third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html - Issue 2456013002: CSP: 'connect-src' should not cause exceptions.

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html

Issue 2456013002: CSP: 'connect-src' should not cause exceptions. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/fast/eventsource/eventsource-constructor-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked-expected.txt » ('j') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html

index 06f218b3c6dc696d25de2b75f47696cc6e58a320..d0b2a3bbb38db1837df6db183387a1e64b01a86b 100644

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html

+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html

@@ -1,26 +1,29 @@

<!DOCTYPE html>

-<html>

-<head>

-<meta http-equiv="Content-Security-Policy" content="connect-src http://localhost:8000">

+<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">

+<script src="/resources/testharness.js"></script>

+<script src="/resources/testharnessreport.js"></script>

-if (window.testRunner)

- testRunner.dumpAsText();

-</script>

-</head>

-<body>

-<pre id="console"></pre>

-<script>

-function log(msg)

- document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));

+ async_test(t => {

+ navigator.sendBeacon("http://example.test:8000/security/contentSecurityPolicy/echo-report.php");

+ document.addEventListener("securitypolicyviolation", t.step_func_done(e => {

+ if (e.blockedURI != "http://example.test:8000/xmlhttprequest/resources/get.txt")

+ return;

foolip 2016/10/27 13:59:50 This together with step_func_done might be wrong,

Mike West 2016/10/27 14:18:24 Yup. That was dumb.

+ assert_equals(xhr.readyState, XMLHttpRequest.DONE);

foolip 2016/10/27 13:59:50 There's no xhr around.

Mike West 2016/10/27 14:18:24 Indeed!

+ assert_equals(e.violatedDirective, "connect-src");

+ }));

+ }, "sendBeacon should not throw.");

+ async_test(t => {

foolip 2016/10/27 13:59:50 No t.done(), how does this test end?

+ navigator.sendBeacon("/resources/redirect.php?code=307&cors_allow_origin=*&url=http://example.test:8080/security/contentSecurityPolicy/echo-report.php");

+ document.addEventListener("securitypolicyviolation", t.step_func(e => {

+ if (e.blockedURI != "http://example.test:8080")

+ return;

-try {

- var es = navigator.sendBeacon("http://127.0.0.1:8000/security/contentSecurityPolicy/echo-report.php");

- log("Fail");

-} catch(e) {

- log("Pass");

+ assert_equals(xhr.readyState, XMLHttpRequest.DONE);

+ assert_equals(e.violatedDirective, "connect-src");

+ }));

+ }, "sendBeacon should not throw after a redirect.");

</script>

-</body>

-</html>