CSP3: Implement 'worker-src'.

third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
index de8284a448854ce4752017c0c94d2a82dc07ae30..2fcde837e88b691ee4073c580e1ce9c8423735d5 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
@@ -391,4 +391,48 @@ TEST_F(CSPDirectiveListTest, allowRequestWithoutIntegrity) {
   }
 }
 
+TEST_F(CSPDirectiveListTest, workerSrc) {
+  struct TestCase {
+    const char* list;
+    bool allowed;
+  } cases[] = {
+      {"worker-src 'none'", false},
+      {"worker-src http://not.example.test", false},
+      {"worker-src https://example.test", true},
+      {"default-src *; worker-src 'none'", false},
+      {"default-src *; worker-src http://not.example.test", false},
+      {"default-src *; worker-src https://example.test", true},
+      {"child-src *; worker-src 'none'", false},
+      {"child-src *; worker-src http://not.example.test", false},
+      {"child-src *; worker-src https://example.test", true},
+      {"default-src *; child-src *; worker-src 'none'", false},
+      {"default-src *; child-src *; worker-src http://not.example.test", false},
+      {"default-src *; child-src *; worker-src https://example.test", true},
+
+      // Fallback to child-src.
+      {"child-src 'none'", false},
+      {"child-src http://not.example.test", false},
+      {"child-src https://example.test", true},
+      {"default-src *; child-src 'none'", false},
+      {"default-src *; child-src http://not.example.test", false},
+      {"default-src *; child-src https://example.test", true},
+
+      // Fallback to default-src.
+      {"default-src 'none'", false},
+      {"default-src http://not.example.test", false},
+      {"default-src https://example.test", true},
+  };
+
+  for (const auto& test : cases) {
+    SCOPED_TRACE(test.list);
+    KURL resource = KURL(KURL(), "https://example.test/worker.js");
+    Member<CSPDirectiveList> directiveList =
+        createList(test.list, ContentSecurityPolicyHeaderTypeEnforce);
+    EXPECT_EQ(test.allowed,
+              directiveList->allowWorkerFromSource(
+                  resource, ResourceRequest::RedirectStatus::NoRedirect,
+                  ContentSecurityPolicy::SuppressReport));
+  }
+}
+
 }  // namespace blink