Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(17)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php

Issue 2500383002: CSP: Fire 'securitypolicyviolation' events in Workers. (Closed)
Patch Set: Feedback. Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-shared-worker.html ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php
new file mode 100644
index 0000000000000000000000000000000000000000..42ee891f9c0f7f5b8cf06b9d2c30fe90af64cb46
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php
@@ -0,0 +1,48 @@
+<?php
+ header("Content-Type: application/javascript");
+ header("Content-Security-Policy: connect-src http://127.0.0.1:8000");
+?>
+importScripts("http://127.0.0.1:8000/resources/testharness.js");
+importScripts("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/testharness-helper.js");
+
+var cspEventFiredInDocument = false;
+// ServiceWorker and Worker
+self.addEventListener("message", e => {
+ if (e.data == "SecurityPolicyViolation from Document")
+ cspEventFiredInDocument = true;
+});
+// SharedWorker
+self.addEventListener("connect", c => {
+ c.ports[0].addEventListener("message", m => {
+ if (m.data == "SecurityPolicyViolation from Document")
+ cspEventFiredInDocument = true;
+ });
+});
+
+async_test(t => {
+ var url = "http://127.0.0.1:8000/security/resources/cors-hello.php";
+ assert_no_csp_event_for_url(t, url);
+
+ fetch(url)
+ .catch(t.unreached_func("Fetch should succeed."))
+ .then(t.step_func_done(r => {
+ assert_equals(r.status, 200);
+ assert_false(cspEventFiredInDocument);
+ }));
+}, "No SecurityPolicyViolation event fired for successful load.");
+
+async_test(t => {
+ var url = "http://1.example.test:8000/security/resources/cors-hello.php";
+ waitUntilCSPEventForURL(t, url)
+ .then(t.step_func_done(e => {
+ assert_equals(e.blockedURI, url);
+ assert_false(cspEventFiredInDocument);
+ }));
+
+ fetch(url)
+ .then(t.unreached_func("Fetch should not succeed."))
+ .catch(t.step_func(e => assert_true(e instanceof TypeError)));
+}, "SecurityPolicyViolation event fired on global.");
+
+// Worker tests need an explicit `done()`.
+done();
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-shared-worker.html ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698