failed = true; |
73 } | 61 } |
74 assert_true(import_script_failed, | 62 assert_true(import_script_failed, |
75 'Importing the other origins script should fail.'); | 63 'Importing the other origins script should fail.'); |
76 }, 'importScripts test for script-src'); | 64 }, 'importScripts test for script-src'); |
77 | 65 |
78 async_test(function(t) { | 66 async_test(function(t) { |
79 fetch(host_info.HTTP_REMOTE_ORIGIN + | 67 fetch(host_info.HTTPS_REMOTE_ORIGIN + |
80 '/serviceworker/resources/fetch-access-control.php?ACAOrigin=*', | 68 base_path() + 'fetch-access-control.py?ACAOrigin=*', |
81 {mode: 'cors'}) | 69 {mode: 'cors'}) |
82 .then(function(response){ | 70 .then(function(response){ |
83 t.done(); | 71 t.done(); |
84 }, function(){ | 72 }, function(){ |
85 assert_unreached('fetch should not fail.'); | 73 assert_unreached('fetch should not fail.'); |
86 }) | 74 }) |
87 .catch(unreached_rejection(t)); | 75 .catch(unreached_rejection(t)); |
88 }, 'Fetch test for script-src'); | 76 }, 'Fetch test for script-src'); |
89 | 77 |
90 async_test(function(t) { | 78 async_test(function(t) { |
91 var REDIRECT_URL = host_info.HTTP_ORIGIN + | 79 var REDIRECT_URL = host_info.HTTPS_ORIGIN + |
92 '/serviceworker/resources/redirect.php?Redirect='; | 80 base_path() + 'redirect.py?Redirect='; |
93 var OTHER_BASE_URL = host_info.HTTP_REMOTE_ORIGIN + | 81 var OTHER_BASE_URL = host_info.HTTPS_REMOTE_ORIGIN + |
94 '/serviceworker/resources/fetch-access-control.php?' | 82 base_path() + 'fetch-access-control.py?' |
95 fetch(REDIRECT_URL + encodeURIComponent(OTHER_BASE_URL + 'ACAOrigin=*'), | 83 fetch(REDIRECT_URL + encodeURIComponent(OTHER_BASE_URL + 'ACAOrigin=*'), |
96 {mode: 'cors'}) | 84 {mode: 'cors'}) |
97 .then(function(response){ | 85 .then(function(response){ |
98 t.done(); | 86 t.done(); |
99 }, function(){ | 87 }, function(){ |
100 assert_unreached('Redirected fetch should not fail.'); | 88 assert_unreached('Redirected fetch should not fail.'); |
101 }) | 89 }) |
102 .catch(unreached_rejection(t)); | 90 .catch(unreached_rejection(t)); |
103 }, 'Redirected fetch test for script-src'); | 91 }, 'Redirected fetch test for script-src');''' |
104 | 92 |
105 <?php | 93 bodyConnect = ''' |
106 | |
107 } else if ($directive == 'connect') { | |
108 header('Content-Security-Policy: connect-src \'self\''); | |
109 | |
110 ?> | |
111 importScripts('worker-testharness.js'); | 94 importScripts('worker-testharness.js'); |
112 importScripts('test-helpers.js'); | 95 importScripts('test-helpers.sub.js'); |
113 importScripts('../../resources/get-host-info.js'); | 96 importScripts('../resources/get-host-info.sub.js'); |
114 | 97 |
115 var host_info = get_host_info(); | 98 var host_info = get_host_info(); |
116 | 99 |
117 test(function() { | 100 test(function() { |
118 var import_script_failed = false; | 101 var import_script_failed = false; |
119 try { | 102 try { |
120 importScripts(host_info.HTTP_REMOTE_ORIGIN + | 103 importScripts(host_info.HTTPS_REMOTE_ORIGIN + |
121 '/serviceworker/resources/empty.js'); | 104 base_path() + 'empty.js'); |
122 } catch(e) { | 105 } catch(e) { |
123 import_script_failed = true; | 106 import_script_failed = true; |
124 } | 107 } |
125 assert_false(import_script_failed, | 108 assert_false(import_script_failed, |
126 'Importing the other origins script should not fail.'); | 109 'Importing the other origins script should not fail.'); |
127 }, 'importScripts test for connect-src'); | 110 }, 'importScripts test for connect-src'); |
128 | 111 |
129 async_test(function(t) { | 112 async_test(function(t) { |
130 fetch(host_info.HTTP_REMOTE_ORIGIN + | 113 fetch(host_info.HTTPS_REMOTE_ORIGIN + |
131 '/serviceworker/resources/fetch-access-control.php?ACAOrigin=*', | 114 base_path() + 'fetch-access-control.py?ACAOrigin=*', |
132 {mode: 'cors'}) | 115 {mode: 'cors'}) |
133 .then(function(response){ | 116 .then(function(response){ |
134 assert_unreached('fetch should fail.'); | 117 assert_unreached('fetch should fail.'); |
135 }, function(){ | 118 }, function(){ |
136 t.done(); | 119 t.done(); |
137 }) | 120 }) |
138 .catch(unreached_rejection(t)); | 121 .catch(unreached_rejection(t)); |
139 }, 'Fetch test for connect-src'); | 122 }, 'Fetch test for connect-src'); |
140 | 123 |
141 async_test(function(t) { | 124 async_test(function(t) { |
142 var REDIRECT_URL = host_info.HTTP_ORIGIN + | 125 var REDIRECT_URL = host_info.HTTPS_ORIGIN + |
143 '/serviceworker/resources/redirect.php?Redirect='; | 126 base_path() + 'redirect.py?Redirect='; |
144 var OTHER_BASE_URL = host_info.HTTP_REMOTE_ORIGIN + | 127 var OTHER_BASE_URL = host_info.HTTPS_REMOTE_ORIGIN + |
145 '/serviceworker/resources/fetch-access-control.php?' | 128 base_path() + 'fetch-access-control.py?' |
146 fetch(REDIRECT_URL + encodeURIComponent(OTHER_BASE_URL + 'ACAOrigin=*'), | 129 fetch(REDIRECT_URL + encodeURIComponent(OTHER_BASE_URL + 'ACAOrigin=*'), |
147 {mode: 'cors'}) | 130 {mode: 'cors'}) |
148 .then(function(response){ | 131 .then(function(response){ |
149 assert_unreached('Redirected fetch should fail.'); | 132 assert_unreached('Redirected fetch should fail.'); |
150 }, function(){ | 133 }, function(){ |
151 t.done(); | 134 t.done(); |
152 }) | 135 }) |
153 .catch(unreached_rejection(t)); | 136 .catch(unreached_rejection(t)); |
154 }, 'Redirected fetch test for connect-src'); | 137 }, 'Redirected fetch test for connect-src');''' |
155 | 138 |
156 <?php | 139 def main(request, response): |
157 } | 140 headers = [] |
158 ?> | 141 headers.append(('Content-Type', 'application/javascript')) |
| 142 directive = request.GET['directive'] |
| 143 body = 'ERROR: Unknown directive' |
| 144 if directive == 'default': |
| 145 headers.append(('Content-Security-Policy', "default-src 'self'")) |
| 146 body = bodyDefault |
| 147 elif directive == 'script': |
| 148 headers.append(('Content-Security-Policy', "script-src 'self'")) |
| 149 body = bodyScript |
| 150 elif directive == 'connect': |
| 151 headers.append(('Content-Security-Policy', "connect-src 'self'")) |
| 152 body = bodyConnect |
| 153 return headers, body |
OLD | NEW |