Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html |
index 6a37bc10bee4c8177205381bf6ebaaef37a1501d..7d58f5a7e8a51894964a69ac68262d601d2b5aaf 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html |
@@ -1,27 +1,55 @@ |
<!DOCTYPE html> |
-<html> |
-<head> |
-<meta http-equiv="Content-Security-Policy" content="connect-src http://localhost:8000"> |
+<meta http-equiv="Content-Security-Policy" content="connect-src 'self'"> |
+<script src="/resources/testharness.js"></script> |
+<script src="/resources/testharnessreport.js"></script> |
<script> |
-if (window.testRunner) |
- testRunner.dumpAsText(); |
-</script> |
-</head> |
-<body> |
-<pre id="console"></pre> |
-<script> |
-function log(msg) |
-{ |
- document.getElementById("console").appendChild(document.createTextNode(msg + "\n")); |
-} |
- |
-try { |
- var es = new EventSource("http://127.0.0.1:8000/eventsource/resources/simple-event-stream.asis"); |
- log("Fail"); |
-} catch(e) { |
- log("Pass"); |
-} |
+ async_test(t => { |
+ var eventsSeen = 0; |
+ |
+ var es = new EventSource("http://example.test:8000/eventsource/resources/simple-event-stream.asis"); |
+ es.onerror = t.step_func(e => { |
+ assert_equals(es.readyState, EventSource.CLOSED); |
+ |
+ eventsSeen++; |
+ if (eventsSeen == 2) |
+ t.done(); |
foolip
2016/10/27 13:59:50
With t.done() in two places, are there two valid w
Mike West
2016/10/27 14:18:24
I'll ping you about this.
|
+ }); |
+ |
+ document.addEventListener("securitypolicyviolation", t.step_func(e => { |
+ if (e.blockedURI != "http://example.test:8000/eventsource/resources/simple-event-stream.asis") |
+ return; |
+ |
+ assert_equals(es.readyState, EventSource.CLOSED); |
+ assert_equals(e.violatedDirective, "connect-src"); |
+ |
+ eventsSeen++; |
+ if (eventsSeen == 2) |
+ t.done(); |
+ })); |
+ }, "EventSource should fire onerror."); |
+ |
+ async_test(t => { |
+ var eventsSeen = 0; |
+ |
+ var es = new EventSource("/resources/redirect.php?code=307&cors_allow_origin=*&url=http://example.test:8080/eventsource/resources/simple-event-stream.asis"); |
+ es.onerror = t.step_func(e => { |
+ assert_equals(es.readyState, EventSource.CLOSED); |
+ |
+ eventsSeen++; |
+ if (eventsSeen == 2) |
+ t.done(); |
+ }); |
+ |
+ document.addEventListener("securitypolicyviolation", t.step_func(e => { |
+ if (e.blockedURI != "http://example.test:8080") |
+ return; |
+ |
+ assert_equals(es.readyState, EventSource.CLOSED); |
+ assert_equals(e.violatedDirective, "connect-src"); |
+ eventsSeen++; |
+ if (eventsSeen == 2) |
+ t.done(); |
+ })); |
+ }, "EventSource should fire onerror after a redirect."); |
</script> |
-</body> |
-</html> |