serviceworker-script-src.https.sub.html (1352B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <!-- Test the 'script-src' directive on service workers --> 5 <meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-a' blob: filesystem:"> 6 <script nonce="a"> 7 [ // Service worker do not inherit CSP. 8 "./support/script-src-allow.sub.js", 9 10 // Service workers honor CSP received in their response headers. 11 "./support/script-src-self.sub.js?id={{$id1:uuid()}}" + 12 "&test-name=script-src 'self'" + 13 "&pipe=sub|header(Content-Security-Policy," + 14 "script-src 'self' ; report-uri " + 15 "/reporting/resources/report.py?op=put%26reportID={{$id1}})", 16 17 // Also check that script-src falls back to default-src. 18 "./support/script-src-self.sub.js?id={{$id2:uuid()}}" + 19 "&test-name=default-src 'self'" + 20 "&pipe=sub|header(Content-Security-Policy," + 21 "default-src 'self' ; report-uri " + 22 "/reporting/resources/report.py?op=put%26reportID={{$id2}})"] 23 .forEach(url => { 24 promise_test(async t => { 25 let r = await navigator.serviceWorker.register( 26 url, {scope: "./support/blank.html"}); 27 t.add_cleanup(_ => r.unregister()); 28 let sw = r.active || r.installing || r.waiting; 29 await fetch_tests_from_worker(sw); 30 }); 31 }); 32 </script>