connect-src-xmlhttprequest-blocked.sub.html (1237B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';"> 7 <title>connect-src-xmlhttprequest-blocked</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script> 11 <script src="../support/alertAssert.sub.js?alerts=[]"></script> 12 </head> 13 14 <body> 15 <script> 16 window.addEventListener('securitypolicyviolation', function(e) { 17 log("violated-directive=" + e.violatedDirective); 18 }); 19 20 try { 21 var xhr = new XMLHttpRequest; 22 xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", true); 23 xhr.send(); 24 xhr.onload = function() { 25 log("Fail"); 26 } 27 xhr.onerror = function() { 28 log("Pass"); 29 } 30 } catch (e) { 31 log("Pass"); 32 } 33 34 </script> 35 <div id="log"></div> 36 </body> 37 38 </html>