| OLD | NEW |
|---|
| 1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
| 2 <html> | 2 <meta http-equiv="Content-Security-Policy" content="connect-src 'self'"> |
| 3 <head> | 3 <script src="/resources/testharness.js"></script> |
| 4 <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1
:8000"> | 4 <script src="/resources/testharnessreport.js"></script> |
| 5 <script> | 5 <script> |
| 6 if (window.testRunner) | 6 async_test(t => { |
| 7 testRunner.dumpAsText(); | 7 var eventsSeen = 0; |
| 8 |
| 9 var xhr = new XMLHttpRequest; |
| 10 xhr.open("GET", "http://example.test:8000/xmlhttprequest/resources/get.txt
"); |
| 11 xhr.onload = t.unreached_func("Load should not fire."); |
| 12 xhr.onerror = t.step_func(e => { |
| 13 assert_equals(xhr.readyState, XMLHttpRequest.DONE); |
| 14 |
| 15 eventsSeen++; |
| 16 if (eventsSeen == 2) |
| 17 t.done(); |
| 18 }); |
| 19 |
| 20 document.addEventListener("securitypolicyviolation", t.step_func(e => { |
| 21 if (e.blockedURI != "http://example.test:8000/xmlhttprequest/resources/g
et.txt") |
| 22 return; |
| 23 |
| 24 assert_equals(xhr.readyState, XMLHttpRequest.DONE); |
| 25 assert_equals(e.violatedDirective, "connect-src"); |
| 26 |
| 27 eventsSeen++; |
| 28 if (eventsSeen == 2) |
| 29 t.done(); |
| 30 })); |
| 31 |
| 32 xhr.send(); |
| 33 }, "XHR should fire onerror."); |
| 34 |
| 35 async_test(t => { |
| 36 var eventsSeen = 0; |
| 37 |
| 38 var xhr = new XMLHttpRequest; |
| 39 xhr.open("GET", "/resources/redirect.php?code=307&cors_allow_origin=*&url=
http://example.test:8080/xmlhttprequest/resources/get.txt"); |
| 40 xhr.onload = t.unreached_func("Load should not fire."); |
| 41 xhr.onerror = t.step_func(e => { |
| 42 assert_equals(xhr.readyState, XMLHttpRequest.DONE); |
| 43 |
| 44 eventsSeen++; |
| 45 if (eventsSeen == 2) |
| 46 t.done(); |
| 47 }); |
| 48 |
| 49 document.addEventListener("securitypolicyviolation", t.step_func(e => { |
| 50 if (e.blockedURI != "http://example.test:8080") |
| 51 return; |
| 52 |
| 53 assert_equals(xhr.readyState, XMLHttpRequest.DONE); |
| 54 assert_equals(e.violatedDirective, "connect-src"); |
| 55 |
| 56 eventsSeen++; |
| 57 if (eventsSeen == 2) |
| 58 t.done(); |
| 59 })); |
| 60 |
| 61 xhr.send(); |
| 62 }, "XHR should fire onerror after a redirect."); |
| 8 </script> | 63 </script> |
| 9 </head> | |
| 10 <body> | |
| 11 <pre id="console"></pre> | |
| 12 <script> | |
| 13 function log(msg) | |
| 14 { | |
| 15 document.getElementById("console").appendChild(document.createTextNode(msg +
"\n")); | |
| 16 } | |
| 17 | |
| 18 try { | |
| 19 var xhr = new XMLHttpRequest; | |
| 20 xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/get.txt", tr
ue); | |
| 21 log("Fail"); | |
| 22 } catch(e) { | |
| 23 log("Pass"); | |
| 24 } | |
| 25 | |
| 26 </script> | |
| 27 </body> | |
| 28 </html> | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2456013002:
CSP: 'connect-src' should not cause exceptions. (Closed)
