Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(247)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/connect-src-self.js

Issue 2540983003: CSP: Dedicated workers always inherit policy. (Closed)
Patch Set: Rebase. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/dedicated-inheritance.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/script-src-self.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 importScripts("http://127.0.0.1:8000/resources/testharness.js");
2 importScripts("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/te stharness-helper.js");
3
4 // Same-origin
5 async_test(t => {
6 var url = "http://127.0.0.1:8000/security/resources/cors-hello.php?same-origin -fetch";
7 assert_no_csp_event_for_url(t, url);
8
9 fetch(url)
10 .then(t.step_func_done(r => assert_equals(r.status, 200)));
11 }, "Same-origin 'fetch()' in " + self.location.protocol);
12
13 async_test(t => {
14 var url = "http://127.0.0.1:8000/security/resources/cors-hello.php?same-origin -xhr";
15 assert_no_csp_event_for_url(t, url);
16
17 var xhr = new XMLHttpRequest();
18 try {
19 xhr.open("GET", url);
20 t.done();
21 } catch (e) {
22 assert_unreached();
23 }
24 xhr.send();
25 }, "Same-origin XHR in " + self.location.protocol);
26
27 // Cross-origin
28 async_test(t => {
29 var url = "http://example.test:8000/security/resources/cors-hello.php?cross-or igin-fetch";
30
31 Promise.all([
32 waitUntilCSPEventForURL(t, url),
33 fetch(url)
34 .catch(t.step_func(e => assert_true(e instanceof TypeError)))
35 ]).then(_ => t.done());
36 }, "Cross-origin 'fetch()' in " + self.location.protocol);
37
38 async_test(t => {
39 var url = "http://example.test:8000/security/resources/cors-hello.php?cross-or igin-xhr";
40
41 Promise.all([
42 waitUntilCSPEventForURL(t, url),
43 new Promise((resolve, reject) => {
44 var xhr = new XMLHttpRequest();
45 try {
46 xhr.open("GET", url);
47 reject("xhr.open should have thrown");
48 } catch (e) {
49 resolve();
50 }
51 })
52 ]).then(_ => t.done());
53 }, "Cross-origin XHR in " + self.location.protocol);
54
55 // Same-origin redirecting to cross-origin
56 async_test(t => {
57 var url = "http://127.0.0.1:8000/security/resources/redir.php?url=http://examp le.test:8000/security/resources/cors-hello.php?cross-origin-fetch";
58 // TODO(mkwst): The event should be firing. :(
59
60 fetch(url)
61 .catch(t.step_func_done(e => assert_true(e instanceof TypeError)))
62 }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol);
63
64 done();
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/dedicated-inheritance.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/script-src-self.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698