worker-from-guid.sub.html (2475B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline' blob:;"> 7 <title>worker-connect-src-blocked</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["violated-directive=connect-src","xhr blocked","TEST COMPLETE"]'></script> 11 <script src='../support/alertAssert.sub.js?alerts=[]'></script> 12 </head> 13 <p>This test loads a worker, from a guid. 14 The worker should be blocked from making an XHR 15 to www1 as this resource's policy is connect-src 'self 16 and a guid Worker should inherit is parent's policy. 17 A report should be sent to the report-uri specified 18 with this resource.</p> 19 <body> 20 <script> 21 try { 22 var blob = new Blob([ 23 "self.addEventListener('securitypolicyviolation', e => {" + 24 " postMessage('violated-directive=' + e.violatedDirective);" + 25 "});" + 26 "var xhr = new XMLHttpRequest;" + 27 "xhr.onerror = function () {" + 28 " postMessage('xhr blocked');" + 29 " postMessage('TEST COMPLETE');" + 30 "};" + 31 "xhr.onload = function () {" + 32 " if (xhr.responseText == 'FAIL') {" + 33 " postMessage('xhr allowed');" + 34 " } else {" + 35 " postMessage('xhr blocked');" + 36 " }" + 37 " postMessage('TEST COMPLETE');" + 38 "};" + 39 "try { " + 40 " xhr.open(" + 41 " 'GET'," + 42 " 'http:///content-security-policy/support/fail.asis'," + 43 " true" + 44 " );" + 45 " xhr.send();" + 46 "} catch (e) {" + 47 " postMessage('xhr blocked');" + 48 " postMessage('TEST COMPLETE');" + 49 "}"], 50 {type : 'application/javascript'}); 51 var url = URL.createObjectURL(blob); 52 var worker = new Worker(url); 53 worker.onmessage = function(event) { 54 log(event.data); 55 }; 56 } catch (e) { 57 log(e); 58 } 59 60 </script> 61 <div id="log"></div> 62 </body> 63 64 </html>