CSP: Fire 'securitypolicyviolation' events in Workers.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-service-worker.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-service-worker.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-service-worker.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-service-worker.html
new file mode 100644
index 0000000000000000000000000000000000000000..fa0f59cb9f346f8d5d37bb84a7119e189cbb4372
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-service-worker.html
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<!--
+  Set a policy in the document to ensure that the block is triggering
+  in the worker and not in the document.
+-->
+<meta http-equiv="content-security-policy" content="connect-src http://127.0.0.1:8000">
+
+<script>
+  navigator.serviceWorker.register("./resources/inside-worker.php", { scope: "./resources/" })
+    .then(r => {
+      var sw = r.active || r.installing || r.waiting;
+      add_completion_callback(_ => r.unregister());
+            
+      // Forward 'securitypolicyviolation' events from the document into the
+      // worker (we shouldn't actually see any, so the worker will assert that
+      // none are fired.
+      document.addEventListener('securitypolicyviolation', _ => {
+        sw.postMessage("SecurityPolicyViolation from Document", "*");
+      });
+
+      fetch_tests_from_worker(sw);
+    });
+</script>
+