[ tor-browser ].git.dasho

connect-src-eventsource-blocked.sub.html (1514B)
      1 <!DOCTYPE html>
      2 <html>
      3 
      4 <head>
      5    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
      6    <meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
      7    <title>connect-src-eventsource-blocked</title>
      8    <script src="/resources/testharness.js"></script>
      9    <script src="/resources/testharnessreport.js"></script>
     10    <script src='../support/logTest.sub.js?logs=["blocked","violated-directive=connect-src"]'></script>
     11    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
     12 </head>
     13 
     14 <body>
     15    <script>
     16        window.addEventListener('securitypolicyviolation', function(e) {
     17            log("violated-directive=" + e.violatedDirective);
     18        });
     19 
     20        try {
     21            var es = new EventSource("http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
     22            // Firefox and Chrome don't throw an exception and takes some time to close async
     23            if (es.readyState == EventSource.CONNECTING) {
     24                setTimeout( function() {
     25                    es.readyState != EventSource.CLOSED ? log("allowed") : log("blocked");
     26                }, 1000);
     27            } else if (es.readyState == EventSource.CLOSED) {
     28                log("blocked");
     29            } else {
     30                log("allowed");
     31            }
     32        } catch (e) {
     33            log("blocked");
     34        }
     35    </script>
     36    <div id="log"></div>
     37 </body>
     38 
     39 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE