CSP: 'connect-src' should not cause exceptions.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html
index 6a37bc10bee4c8177205381bf6ebaaef37a1501d..7d58f5a7e8a51894964a69ac68262d601d2b5aaf 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html
@@ -1,27 +1,55 @@
 <!DOCTYPE html>
-<html>
-<head>
-<meta http-equiv="Content-Security-Policy" content="connect-src http://localhost:8000">
+<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 <script>
-if (window.testRunner)
-    testRunner.dumpAsText();
-</script>
-</head>
-<body>
-<pre id="console"></pre>
-<script>
-function log(msg)
-{
-    document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
-}
-
-try {
-    var es = new EventSource("http://127.0.0.1:8000/eventsource/resources/simple-event-stream.asis");
-    log("Fail");
-} catch(e) {
-    log("Pass");
-}
+    async_test(t => {
+      var eventsSeen = 0;
+
+      var es = new EventSource("http://example.test:8000/eventsource/resources/simple-event-stream.asis");
+      es.onerror = t.step_func(e => {
+        assert_equals(es.readyState, EventSource.CLOSED);
+
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();

[foolip, 2016/10/27 13:59:50]

With t.done() in two places, are there two valid ways for the test to pass?
Seems like two errors events would do it, but that seems wrong. Maybe
promise_test with Promise.all([foo, bar]) if you want to wait for two things to
happen.

Or, if the order of events is well defined, just listen for one and then add the
second event listener.

[Mike West, 2016/10/27 14:18:24]

I'll ping you about this.
It isn't. At least, I don't think it's important that every browser fires one
and then the other.

+      });
+
+      document.addEventListener("securitypolicyviolation", t.step_func(e => {
+        if (e.blockedURI != "http://example.test:8000/eventsource/resources/simple-event-stream.asis")
+            return;
+
+        assert_equals(es.readyState, EventSource.CLOSED);
+        assert_equals(e.violatedDirective, "connect-src");
+
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();
+      }));
+    }, "EventSource should fire onerror.");
+
+    async_test(t => {
+      var eventsSeen = 0;
+
+      var es = new EventSource("/resources/redirect.php?code=307&cors_allow_origin=*&url=http://example.test:8080/eventsource/resources/simple-event-stream.asis");
+      es.onerror = t.step_func(e => {
+        assert_equals(es.readyState, EventSource.CLOSED);
+
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();
+      });
+
+      document.addEventListener("securitypolicyviolation", t.step_func(e => {
+        if (e.blockedURI != "http://example.test:8080")
+            return;
+
+        assert_equals(es.readyState, EventSource.CLOSED);
+        assert_equals(e.violatedDirective, "connect-src");
 
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();
+      }));
+    }, "EventSource should fire onerror after a redirect.");
 </script>
-</body>
-</html>