test_service_worker.html (1801B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1208559 - ServiceWorker registration not governed by CSP</title> 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <iframe style="width:100%;" id="testframe"></iframe> 11 12 <script class="testbody" type="text/javascript"> 13 14 /* Description of the test: 15 * Spawning a worker from https://example.com but script-src is 'test1.example.com' 16 * CSP is not consulted 17 */ 18 SimpleTest.waitForExplicitFinish(); 19 20 var tests = [ 21 { 22 policy: "default-src 'self'; script-src 'unsafe-inline'; child-src test1.example.com;", 23 expected: "blocked" 24 }, 25 ]; 26 27 var counter = 0; 28 var curTest; 29 30 window.addEventListener("message", receiveMessage); 31 function receiveMessage(event) { 32 is(event.data.result, curTest.expected, "Should be (" + curTest.expected + ") in Test " + counter + "!"); 33 loadNextTest(); 34 } 35 36 onload = function() { 37 SpecialPowers.pushPrefEnv({"set": [ 38 ["dom.serviceWorkers.exemptFromPerDomainMax", true], 39 ["dom.serviceWorkers.enabled", true], 40 ["dom.serviceWorkers.testing.enabled", true], 41 ["privacy.partition.serviceWorkers", true], 42 ]}, loadNextTest); 43 } 44 45 function loadNextTest() { 46 if (counter == tests.length) { 47 SimpleTest.finish(); 48 return; 49 } 50 curTest = tests[counter++]; 51 var src = "https://example.com/tests/dom/security/test/csp/file_testserver.sjs"; 52 // append the file that should be served 53 src += "?file=" + escape("tests/dom/security/test/csp/file_service_worker.html"); 54 // append the CSP that should be used to serve the file 55 src += "&csp=" + escape(curTest.policy); 56 document.getElementById("testframe").src = src; 57 } 58 59 </script> 60 </body> 61 </html>