Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(111)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/connect-src-self.js

Issue 2540983003: CSP: Dedicated workers always inherit policy. (Closed)
Patch Set: Rebase. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/dedicated-inheritance.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/script-src-self.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/connect-src-self.js
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/connect-src-self.js b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/connect-src-self.js
new file mode 100644
index 0000000000000000000000000000000000000000..aaf3554804b031578a05739c6dac1ea092dd39ef
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/connect-src-self.js
@@ -0,0 +1,64 @@
+importScripts("http://127.0.0.1:8000/resources/testharness.js");
+importScripts("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/testharness-helper.js");
+
+// Same-origin
+async_test(t => {
+ var url = "http://127.0.0.1:8000/security/resources/cors-hello.php?same-origin-fetch";
+ assert_no_csp_event_for_url(t, url);
+
+ fetch(url)
+ .then(t.step_func_done(r => assert_equals(r.status, 200)));
+}, "Same-origin 'fetch()' in " + self.location.protocol);
+
+async_test(t => {
+ var url = "http://127.0.0.1:8000/security/resources/cors-hello.php?same-origin-xhr";
+ assert_no_csp_event_for_url(t, url);
+
+ var xhr = new XMLHttpRequest();
+ try {
+ xhr.open("GET", url);
+ t.done();
+ } catch (e) {
+ assert_unreached();
+ }
+ xhr.send();
+}, "Same-origin XHR in " + self.location.protocol);
+
+// Cross-origin
+async_test(t => {
+ var url = "http://example.test:8000/security/resources/cors-hello.php?cross-origin-fetch";
+
+ Promise.all([
+ waitUntilCSPEventForURL(t, url),
+ fetch(url)
+ .catch(t.step_func(e => assert_true(e instanceof TypeError)))
+ ]).then(_ => t.done());
+}, "Cross-origin 'fetch()' in " + self.location.protocol);
+
+async_test(t => {
+ var url = "http://example.test:8000/security/resources/cors-hello.php?cross-origin-xhr";
+
+ Promise.all([
+ waitUntilCSPEventForURL(t, url),
+ new Promise((resolve, reject) => {
+ var xhr = new XMLHttpRequest();
+ try {
+ xhr.open("GET", url);
+ reject("xhr.open should have thrown");
+ } catch (e) {
+ resolve();
+ }
+ })
+ ]).then(_ => t.done());
+}, "Cross-origin XHR in " + self.location.protocol);
+
+// Same-origin redirecting to cross-origin
+async_test(t => {
+ var url = "http://127.0.0.1:8000/security/resources/redir.php?url=http://example.test:8000/security/resources/cors-hello.php?cross-origin-fetch";
+ // TODO(mkwst): The event should be firing. :(
+
+ fetch(url)
+ .catch(t.step_func_done(e => assert_true(e instanceof TypeError)))
+}, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol);
+
+done();
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/dedicated-inheritance.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/workers/resources/script-src-self.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698