connect-src-eventsource-allowed.sub.html (1232B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';"> 7 <title>connect-src-eventsource-allowed</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["allowed"]'></script> 11 <script src="../support/alertAssert.sub.js?alerts=[]"></script> 12 </head> 13 14 <body> 15 <script> 16 window.addEventListener('securitypolicyviolation', function(e) { 17 log("blocked"); 18 }); 19 20 try { 21 var es = new EventSource("http://{{host}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream"); 22 // Firefox and Chrome don't throw an exception. 23 es.onopen = function () { 24 log("allowed"); 25 }; 26 es.onerror = function () { 27 log("blocked"); 28 }; 29 } catch (e) { 30 log("blocked"); 31 } 32 </script> 33 <div id="log"></div> 34 </body> 35 36 </html>