connect-src-websocket-self.sub.html (1380B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';"> 6 <title>connect-src-websocket-blocked</title> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script src='../support/logTest.sub.js?logs=["allowed", "allowed"]'></script> 10 <script src="../support/alertAssert.sub.js?alerts=[]"></script> 11 </head> 12 13 <body> 14 <script> 15 window.addEventListener('securitypolicyviolation', function(e) { 16 log("violated-directive=" + e.violatedDirective); 17 }); 18 19 try { 20 var ws = new WebSocket("ws://{{host}}:{{location[port]}}/echo"); 21 22 if (ws.readyState == WebSocket.CLOSING || ws.readyState == WebSocket.CLOSED) { 23 log("blocked"); 24 } else { 25 log("allowed"); 26 } 27 } catch (e) { 28 log("blocked"); 29 } 30 31 try { 32 var wss = new WebSocket("wss://{{host}}:{{location[port]}}/echo"); 33 34 if (wss.readyState == WebSocket.CLOSING || wss.readyState == WebSocket.CLOSED) { 35 log("blocked"); 36 } else { 37 log("allowed"); 38 } 39 } catch (e) { 40 log("blocked"); 41 } 42 43 </script> 44 <div id="log"></div> 45 </body> 46 47 </html>