CSP: 'connect-src' should not cause exceptions.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html
index 57c6b084df9ba1dfae5a300b537e1f383ec8be8a..1afa679f2a960c821acd170add18a87100c4c46d 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html
@@ -1,28 +1,63 @@
 <!DOCTYPE html>
-<html>
-<head>
-<meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000">
+<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 <script>
-if (window.testRunner)
-    testRunner.dumpAsText();
-</script>
-</head>
-<body>
-<pre id="console"></pre>
-<script>
-function log(msg)
-{
-    document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
-}
-
-try {
-    var xhr = new XMLHttpRequest;
-    xhr.open("GET", "http://localhost:8000/xmlhttprequest/resources/get.txt", true); 
-    log("Fail");
-} catch(e) {
-    log("Pass");
-}
+    async_test(t => {
+      var eventsSeen = 0;
+
+      var xhr = new XMLHttpRequest;
+      xhr.open("GET", "http://example.test:8000/xmlhttprequest/resources/get.txt");
+      xhr.onload = t.unreached_func("Load should not fire.");
+      xhr.onerror = t.step_func(e => {
+        assert_equals(xhr.readyState, XMLHttpRequest.DONE);
+
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();
+      });
+
+      document.addEventListener("securitypolicyviolation", t.step_func(e => {
+        if (e.blockedURI != "http://example.test:8000/xmlhttprequest/resources/get.txt")
+            return;
+
+        assert_equals(xhr.readyState, XMLHttpRequest.DONE);
+        assert_equals(e.violatedDirective, "connect-src");
+
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();
+      }));
+
+      xhr.send();
+    }, "XHR should fire onerror.");
+
+    async_test(t => {
+      var eventsSeen = 0;
+
+      var xhr = new XMLHttpRequest;
+      xhr.open("GET", "/resources/redirect.php?code=307&cors_allow_origin=*&url=http://example.test:8080/xmlhttprequest/resources/get.txt");
+      xhr.onload = t.unreached_func("Load should not fire.");
+      xhr.onerror = t.step_func(e => {
+        assert_equals(xhr.readyState, XMLHttpRequest.DONE);
+
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();
+      });
+
+      document.addEventListener("securitypolicyviolation", t.step_func(e => {
+        if (e.blockedURI != "http://example.test:8080")
+            return;
+
+        assert_equals(xhr.readyState, XMLHttpRequest.DONE);
+        assert_equals(e.violatedDirective, "connect-src");
+
+        eventsSeen++;
+        if (eventsSeen == 2)
+            t.done();
+      }));
 
+      xhr.send();
+    }, "XHR should fire onerror after a redirect.");
 </script>
-</body>
-</html>