CSP: Fire 'securitypolicyviolation' events in Workers.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-dedicated-worker.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-dedicated-worker.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-dedicated-worker.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-dedicated-worker.html
new file mode 100644
index 0000000000000000000000000000000000000000..a53b255f248da6515535455a59763c26e2330adf
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-dedicated-worker.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<!--
+  Set a policy in the document to ensure that the block is triggering
+  in the worker and not in the document.
+-->
+<meta http-equiv="content-security-policy" content="connect-src http://127.0.0.1:8000">
+
+<script>
+  var w = new Worker("./resources/inside-worker.php");
+
+  // Forward 'securitypolicyviolation' events from the document into the
+  // worker (we shouldn't actually see any, so the worker will assert that
+  // none are fired).
+  document.addEventListener('securitypolicyviolation', _ => {
+    w.postMessage("SecurityPolicyViolation from Document", "*");
+  });
+
+  fetch_tests_from_worker(w);
+</script>