test_bug1505412.html (1779B)
1 <!DOCTYPE HTML> 2 <html> 3 4 <head> 5 <title> Bug 1505412 CSP-RO reports violations in inline-scripts with nonce</title> 6 <script src="/tests/SimpleTest/SimpleTest.js" nonce="foobar"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 9 10 <body> 11 <p id="display"></p> 12 <div id="content" style="display: none"> 13 </div> 14 15 <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1505412">Test for 1505412 </a> 16 <script class="testbody" type="text/javascript" nonce="foobar"> 17 /* Description of the test: 18 1: We setup a Proxy that will cause the Test to Fail 19 if Firefox sends a CSP-Report to /report 20 2: We Load an iframe with has a Script pointing to 21 file_bug1505412.sjs 22 3: The Preloader will fetch the file and Gets redirected 23 4: If correct, the File should be loaded and no CSP-Report 24 should be send. 25 */ 26 27 28 29 SimpleTest.waitForExplicitFinish(); 30 SimpleTest.requestCompleteLog(); 31 SimpleTest.requestLongerTimeout(2); // Or might fail for Linux-Debug in some cases. 32 var script; 33 34 window.addEventListener("load",()=>{ 35 let t = document.querySelector("#target"); 36 t.src = "file_bug1505412_frame.html"; 37 t.addEventListener("load",async () => { 38 let reportCount = await fetch("file_bug1505412_reporter.sjs?state").then(r => r.text()); 39 info(reportCount); 40 ok(reportCount == 0 , "Script Loaded without CSP beeing triggered"); 41 await fetch("file_bug1505412_reporter.sjs?flush"); 42 SimpleTest.finish(); 43 }); 44 }) 45 46 </script> 47 <iframe id="target" frameborder="0"></iframe> 48 </body> 49 50 </html>