tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

shared-worker-connect-src-blocked.sub.html (1617B)

      1 <!DOCTYPE html>
      2 <html>
      3 
      4 <head>
      5    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
      6    <meta http-equiv="Content-Security-Policy" content="connect-src *; script-src 'self' 'unsafe-inline';">
      7    <title>shared-worker-connect-src-blocked</title>
      8    <script src="/resources/testharness.js"></script>
      9    <script src="/resources/testharnessreport.js"></script>
     10    <script src='../support/logTest.sub.js?logs=["xhr blocked","TEST COMPLETE"]'></script>
     11    <script src='../support/alertAssert.sub.js?alerts=[]'></script>
     12 </head>
     13 
     14 <body>
     15    <p>This test loads a shared worker, delivered with its own
     16    policy.  The worker should be blocked from making an XHR
     17    as that policy specifies a connect-src 'none', though
     18    this resource's policy is connect-src *.  No report
     19    should be sent since the worker's policy doesn't specify
     20    a report-uri.</p>
     21    <script>
     22       window.addEventListener('securitypolicyviolation', function(e) {
     23            log("Fail");
     24       });
     25 
     26      if(typeof SharedWorker != 'function') {
     27          t_log.set_status(t_log.NOTRUN, "No SharedWorker, cannot run test.");
     28          t_log.phase = t_log.phases.HAS_RESULT;
     29          t_log.done();
     30      } else {
     31          try {
     32              var worker = new SharedWorker('/content-security-policy/connect-src/support/shared-worker-make-xhr-blocked.sub.js');
     33              worker.port.onmessage = function(event) {
     34                  log(event.data);
     35              };
     36          } catch (e) {
     37              log(e);
     38          }
     39      }
     40    </script>
     41    <div id="log"></div>
     42 </body>
     43 
     44 </html>