third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html - Issue 2803943007: Un-skipped wpt csp child-src tests

Unified Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html

Issue 2803943007: Un-skipped wpt csp child-src tests (Closed)

Patch Set: Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-allowed.sub.html.sub.headers ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html.sub.headers » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html

diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html

index 8ed6b157a814e93047039e7689e84ec6081f510d..675cd95ea4f9fd375268ca614a85dd68740b2620 100644

--- a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html

+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html

@@ -5,31 +5,40 @@

<title>child-src-worker-blocked</title>

- <script src="../support/logTest.sub.js?logs=[]"></script>

- <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>

- <!-- enforcing policy:

-child-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';

--->

+ <meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'unsafe-inline'; connect-src 'self';">

</head>

<body>

+ <p> This test used to check the child-src csp controlling worker creation. This behaviour has been deprecated but it's still supported

+ until the transition is done. This still tests that behaviour but we need to go through extra hoops to make sure 'script-src'

+ does not affect the result in any way (for instance by allowing 'self').

+ </p>

+ async_test(function(t) {

+ document.addEventListener("securitypolicyviolation", t.step_func(function(e) {

+ if (e.blockedURI != "{{location[scheme]}}://{{location[host]}}/content-security-policy/support/post-message.js")

+ return;

+ assert_equals(e.violatedDirective, "worker-src");

+ t.done();

+ }));

+ }, "Should throw a securitypolicyviolation event");

+ async_test(function(t) {

try {

- var foo = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/post-message.js');

- foo.onerror = function(event) {

- event.preventDefault();

- alert_assert("PASS");

- }

- foo.onmessage = function(event) {

- alert_assert("FAIL");

- };

+ var foo = new Worker('{{location[scheme]}}://{{location[host]}}/content-security-policy/support/post-message.js');

+ foo.onerror = function(event) {

+ event.preventDefault();

+ t.done();

+ }

+ foo.onmessage = function(event) {

+ assert_unreached("Should not be able to start worker");

+ };

} catch (e) {

- alert_assert("PASS");

+ t.done();

}

+ }, "Should block worker because it does not match any directive including the deprecated 'child-src'");

</script>

- <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=child-src%20'none'"></script>

</body>

</html>