Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp |
index b615e47c5ce1c0f3d12692150033209775e71386..b254f6f8bcd065522f161accce155a72182e4b6b 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp |
@@ -263,6 +263,37 @@ TEST_F(ContentSecurityPolicyTest, ObjectSrc) { |
ContentSecurityPolicy::SuppressReport)); |
} |
+TEST_F(ContentSecurityPolicyTest, ConnectSrc) { |
+ KURL url(KURL(), "https://example.test"); |
+ csp->bindToExecutionContext(document.get()); |
+ csp->didReceiveHeader("connect-src 'none';", |
+ ContentSecurityPolicyHeaderTypeEnforce, |
+ ContentSecurityPolicyHeaderSourceMeta); |
+ EXPECT_FALSE(csp->allowRequest(WebURLRequest::RequestContextSubresource, url, |
+ String(), IntegrityMetadataSet(), |
+ ParserInserted, |
+ ResourceRequest::RedirectStatus::NoRedirect, |
+ ContentSecurityPolicy::SuppressReport)); |
+ EXPECT_FALSE(csp->allowRequest(WebURLRequest::RequestContextXMLHttpRequest, |
+ url, String(), IntegrityMetadataSet(), |
+ ParserInserted, |
+ ResourceRequest::RedirectStatus::NoRedirect, |
+ ContentSecurityPolicy::SuppressReport)); |
+ EXPECT_FALSE(csp->allowRequest(WebURLRequest::RequestContextBeacon, url, |
+ String(), IntegrityMetadataSet(), |
+ ParserInserted, |
+ ResourceRequest::RedirectStatus::NoRedirect, |
+ ContentSecurityPolicy::SuppressReport)); |
+ EXPECT_FALSE(csp->allowRequest( |
+ WebURLRequest::RequestContextFetch, url, String(), IntegrityMetadataSet(), |
+ ParserInserted, ResourceRequest::RedirectStatus::NoRedirect, |
+ ContentSecurityPolicy::SuppressReport)); |
+ EXPECT_TRUE(csp->allowRequest(WebURLRequest::RequestContextPlugin, url, |
+ String(), IntegrityMetadataSet(), |
+ ParserInserted, |
+ ResourceRequest::RedirectStatus::NoRedirect, |
+ ContentSecurityPolicy::SuppressReport)); |
+} |
// Tests that requests for scripts and styles are blocked |
// if `require-sri-for` delivered in HTTP header requires integrity be present |
TEST_F(ContentSecurityPolicyTest, RequireSRIForInHeaderMissingIntegrity) { |