Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Unified Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html

Issue 2456013002: CSP: 'connect-src' should not cause exceptions. (Closed)
Patch Set: Ugh. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html
new file mode 100644
index 0000000000000000000000000000000000000000..0c518d6c73e366ee2c0bdc060d12ad265a55e74d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<meta http-equiv="Content-Security-Policy" content="connect-src 'self'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+ async_test(t => {
+ var errorEvent = false;
+ var cspEvent = false;
+
+ var es = new EventSource("http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt");
+ es.onerror = t.step_func(e => {
+ assert_equals(es.readyState, EventSource.CLOSED);
+
+ assert_false(errorEvent);
+ errorEvent = true;
+ if (cspEvent)
+ t.done();
+ });
+
+ document.addEventListener("securitypolicyviolation", t.step_func(e => {
+ if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt")
+ return;
+
+ assert_equals(es.readyState, EventSource.CLOSED);
+ assert_equals(e.violatedDirective, "connect-src");
+
+ assert_false(cspEvent);
+ cspEvent = true;
+ if (errorEvent)
+ t.done();
+ }));
+ }, "EventSource should fire onerror.");
+
+ async_test(t => {
+ var errorEvent = false;
+ var cspEvent = false;
+
+ var es = new EventSource("/common/redirect-opt-in.py?status=307&location=http://{{domains[www]}}:{{ports[http][0]}}/common/text-plain.txt");
+ es.onerror = t.step_func(e => {
+ assert_equals(es.readyState, EventSource.CLOSED);
+
+ assert_false(errorEvent);
+ errorEvent = true;
+ if (cspEvent)
+ t.done();
+ });
+
+ document.addEventListener("securitypolicyviolation", t.step_func(e => {
+ if (e.blockedURI != "http://{{domains[www]}}:{{ports[http][0]}}")
+ return;
+
+ assert_equals(es.readyState, EventSource.CLOSED);
+ assert_equals(e.violatedDirective, "connect-src");
+
+ assert_false(cspEvent);
+ cspEvent = true;
+ if (errorEvent)
+ t.done();
+ }));
+ }, "EventSource should fire onerror after a redirect.");
+</script>

Powered by Google App Engine
This is Rietveld 408576698