Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(537)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html

Issue 2456013002: CSP: 'connect-src' should not cause exceptions. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/eventsource/eventsource-constructor-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt » ('j') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
3 <head> 3 <script src="/resources/testharness.js"></script>
4 <meta http-equiv="Content-Security-Policy" content="connect-src http://localhost :8000"> 4 <script src="/resources/testharnessreport.js"></script>
5 <script> 5 <script>
6 if (window.testRunner) 6 async_test(t => {
7 testRunner.dumpAsText(); 7 navigator.sendBeacon("http://example.test:8000/security/contentSecurityPol icy/echo-report.php");
8
9 document.addEventListener("securitypolicyviolation", t.step_func_done(e => {
10 if (e.blockedURI != "http://example.test:8000/xmlhttprequest/resources/g et.txt")
11 return;
foolip 2016/10/27 13:59:50 This together with step_func_done might be wrong,
Mike West 2016/10/27 14:18:24 Yup. That was dumb.
12
13 assert_equals(xhr.readyState, XMLHttpRequest.DONE);
foolip 2016/10/27 13:59:50 There's no xhr around.
Mike West 2016/10/27 14:18:24 Indeed!
14 assert_equals(e.violatedDirective, "connect-src");
15 }));
16 }, "sendBeacon should not throw.");
17
18 async_test(t => {
foolip 2016/10/27 13:59:50 No t.done(), how does this test end?
19 navigator.sendBeacon("/resources/redirect.php?code=307&cors_allow_origin=* &url=http://example.test:8080/security/contentSecurityPolicy/echo-report.php");
20
21 document.addEventListener("securitypolicyviolation", t.step_func(e => {
22 if (e.blockedURI != "http://example.test:8080")
23 return;
24
25 assert_equals(xhr.readyState, XMLHttpRequest.DONE);
26 assert_equals(e.violatedDirective, "connect-src");
27 }));
28 }, "sendBeacon should not throw after a redirect.");
8 </script> 29 </script>
9 </head>
10 <body>
11 <pre id="console"></pre>
12 <script>
13 function log(msg)
14 {
15 document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
16 }
17
18 try {
19 var es = navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurit yPolicy/echo-report.php");
20 log("Fail");
21 } catch(e) {
22 log("Pass");
23 }
24 </script>
25 </body>
26 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/eventsource/eventsource-constructor-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt » ('j') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html » ('J')

Powered by Google App Engine
This is Rietveld 408576698