| Index: LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html
|
| diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html b/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..40ef00947f4731baa4752182feda8db9e5e5ce06
|
| --- /dev/null
|
| +++ b/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html
|
| @@ -0,0 +1,84 @@
|
| +<!DOCTYPE html>
|
| +<html>
|
| +<head>
|
| +<meta http-equiv="Content-Security-Policy" content="default-src https:; script-src 'unsafe-inline'">
|
| +<script>
|
| + if (window.testRunner) {
|
| + testRunner.waitUntilDone();
|
| + testRunner.dumpAsText();
|
| + }
|
| +
|
| + var testIndex = 1;
|
| + var testCount = 12;
|
| + function produceOutput(promise) {
|
| + var suffix = ' (' + testIndex++ + '/' + testCount + ')';
|
| + return promise.then(function() { console.log('PASS' + suffix); },
|
| + function() { console.log('FAIL' + suffix); });
|
| + }
|
| +
|
| +
|
| + function expectImageLoad(shouldLoad) {
|
| + return produceOutput(new Promise(function(resolve, reject) {
|
| + var img = document.createElement('img');
|
| + var pass = function() { resolve(); };
|
| + var fail = function() { reject(new Error()); };
|
| + img.onload = shouldLoad ? pass : fail;
|
| + img.onerror = shouldLoad ? fail : pass;
|
| + img.src = '../resources/abe.png';
|
| + }));
|
| + }
|
| +
|
| + function expectStyleLoad(shouldLoad) {
|
| + // onerror doesn't seem to work on <link>.
|
| + // Fortunately, srcdoc iframes are bound by containing CSP.
|
| + return produceOutput(new Promise(function(resolve, reject) {
|
| + var iframe = document.createElement('iframe');
|
| + iframe.onload = function() {
|
| + var didLoad = iframe.contentDocument.styleSheets.length > 0;
|
| + (shouldLoad == didLoad) ? resolve() : reject(new Error());
|
| + iframe.remove();
|
| + };
|
| + iframe.srcdoc = '<link rel="stylesheet" href="../resources/cssStyle.css">';
|
| + document.body.appendChild(iframe);
|
| + }));
|
| + }
|
| +
|
| + window.onload = function() {
|
| + Promise.resolve()
|
| + .then(function() {
|
| + return expectImageLoad(false).then(function() { return expectStyleLoad(false); });
|
| + })
|
| + .then(function() {
|
| + internals.registerURLSchemeAsBypassingContentSecurityPolicy('http');
|
| + return expectImageLoad(true).then(function() { return expectStyleLoad(true); });
|
| + })
|
| + .then(function() {
|
| + internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
|
| + internals.registerURLSchemeAsBypassingContentSecurityPolicy('http', []);
|
| + return expectImageLoad(false).then(function() { return expectStyleLoad(false); });
|
| + })
|
| + .then(function() {
|
| + internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
|
| + internals.registerURLSchemeAsBypassingContentSecurityPolicy('http', ['img']);
|
| + return expectImageLoad(true).then(function() { return expectStyleLoad(false); });
|
| + })
|
| + .then(function() {
|
| + internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
|
| + internals.registerURLSchemeAsBypassingContentSecurityPolicy('http', ['style']);
|
| + return expectImageLoad(false).then(function() { return expectStyleLoad(true); });
|
| + })
|
| + .then(function() {
|
| + internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
|
| + return expectImageLoad(false).then(function() { return expectStyleLoad(false); });
|
| + })
|
| + .then(function() { if (window.testRunner) testRunner.notifyDone(); });
|
| + };
|
| +</script>
|
| +</head>
|
| +<body>
|
| + <p>
|
| + This test ensures that registering a scheme as bypassing CSP actually bypasses CSP.
|
| + This test passes if only PASSes are generated.
|
| + </p>
|
| +</body>
|
| +</html>
|
|
|
Chromium Code Reviews
Issue 730203007:
CSP: Permit exempting schemes only for certain policy areas. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk