OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <meta http-equiv="Content-Security-Policy" content="connect-src 'none'"/> | |
5 <script src="/resources/testharness.js"></script> | |
6 <script src="/resources/testharnessreport.js"></script> | |
7 </head> | |
8 <body> | |
9 <script> | |
10 // If the worker does not get served with a CSP header, than it should | |
11 // have no CSP, not the CSP of the responsible document. | |
12 | |
13 async_test(function () { | |
14 var worker = new Worker('http://127.0.0.1:8000/security/contentSecurityPol
icy/resources/worker.php?type=make-xhr'); | |
15 worker.onmessage = this.step_func(function (event) { | |
16 assert_equals("xhr allowed", event.data); | |
17 this.done(); | |
18 }); | |
19 }, "Worker should not inherit document's CSP"); | |
20 | |
21 async_test(function () { | |
22 var worker = new SharedWorker('http://127.0.0.1:8000/security/contentSecur
ityPolicy/resources/worker.php?type=shared-make-xhr'); | |
23 worker.port.onmessage = this.step_func(function (event) { | |
24 assert_equals("xhr allowed", event.data); | |
25 this.done(); | |
26 }); | |
27 worker.port.start(); | |
28 }, "Shared worker should not inherit document's CSP"); | |
29 </script> | |
30 </body> | |
31 </html> | |
OLD | NEW |