Chromium Code Reviews Chromium Code Reviews
Issue 714833002:
[ServiceWorker] CSP support for ServiceWorker environment. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| Index: LayoutTests/http/tests/serviceworker/resources/service-worker-csp-worker.php |
| diff --git a/LayoutTests/http/tests/serviceworker/resources/service-worker-csp-worker.php b/LayoutTests/http/tests/serviceworker/resources/service-worker-csp-worker.php |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..cbe282cec68c6fcf5a756d232a991be046f94e9d |
| --- /dev/null |
| +++ b/LayoutTests/http/tests/serviceworker/resources/service-worker-csp-worker.php |
| @@ -0,0 +1,98 @@ |
| +<?php |
| +header('Content-Type: application/javascript'); |
| +$directive = $_GET['directive']; |
| + |
| +if ($directive == 'default') { |
| + header('Content-Security-Policy: default-src \'self\''); |
| + |
| +?> |
| +importScripts('worker-testharness.js'); |
| +importScripts('test-helpers.js'); |
| + |
| +test(function() { |
| + var import_script_failed = false; |
| + try { |
| + importScripts('http://localhost:8000/serviceworker/resources/empty.js'); |
| + } catch(e) { |
| + import_script_failed = true; |
| + } |
| + assert_true(import_script_failed, |
| + 'Importing the other origins script should fail.'); |
| + }, 'importScripts test for default-src'); |
| + |
| +async_test(function(t) { |
| + fetch('http://localhost:8000/serviceworker/resources/fetch-access-control.php?ACAOrigin=*', |
| + {mode: 'cors'}) |
| + .then(function(response){ |
| + assert_unreached('fetch should fail.'); |
| + }, function(){ |
| + t.done(); |
| + }) |
| + .catch(unreached_rejection(t)); |
| + }, 'Fetch test for default-src'); |
| + |
| +<?php |
| + |
| +} if ($directive == 'script') { |
|
nhiroki
2014/11/12 07:43:14
Can you add a line break before 'if' OR replace 'i
horo
2014/11/12 08:25:41
Done.
|
| + header('Content-Security-Policy: script-src \'self\''); |
| + |
| +?> |
| +importScripts('worker-testharness.js'); |
| +importScripts('test-helpers.js'); |
| + |
| +test(function() { |
| + var import_script_failed = false; |
| + try { |
| + importScripts('http://localhost:8000/serviceworker/resources/empty.js'); |
| + } catch(e) { |
| + import_script_failed = true; |
| + } |
| + assert_true(import_script_failed, |
| + 'Importing the other origins script should fail.'); |
| + }, 'importScripts test for script-src'); |
| + |
| +async_test(function(t) { |
| + fetch('http://localhost:8000/serviceworker/resources/fetch-access-control.php?ACAOrigin=*', |
| + {mode: 'cors'}) |
| + .then(function(response){ |
| + t.done(); |
| + }, function(){ |
| + assert_unreached('fetch should not fail.'); |
| + }) |
| + .catch(unreached_rejection(t)); |
| + }, 'Fetch test for script-src'); |
| + |
| +<?php |
| + |
| +} if ($directive == 'connect') { |
|
nhiroki
2014/11/12 07:43:14
ditto.
horo
2014/11/12 08:25:41
Done.
|
| + header('Content-Security-Policy: connect-src \'self\''); |
| + |
| +?> |
| +importScripts('worker-testharness.js'); |
| +importScripts('test-helpers.js'); |
| + |
| +test(function() { |
| + var import_script_failed = false; |
| + try { |
| + importScripts('http://localhost:8000/serviceworker/resources/empty.js'); |
| + } catch(e) { |
| + import_script_failed = true; |
| + } |
| + assert_false(import_script_failed, |
| + 'Importing the other origins script should not fail.'); |
| + }, 'importScripts test for connect-src'); |
| + |
| +async_test(function(t) { |
| + fetch('http://localhost:8000/serviceworker/resources/fetch-access-control.php?ACAOrigin=*', |
| + {mode: 'cors'}) |
| + .then(function(response){ |
| + assert_unreached('fetch should fail.'); |
| + }, function(){ |
| + t.done(); |
| + }) |
| + .catch(unreached_rejection(t)); |
| + }, 'Fetch test for connect-src'); |
| + |
| +<?php |
| +} |
| +?> |
