Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(216)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html

Issue 730203007: CSP: Permit exempting schemes only for certain policy areas. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial-expected.txt » ('j') | Source/platform/weborigin/SchemeRegistry.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html b/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html
new file mode 100644
index 0000000000000000000000000000000000000000..88bbebbe2ae158fafd1b8377b826315e39a501c8
--- /dev/null
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html
@@ -0,0 +1,85 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src https:; script-src 'unsafe-inline'">
+<script>
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ }
+
+ var testIndex = 1;
+ var testCount = 12;
+ function produceOutput(promise) {
+ var suffix = ' (' + testIndex++ + '/' + testCount + ')';
+ return promise.then(function() { console.log('PASS' + suffix); },
+ function() { console.log('FAIL' + suffix); });
+ }
+
+
+ function expectImageLoad(shouldLoad) {
+ return produceOutput(new Promise(function(resolve, reject) {
+ var img = document.createElement('img');
+ var pass = function() { resolve(); };
+ var fail = function() { reject(new Error()); };
+ img.onload = shouldLoad ? pass : fail;
+ img.onerror = shouldLoad ? fail : pass;
+ img.src = '../resources/abe.png';
+ }));
+ }
+
+ function expectStyleLoad(shouldLoad) {
+ // onerror doesn't seem to work on <link>.
+ // setTimeout is bad, so hopefully this isn't flaky.
+ return produceOutput(new Promise(function(resolve, reject) {
+ var link = document.createElement('link');
+ link.rel = 'stylesheet';
+ link.href = '../resources/cssStyle.css';
+ link.onload = function() { shouldLoad ? resolve() : reject(new Error()) };
+ document.head.appendChild(link);
+ setTimeout(function() {
Tom Sepez 2014/11/18 19:35:54 We may have to leave <link> uncovered rather than
jbroman 2014/11/18 20:02:04 A way to deflake this just occurred to me. It invo
+ (shouldLoad == !!link.sheet) ? resolve() : reject(new Error());
+ link.remove();
+ }, 100);
+ }));
+ }
+
+ window.onload = function() {
+ Promise.resolve()
+ .then(function() {
+ return expectImageLoad(false).then(function() { return expectStyleLoad(false); });
+ })
+ .then(function() {
+ internals.registerURLSchemeAsBypassingContentSecurityPolicy('http');
+ return expectImageLoad(true).then(function() { return expectStyleLoad(true); });
+ })
+ .then(function() {
+ internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
+ internals.registerURLSchemeAsBypassingContentSecurityPolicy('http', []);
+ return expectImageLoad(false).then(function() { return expectStyleLoad(false); });
+ })
+ .then(function() {
+ internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
+ internals.registerURLSchemeAsBypassingContentSecurityPolicy('http', ['img']);
+ return expectImageLoad(true).then(function() { return expectStyleLoad(false); });
+ })
+ .then(function() {
+ internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
+ internals.registerURLSchemeAsBypassingContentSecurityPolicy('http', ['style']);
+ return expectImageLoad(false).then(function() { return expectStyleLoad(true); });
+ })
+ .then(function() {
+ internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
+ return expectImageLoad(false).then(function() { return expectStyleLoad(false); });
+ })
+ .then(function() { if (window.testRunner) testRunner.notifyDone(); });
+ };
+</script>
+</head>
+<body>
+ <p>
+ This test ensures that registering a scheme as bypassing CSP actually bypasses CSP.
+ This test passes if only PASSes are generated.
+ </p>
+</body>
+</html>
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial-expected.txt » ('j') | Source/platform/weborigin/SchemeRegistry.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698